[Novalug] Pam.d / Winbind and services w/Mutliple Domains

Jason Kohles jkohles at palantir.com
Wed Sep 8 12:03:08 EDT 2010 

The idmap_nss man page has a decent example of a multiple domain configuration...

                [global]
                    idmap domains = SAMBA TRUSTEDDOMAINS

                    idmap config SAMBA:backend  = nss
                    idmap config SAMBA:readonly = yes

                    idmap config TRUSTEDDOMAINS:default = yes
                    idmap config TRUSTEDDOMAINS:backend = tdb
                    idmap config TRUSTEDDOMAINS:range   = 10000 - 50000

                    idmap alloc backend      = tdb
                    idmap alloc config:range = 10000 - 50000




On Sep 7, 2010, at 9:07 PM, James Ewing Cottrell 3rd wrote:

First, it occurs to me that for all user names, DOM1\user, DOM2\user, and DOM3\user should all represent the same person.

This is a Pain, but less painful than converting DOM2 and DOM3 to DOM1.

Does that help any?

JIM

On 9/7/2010 11:40 AM, Nick Danger wrote:

We have merged 3 companies into 1. At the moment users are scattered
around the three domains. We have a trust between the three domains.

I currently use pam/winbind to auth users for tacacs. This works great.
But I cannot figure out how to do this against multiple domains.

Do I change smb.conf? Do I do this in pam.d? Or can I simply pass the
domain on the tacacs login so my current AD controller will know I'm
user DOM2\ndanger and not DOM1\ndanger?

My google-fu is giving me lots of answers but nothing that shows
multiple domains or realms.
_______________________________________________
Novalug mailing list
Novalug at calypso.tux.org<mailto:Novalug at calypso.tux.org>
http://calypso.tux.org/mailman/listinfo/novalug



No virus found in this incoming message.
Checked by AVG - www.avg.com<http://www.avg.com/>
Version: 9.0.851 / Virus Database: 271.1.1/3119 - Release Date: 09/07/10 02:34:00



_______________________________________________
Novalug mailing list
Novalug at calypso.tux.org<mailto:Novalug at calypso.tux.org>
http://calypso.tux.org/mailman/listinfo/novalug

_________________________________________________________
Jason Kohles, RHCA
Palantir Technologies | Forward Deployed Engineer
jkohles at palantir.com<mailto:jkohles at palantir.com> | 703.957.5784
_________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20100908/e21d6e89/attachment.html

More information about the Novalug mailing list