[Samba] recommendation for a tricky AD/netware setup

[Greg Lehmann]

We have a co-operative project where we have 2 separate organisations
using 2 different server environments. One uses Active Directory and
windows file servers, the other eDirectory and Netware servers. We want
to do a file server that handle users from both domains. It is easy
enough to use kerberos authentication for the Active Directory users and
LDAP to an eDirectory server for the Netware users. Users from both
domains can log in easily enough to the samba server. We have a passwd
file on the fileserver that contains users from both domains but not
passwords themselves (LDAP to eDir and kerberos to AD is used for that.)

I want to know what security model fits best. I have tried ADS and
domain but both only allow the AD users to get at shares. log files show
authentication is rejected because Netware users don't exist in AD. They
actually do exist in AD with different names. I can use the user map
feature to map them but it looks like only kerberos authentication is
being tried, when we need LDAP to happen for the Netware users. The pam
entries look similar for sshd and samba, so I am at a bit of a loss...

I am using SLES 10 with the bundled samba version 3.0.22. Novell OES
would probably handle this fairly easily but we don't have funds for it.

Cheers,

Greg