Alfred von Campe wrote:
Creating local accounts with the same UIDs and local home directories solves most of the problems. However, I can't create a local account with useradd while ypbind is running because it complains that that account already exists. Is there a better way to create a local account then "service ypbind stop; useradd...; service ypbind start"? What are other strategies that you use to deal with off- network use in an NIS environment?
I haven't use NIS in a long time but you could just add the account manually by putting it in the passwd/group/shadow file by hand (what I do is build a master set of passwd/group/shadow files and they are replicated to all systems using cfengine).
As for home directories perhaps something like AFS? Though AFS is quite complex(or it was last I looked at it 6 years ago)
from http://en.wikipedia.org/wiki/Andrew_File_System AFS has several benefits over traditional networked file systems, particularly in the areas of security and scalability. It is not uncommon for enterprise AFS cells to exceed fifty thousand clients[citation needed]. AFS uses Kerberos for authentication, and implements access control lists on directories for users and groups. Each client caches files on the local filesystem for increased speed on subsequent requests for the same file. This also allows limited filesystem access in the event of a server crash or a network outage.
--
nate