On Mar 18, 2011, at 8:31 AM, "MOKRANI Rachid" <rachid.mokrani at ifpen.fr> wrote: > Hi, > > I'm looking a wiki or share experience for replace NIS authentication by > an existing Active directory Server (W2003). The problem is on the > management of id and gid. > > How to move 1000 actual NIS users to AD ? > How to keep the same id and gid for this 1000 users ? > What's happen with nfs linux server and acess with gid and/id ? > Use the same user/password for linux and Windows clients > authentification? > > > We test a solution who work very well. It's Centrify comercial software > http://www.centrify.com/directcontrol/overview.asp . But we are looking > a freeware solution. (kerberos ? openldap ? pam ? ...) > > Does someone has already successfully replace NIS by Ad authentification > with freeware solution ? Instead of replacing NIS I extended it. I setup a winbind box that did RID mapping from AD and exported those into NIS maps, sans passwords. I then setup Kerberos on all boxes to authenticate against AD, samba managed the keytab files. With this I got auto UID/GID generation, my AD users and groups automatically appear and disappear from the NIS maps and I can use those maps for multiple platforms. Simple, yet effective. -Ross