On Mon, Feb 23, 2015 at 11:22 AM, Niki Kovacs <info at microlinux.fr> wrote: > Hi, > > Over the last few years, I've been using a rather bone-headed solution to > implement centralized authentication and roamin user profiles in Linux-based > networks: a combination of NIS and NFS. > > I'm aware it's not ideal in terms of security, but it's been running in our > local school since 2010, and it just works. The current setup is based on > Slackware Linux on both server and desktop clients. > > Here's the relevant documentation (which I wrote): > > http://docs.slackware.com/howtos:network_services:roaming_profiles > > BTW, the first two years this solution worked perfectly with CentOS 5.x on > the server and on the desktop clients. > > I'm currently migrating from Slackware to CentOS, and I'm looking for a > "business-grade" replacement of this more or less obsolete configuration. > > I've read about various existing solutions, and I'm not quite sure in which > direction to go from here: FreeIPA? 389 Directory Server? LDAP+LAM-Manager? > > Here's what I want: > > 1. Users should be manageable through a GUI, probably a web interface, so > the client can create, manage and delete them eventually. > > 2. Home directories should be created/deleted automagically under the hood. > > 3. Every user should be able to login on any machines and find his or her > files and preferences. > > What can you suggest? Is there some robust and well-documented solution that > works more or less out of the box and doesn't make me jump through burning > loops? > > I'm mainly using CentOS 7, but I'll also have to use CentOS 6.x since in our > school we have some older hardware that won't run 7.x. > IMHO, ldap(+kerberos) and nfsv4 with autofs should do the trick. You can tell NFSv4 to use kerberos not only to authenticate but also protect/encrypt the connection. Then, user logs in and homedir is automagically mounted. For ldap+kerberos in centos, freeipa might do what you want. It has a web-based gui and works rather well in centos. FYI freeip uses 389 directory server instead of openldap. > Cheers from the sunny South of France, > I haven't been in that corner of the world in ages. :( > Niki Kovacs > -- > Microlinux - Solutions informatiques 100% Linux et logiciels libres > 7, place de l'église - 30730 Montpezat > Web : http://www.microlinux.fr > Mail : info at microlinux.fr > Tél. : 04 66 63 10 32 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos