2014-06-11 1:28 GMT+03:00 Alfred von Campe <alfred at von-campe.com>: > The company where I work is mostly a Windows shop, but I run a few CentOS > servers and desktops. I have configured my systems as follows with > Kickstart: > > authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \ > --nisserver=nis1.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ > --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver= > ldap.XXX.com > > The /etc/nsswitch.conf file looks like this: > > passwd: files nis > shadow: files nis > group: files nis > > The NIS services are provided by the Windows Domain controllers using > Windows > Unix Services (or something similarly named). This allows anyone that’s in > the NIS database to log into any CentOS system with their Windows username > and password. Home directories are automounted from a big NAS box (and are > also available on Windows). This all works great most of the time. > However, > if the network or the NIS server goes down, the CentOS system just hangs. > > For CentOS 7 I'd like to make the systems more robust to network failures. > I could create local accounts (I believe there is a way to autocreate an > account and a home directory upon login), but I'm not sure how to go about > it. This also implies that the home directories will not be shared among > the systems, so ssh keys will have to be manually copied to the local home > directories. Ideally, I'd like to get rid of NIS altogether and use LDAP > and Kerberos for everything, but I don't know if that is feasible. I > think these are the only services that we currently rely on NIS for: > Well, you can just authenticate against AD, it works fine on RHEL 5/6 .. See your private mail for instructions. -- Eero