Authenticating against multiple ADs

[Hodrige]

I would like to know if there is a way that I can setup a UNIX box between two different domains / ADs
Basically we have organization A and organization B.
Each organization has its own infrastructure. We would like to put a server between the two organizations with a share on it, that both organizations can share files on. I would like full rights to only to users that need to have access to that share, the ability to fully login.
So I am thinking that it will be done in such way that users try to connect to the share (drive S and they will be authenticated against KDC “A” if that fails, they will be authenticated against KDC “B”. if that fails they will get a message saying that it failed. I don’t mind creating accounts on the local machine, but I don’t want to have to synchronize passwords, and I can’t have a user with an account on both systems, and I can’t have trusts between the two domains.
I think it could be done using PAM and Kerberos. Any help will be greatly appreciated. I prefer to have that on a Solaris 9 system, but I don’t mind installing it on a Linux system.
Thanks,
Hodrige.

 

[clonny2]

You would have to have 2 copies of samba running. One for each domain. Or setup a trust between the domains and join one of the domains.

>---------------------------------------Lawrence Feldman
SR. QA. Engineer SNAP Appliance
lfeldman@snapappliance.com