[Novalug] Pam.d / Winbind and services w/Mutliple Domains
nick at hackermonkey.com
Tue Sep 7 22:24:10 EDT 2010
On 09/07/2010 09:07 PM, James Ewing Cottrell 3rd wrote:
> First, it occurs to me that for all user names, DOM1\user, DOM2\user,
> and DOM3\user should all represent the same person.
> This is a Pain, but less painful than converting DOM2 and DOM3 to DOM1.
> Does that help any?
Unfortunately, no. Because while you are correct, that DOM1\user and
DOM2\user should be the same, that is not my issue. Really there is no
duplicates of user ID's between the domains (already checked that one
out). Currently when doing tacacs auth, I just accept the user name, and
krb5 appends the domain on it before validating the user/pass pair for
me. What I want to do is have it try a series of domains before
returning 'valid' or 'invalid'.
Amusingly I just discovered I cannot reach any of the other domain
controllers from the tacacs server in question, so this whole exercise
might be moot.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Novalug