[CentOS] How to configure user accounts without NIS

Tue Jun 10 22:46:16 UTC 2014
Eero Volotinen <eero.volotinen at iki.fi>

2014-06-11 1:28 GMT+03:00 Alfred von Campe <alfred at von-campe.com>:

> The company where I work is mostly a Windows shop, but I run a few CentOS
> servers and desktops.  I have configured my systems as follows with
> Kickstart:
>   authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \
>   --nisserver=nis1.XXX.com,nis2.XXX.com  --useshadow --enablekrb5 \
>   --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=
> ldap.XXX.com
> The /etc/nsswitch.conf file looks like this:
>   passwd:     files nis
>   shadow:     files nis
>   group:      files nis
> The NIS services are provided by the Windows Domain controllers using
> Windows
> Unix Services (or something similarly named).  This allows anyone that’s in
> the NIS database to log into any CentOS system with their Windows username
> and password.  Home directories are automounted from a big NAS box (and are
> also available on Windows).  This all works great most of the time.
>  However,
> if the network or the NIS server goes down, the CentOS system just hangs.
> For CentOS 7 I'd like to make the systems more robust to network failures.
> I could create local accounts (I believe there is a way to autocreate an
> account and a home directory upon login), but I'm not sure how to go about
> it.  This also implies that the home directories will not be shared among
> the systems, so ssh keys will have to be manually copied to the local home
> directories.  Ideally, I'd like to get rid of NIS altogether and use LDAP
> and Kerberos for everything, but I don't know if that is feasible.  I
> think these are the only services that we currently rely on NIS for:

Well, you can just authenticate against AD, it works fine on RHEL 5/6 ..

See your private mail for instructions.