[Samba] Re: Linux Authentication Ideas

Linux Addict linuxaddict7 at gmail.com
Thu Jul 17 13:55:25 GMT 2008

Volker Lendecke wrote:
> On Thu, Jul 17, 2008 at 09:37:49AM -0400, Linux Addict wrote:
>> Linux Addict wrote:
>>> Hello Everyone, I have been tasked to work on consolidating 
>>> authentication to achieve single sign-on using Active Directory.
>>> We have mix of Linux and Windows Hosts.  All Linux hosts do local 
>>> authentication currently and Windows hosts authenticates Active 
>>> directory.
>>> I have been thinking of using Samba to authenticate Linux Hosts 
>>> against Active Directory. I am fairly confident of configuring 
>>> straight Linux to AD authentication. But we have 2 Active Directory 
>>> forests. AD2 is trusted by AD1 and all the Linux hosts will be part of 
>>> AD1.
>>> The idea is to have a AD1 resource and AD2 users. So we will need 
>>> Linux Hosts to authenticate users of both AD1 and AD2.  I am not sure 
>>> about how to map uid/gid and also weather kerboros will be able to 
>>> authenticate both Domains.
>>> If you guys can throw some ideas on how to achieve this, that will be 
>>> great.
>>> Cheers, LA
>> Pump.. sorry.. I haven't heard from anyone.
> If both trust each other, shouldn't it just plain work?
> Volker
Thanks for your response. 

No.. Its one  way trust. Using kerboros authntication, doesn't seem to 
be working for the users of Trusted Domain users as Default domain 
option on krb5.conf appends the domain name. But winbind works, I am ok 
with that. But I am having issues mapping uid/gid consistent across 
network for . Also, the tdb files seems to be corrupted frequently.

More information about the samba mailing list