On Wed, Aug 28, 2013 at 1:10 PM, natxo asenjo <natxo.asenjo@xxxxxxxxx> wrote:
>
>>> I have no experience with idmapd in linux, but in solaris and netapp it
>>> gets ugly quite easily :-)
>>>
>> It also works with same UID-s on server/client, just setting the
>> domainname in idmapd.conf. Ldap is not obligatory.
>
> that's why I wrote 'synchronize your password file to eternity' ;-)
>
> But really, don't do that, use a central store. Much easier unless you
> have a very very tiny network (but those tend to grow unexpectedly).
This is a very tiny subset (mostly) of a corporate network where the
larger things are handled by active directory. But, for various
non-technical reasons I don't want these machines to have to 'join'
AD. Kerberos will sort-of work without joining, but doesn't seem
usable for exporting samba shares - and then anyone added locally
wouldn't work without the uid matching anyway. Is there a way to set
up an LDAP server with a few local users but that mostly does a proxy
to AD? And if I did, would users be able to map their home
directories as samba shares with the authentication it provides
without joining AD?
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
