Multiple realm support
Wachdorf, Daniel R
drwachd at sandia.gov
Tue Oct 28 21:36:26 GMT 2003
I posted a similar question to the samba users list but didn't get a
response.
I am wondering if it is possible to support multiple realms for user account
mappings when using security=ads. For example: I have two AD realms with
forest trust, ad1.domain.com and ad2.domain.com. I have a samba server,
host.ad1.domain.com which has the account user. When user logs into
ad2.domain.com and tries to connect to host.ad1.domain.com, he gets all the
necessary Kerberos tickets, but gets reject by the samba server with the
message "user ad2.domain.com/user is invalid on this system".
Is it possible to map multiple domains to a single user. I think this might
be test accomplished with the call krb5_aname_to_localname().
--------------------------------------
Daniel Wachdorf
drwachd at sandia.gov
Sandia National Laboratories
System Security Research and Integration
505-284-8060
More information about the samba-technical
mailing list