[CentOS] nfs4, idmapd, users with same name, different uid?

Wed Aug 28 18:39:19 UTC 2013
natxo asenjo <natxo.asenjo at gmail.com>

On 08/28/2013 08:24 PM, Les Mikesell wrote:

> This is a very tiny subset (mostly) of a corporate network where the
> larger things are handled by active directory.  But, for various
> non-technical reasons I don't want these machines to have to  'join'
> AD.  Kerberos will sort-of work without joining, but doesn't seem
> usable for exporting samba shares - and then anyone added locally
> wouldn't work without the uid matching anyway.   Is there a way to set
> up an LDAP server with a few local users but that mostly does a proxy
> to AD?   And if I did, would users be able to map their home
> directories as samba shares with the authentication it provides
> without joining AD?

you could install the IdM solution and create a cross realm trust
between both domains. Not trivial, but would do what you want to


You would need cooperation from your AD admins though. That might be a
problem in some environments.

It is quite a big project, though.