Multiple realm support
Gerald (Jerry) Carter
jerry at samba.org
Thu Oct 30 15:12:46 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Wachdorf, Daniel R wrote:
| I am wondering if it is possible to support multiple
| realms for user account mappings when using security=ads. For
| example: I have two AD realms with forest trust, ad1.domain.com
| and ad2.domain.com. I have a samba server,
| host.ad1.domain.com which has the account user. When user
| logs into ad2.domain.com and tries to connect to host.ad1.domain.com,
| he gets all the necessary Kerberos tickets, but gets reject by
| the samba server with the message "user ad2.domain.com/user
| is invalid on this system".
| Is it possible to map multiple domains to a single user.
I fixed a case post 3.0.0 so that there is an implicit mapping
between users logging on via AD krb5 support and usernames on
the local system.
So in 3.0.1 user at realm1.com and user at realm2.com would map
to the same 'user' in /etc/passwd (assuming you are not running winbindd).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical