[CentOS] nfs4, idmapd, users with same name, different uid?

natxo asenjo natxo.asenjo at gmail.com
Wed Aug 28 18:39:19 UTC 2013


On 08/28/2013 08:24 PM, Les Mikesell wrote:

> This is a very tiny subset (mostly) of a corporate network where the
> larger things are handled by active directory.  But, for various
> non-technical reasons I don't want these machines to have to  'join'
> AD.  Kerberos will sort-of work without joining, but doesn't seem
> usable for exporting samba shares - and then anyone added locally
> wouldn't work without the uid matching anyway.   Is there a way to set
> up an LDAP server with a few local users but that mostly does a proxy
> to AD?   And if I did, would users be able to map their home
> directories as samba shares with the authentication it provides
> without joining AD?

you could install the IdM solution and create a cross realm trust
between both domains. Not trivial, but would do what you want to
accomplish.

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/

You would need cooperation from your AD admins though. That might be a
problem in some environments.

It is quite a big project, though.


-- 
groet,
natxo



More information about the CentOS mailing list