Ok, this is a bit complicate, but I’ll try to explain:
We have two domains - let’s called them A and B. Some people have users on both domains.
The usernames, uid and gid are totally different across domains.
There’s a desire to allow the users on domain B to mount shares from domain A.
Reading SSSD’s documentation, it seems trivial that one machine can be configured for two
domains.
But suppose my user is francaug@domainB on the B domain, and francis@domainA. Let’s say I
want to mount my_dir, exported with nfs4 from domain A. I could most likely get kerberos
tickets, use NFS4 to mount it on domainB.
Will I, as francaug@domainB, be able to actually use (read, write, delete) these files,
since our posix attributes are completely different? Any other way to solve it here, such
as by using NFSv4 ACL attributes?
Or is there any alternative, such as using regex rules so that users are matched? Or
translating/mapping uid's and gid’s?
Right now I don’t know exactly what to focus on - the only vague requirement for this task
is that a person who has a user on domain B and is logged to a domainB-bound machine
should be able to mount a share from domain A. I have the feeling that mount is trivial,
but access is going to bite…
Any tips?
Best,
Francis
Show replies by date