Integrated linux domain controller -> http://www.freeipa.org/ Its brilliant! ta, Andrew On 11 June 2014 00:28, Alfred von Campe <alfred at von-campe.com> wrote: > The company where I work is mostly a Windows shop, but I run a few CentOS > servers and desktops. I have configured my systems as follows with > Kickstart: > > authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \ > --nisserver=nis1.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ > --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver= > ldap.XXX.com > > The /etc/nsswitch.conf file looks like this: > > passwd: files nis > shadow: files nis > group: files nis > > The NIS services are provided by the Windows Domain controllers using > Windows > Unix Services (or something similarly named). This allows anyone that’s in > the NIS database to log into any CentOS system with their Windows username > and password. Home directories are automounted from a big NAS box (and are > also available on Windows). This all works great most of the time. > However, > if the network or the NIS server goes down, the CentOS system just hangs. > > For CentOS 7 I'd like to make the systems more robust to network failures. > I could create local accounts (I believe there is a way to autocreate an > account and a home directory upon login), but I'm not sure how to go about > it. This also implies that the home directories will not be shared among > the systems, so ssh keys will have to be manually copied to the local home > directories. Ideally, I'd like to get rid of NIS altogether and use LDAP > and Kerberos for everything, but I don't know if that is feasible. I > think these are the only services that we currently rely on NIS for: > > - passwd file > - group file > - automount maps (including auto.home for home directories) > > Before I go re-inventing the wheel, I'd like to find out how others manage > multiple users on multiple systems using a central service. And in case > it wasn’t obvious, I want to use the same usernames and passwords that are > used in the Windows environment. > > Thanks, > Alfred > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >