On 08/28/2013 08:24 PM, Les Mikesell wrote:
This is a very tiny subset (mostly) of a corporate network where the larger things are handled by active directory. But, for various non-technical reasons I don't want these machines to have to 'join' AD. Kerberos will sort-of work without joining, but doesn't seem usable for exporting samba shares - and then anyone added locally wouldn't work without the uid matching anyway. Is there a way to set up an LDAP server with a few local users but that mostly does a proxy to AD? And if I did, would users be able to map their home directories as samba shares with the authentication it provides without joining AD?
you could install the IdM solution and create a cross realm trust between both domains. Not trivial, but would do what you want to accomplish.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/...
You would need cooperation from your AD admins though. That might be a problem in some environments.
It is quite a big project, though.