We use NIS (ypbind) and Kerberos at work for all our Linux and Unix systems. Home directories are mounted via autofs from an NIS map. Everything works just fine as long as all network resources are available (however, things turn ugly when the NIS servers are not reachable). Some users also want to start using laptops and bring them home or on trips to continue working while not at the office. Of course, their home directories won't be available and neither will other network resources.
Creating local accounts with the same UIDs and local home directories solves most of the problems. However, I can't create a local account with useradd while ypbind is running because it complains that that account already exists. Is there a better way to create a local account then "service ypbind stop; useradd...; service ypbind start"? What are other strategies that you use to deal with off- network use in an NIS environment?
Alfred
Alfred von Campe wrote:
Creating local accounts with the same UIDs and local home directories solves most of the problems. However, I can't create a local account with useradd while ypbind is running because it complains that that account already exists. Is there a better way to create a local account then "service ypbind stop; useradd...; service ypbind start"? What are other strategies that you use to deal with off- network use in an NIS environment?
I haven't use NIS in a long time but you could just add the account manually by putting it in the passwd/group/shadow file by hand (what I do is build a master set of passwd/group/shadow files and they are replicated to all systems using cfengine).
As for home directories perhaps something like AFS? Though AFS is quite complex(or it was last I looked at it 6 years ago)
from http://en.wikipedia.org/wiki/Andrew_File_System AFS has several benefits over traditional networked file systems, particularly in the areas of security and scalability. It is not uncommon for enterprise AFS cells to exceed fifty thousand clients[citation needed]. AFS uses Kerberos for authentication, and implements access control lists on directories for users and groups. Each client caches files on the local filesystem for increased speed on subsequent requests for the same file. This also allows limited filesystem access in the event of a server crash or a network outage.
--
nate
On Wed, Aug 27, 2008 at 08:45:05PM -0400, Alfred von Campe wrote:
We use NIS (ypbind) and Kerberos at work for all our Linux and Unix systems. Home directories are mounted via autofs from an NIS map. Everything works just fine as long as all network resources are available (however, things turn ugly when the NIS servers are not reachable).
Yes, NIS and autofs/NFS are usefull, but only in a fully connected environment.
What are other strategies that you use to deal with off-network use in an NIS environment?
I would suggest you configure their laptops outside of your NIS/autofs/NFS environment, create them specific accounts on the laptops, and make them use replication of their office home directories and resources on the laptop with Unison [1] (and ssh as a transport). This way, before they gome home/outside, they replicate from office to laptop their files; when they go back to office, they push back the modifications.
In my lab, this stragegy works well since years.
[1] http://www.cis.upenn.edu/~bcpierce/unison/