[Samba] Domain Trust - Single Sign On

[David Minard]

G'day All,

     I am not sure if this is the right place to ask, but here goes.

Back ground:

     The Uni I work at runs their corporate MS AD. I work in the School 
of Computing, and we've set up our own AD (Samba4), and have it tailored 
to suite our needs. We manage our own accounts separately from the 
corporate accounts. However, our dean wants "single-sign on". From his 
point of view, that is same usernames and passowrds. From our point of 
view same usernames and passwords is fine, however, we need to have the 
AD working the way we use it too. Using the corporate AD won't give us 
that, and will break almost everything we do.

     So here is the question:

     Is there a way we can get our AD to Ask their AD to authenticate a 
user, but still use our AD's users' set up? eg: unix attributes, groups, 
group policies etc.

     We've briefly looked at trusts but are not sure it will do what we 
want. None of us are AD people, so we are a bit stuck.

     Any hints, ideas, or solutions appreciated

     I guess it boils down to: How would a large corporation have one 
source of username/passwords, and multiple separate areas where their 
users's attributes, policies, group membership etc are managed separately?

-- 

Cheers,
David Minard.
Ph:    0247 360 155
Fax:    0247 360 770

ITDS - ACE - SSTaRS
Western Sydney University
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith NSW 2751

[Sometimes waking up just isn't worth the insult of the day to come.]

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.