----- Original Message ----- | I've got a new CentOS 7 server going into a remote location. I have | local servers that authenticate against Active Directory (2012 if it | matters) using winbindd. I'd like to have some method of using AD on | the remote server, but I need to be able to access it if the network | path to the AD servers is down. sssd caching won't do AFAIK (since | that's just a cache that times out). | | This server is going to have out-of-band network access for remote | management in case of network failure, so having access to it when it | can't reach AD is its primary purpose. I'd like to use our existing AD | setup (rather than manage local users) to make it easier to manage | users/passwords. | | Is there a relatively simple method to replicate a chunk of the AD | users/passwords to a remote CentOS server (I don't care about the SSO | side of things)? Or is there some other way to solve this problem? | | -- | Chris Adams linux@cmadams.net

Disconnected operation may require you to have a local authentication service. For that I would suggest FreeIPA which can become a Tier-1 member of an Active Directory service.