On Mar 18, 2011, at 8:31 AM, "MOKRANI Rachid" rachid.mokrani@ifpen.fr wrote:
Hi,
I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid.
How to move 1000 actual NIS users to AD ? How to keep the same id and gid for this 1000 users ? What's happen with nfs linux server and acess with gid and/id ? Use the same user/password for linux and Windows clients authentification?
We test a solution who work very well. It's Centrify comercial software http://www.centrify.com/directcontrol/overview.asp . But we are looking a freeware solution. (kerberos ? openldap ? pam ? ...)
Does someone has already successfully replace NIS by Ad authentification with freeware solution ?
Instead of replacing NIS I extended it.
I setup a winbind box that did RID mapping from AD and exported those into NIS maps, sans passwords.
I then setup Kerberos on all boxes to authenticate against AD, samba managed the keytab files.
With this I got auto UID/GID generation, my AD users and groups automatically appear and disappear from the NIS maps and I can use those maps for multiple platforms.
Simple, yet effective.
-Ross