Authenticating against multiple ADs

forums forums at
Fri Apr 23 02:22:50 GMT 2004

I would like to know if there is a way that I can setup a UNIX box
between two different domains / ADs
Basically we have organization A and organization B.
Each organization has its own infrastructure. We would like to put a
server between the two organizations with a share on it, that both
organizations can share files on. I would like full rights to only to
users that need to have access to that share, the ability to fully
So I am thinking that it will be done in such way that users try to
connect to the share (drive S:) and they will be authenticated against
KDC "A" if that fails, they will be authenticated against KDC "B". if 
that fails they will get a message saying that it failed. I don't mind
creating accounts on the local machine, but I don't want to have to
synchronize passwords, and I can't have a user with an account on both
systems, and I can't have trusts between the two domains.
I think it could be done using PAM and Kerberos. Any help will be
greatly appreciated. I prefer to have that on a Solaris 9 system, but
I don't mind installing it on a Linux system.

[This E-mail scanned for viruses]

More information about the samba-technical mailing list