[CentOS] How to configure user accounts without NIS

Tue Jun 10 22:39:14 UTC 2014
Andrew Holway <andrew.holway at gmail.com>

Integrated linux domain controller -> http://www.freeipa.org/

Its brilliant!



On 11 June 2014 00:28, Alfred von Campe <alfred at von-campe.com> wrote:

> The company where I work is mostly a Windows shop, but I run a few CentOS
> servers and desktops.  I have configured my systems as follows with
> Kickstart:
>   authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \
>   --nisserver=nis1.XXX.com,nis2.XXX.com  --useshadow --enablekrb5 \
>   --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=
> ldap.XXX.com
> The /etc/nsswitch.conf file looks like this:
>   passwd:     files nis
>   shadow:     files nis
>   group:      files nis
> The NIS services are provided by the Windows Domain controllers using
> Windows
> Unix Services (or something similarly named).  This allows anyone that’s in
> the NIS database to log into any CentOS system with their Windows username
> and password.  Home directories are automounted from a big NAS box (and are
> also available on Windows).  This all works great most of the time.
>  However,
> if the network or the NIS server goes down, the CentOS system just hangs.
> For CentOS 7 I'd like to make the systems more robust to network failures.
> I could create local accounts (I believe there is a way to autocreate an
> account and a home directory upon login), but I'm not sure how to go about
> it.  This also implies that the home directories will not be shared among
> the systems, so ssh keys will have to be manually copied to the local home
> directories.  Ideally, I'd like to get rid of NIS altogether and use LDAP
> and Kerberos for everything, but I don't know if that is feasible.  I
> think these are the only services that we currently rely on NIS for:
>   - passwd file
>   - group file
>   - automount maps (including auto.home for home directories)
> Before I go re-inventing the wheel, I'd like to find out how others manage
> multiple users on multiple systems using a central service.  And in case
> it wasn’t obvious, I want to use the same usernames and passwords that are
> used in the Windows environment.
> Thanks,
> Alfred
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos