Greetings all,
Trying to wrap my head around how a linux laptop interacts with AD/FDS when these are
reachable - and not. Can you all have a look and edit this post as required to bring me
up to speed?
A. User is added to AD
B. WinSync pulls changes to FDS over SSL
1a. Newly added user on Linux laptop logs into laptop plugged into domain LAN
1a.1 pam_krb5 acquires TGT from AD
1a.2 nss_ldap acquires authorization/automount and other map data from FDS (SSL?)
2a. User uses TGT to access NetApp to automount their home directory
Domain login completes. Accessing other kerberized services in an SSO mode functions.
====================
1b. User logs into laptop off LAN
1b.1 pam_unix authenticates the user from passwd/group/shadow and he mounts local home
directory.
Local login completes.
3b. User vpns into office w/ vpnc.
3b.1 accesses various servers/services with domain username/password resolved from FDS -
no kerberos.
Please edit/flesh out as appropriate.
Thanks All,
Christopher