Domain Trust - Single Sign On

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Domain Trust - Single Sign On

Samba - General mailing list
G'day All,

     I am not sure if this is the right place to ask, but here goes.

Back ground:

     The Uni I work at runs their corporate MS AD. I work in the School
of Computing, and we've set up our own AD (Samba4), and have it tailored
to suite our needs. We manage our own accounts separately from the
corporate accounts. However, our dean wants "single-sign on". From his
point of view, that is same usernames and passowrds. From our point of
view same usernames and passwords is fine, however, we need to have the
AD working the way we use it too. Using the corporate AD won't give us
that, and will break almost everything we do.

     So here is the question:

     Is there a way we can get our AD to Ask their AD to authenticate a
user, but still use our AD's users' set up? eg: unix attributes, groups,
group policies etc.

     We've briefly looked at trusts but are not sure it will do what we
want. None of us are AD people, so we are a bit stuck.

     Any hints, ideas, or solutions appreciated

     I guess it boils down to: How would a large corporation have one
source of username/passwords, and multiple separate areas where their
users's attributes, policies, group membership etc are managed separately?

--

Cheers,
David Minard.
Ph:    0247 360 155
Fax:    0247 360 770

ITDS - ACE - SSTaRS
Western Sydney University
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith NSW 2751

[Sometimes waking up just isn't worth the insult of the day to come.]

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba