[CentOS] nfs4, idmapd, users with same name, different uid?

Wed Aug 28 18:24:55 UTC 2013
Les Mikesell <lesmikesell at gmail.com>

On Wed, Aug 28, 2013 at 1:10 PM, natxo asenjo <natxo.asenjo at gmail.com> wrote:
>>> I have no experience with idmapd in linux, but in solaris and netapp it
>>> gets ugly quite easily :-)
>> It also works with same UID-s on server/client, just setting the
>> domainname in idmapd.conf. Ldap is not obligatory.
> that's why I wrote 'synchronize your password file to eternity' ;-)
> But really, don't do that, use a central store. Much easier unless you
> have a very very tiny network (but those tend to grow unexpectedly).

This is a very tiny subset (mostly) of a corporate network where the
larger things are handled by active directory.  But, for various
non-technical reasons I don't want these machines to have to  'join'
AD.  Kerberos will sort-of work without joining, but doesn't seem
usable for exporting samba shares - and then anyone added locally
wouldn't work without the uid matching anyway.   Is there a way to set
up an LDAP server with a few local users but that mostly does a proxy
to AD?   And if I did, would users be able to map their home
directories as samba shares with the authentication it provides
without joining AD?

    Les Mikesell
     lesmikesell at gmail.com