On Fri, 18 Mar 2011, MOKRANI Rachid wrote:
Hi,
I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid.
How to move 1000 actual NIS users to AD ?
Create matching accounts in AD. This is standard Active Directory stuff, there really aren't any gotchas I can think of.
How to keep the same id and gid for this 1000 users ?
Make sure the SFU attributes have the correct values. You can do all this through LDAP as far as I know. Alternatively remap all your UIDs/GIDs and switch to a RID mapping scheme instead. You need to think about how you're planning on working in the future.
What's happen with nfs linux server and acess with gid and/id ?
It works exactly the same as it does now.
Use the same user/password for linux and Windows clients authentification?
Feel free to use windbind or pam_krb5 for authentication, both easy to setup. You'll need nss_ldap with pam_krb5, but winbind can do the whole bag.
Does someone has already successfully replace NIS by Ad authentification with freeware solution ?
Probably the easiest it to use winbind, but we use nss_ldap and pam_krb5. There's plenty of documentation on how to do this out there.
jh