----- Original Message ----- | We currently use a combination of Kerberos and NIS to manage users on our | CentOS 6 systems in a Windows AD environment. NIS is provided by Windows | Services for UNIX (or something named similarly), which has some issues, and | is also not going to be supported by Microsoft in the future. NIS supplies | the passed file as well as the auto mount map for home directories as shown | by this excerpt from our /etc/nsswitch.conf file: | | passwd: files nis | shadow: files nis | group: files nis | | Our systems are configured using something similar to the following in our | Kickstart config file: | | authconfig --enablemd5 --passalgo=sha512 --enablenis —nisdomain=XXX \ | --nisserver=nis.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ | --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com | <http://ldap.xxx.com/> | | where nis1 and nis2 are the local AD domain controllers. With this | configuration, any user can log into any CentOS system, and their home | directory is automatically mounted over NFS with autofs. This works great, | except for when the network is down and/or the home directory NFS server is | not available, when the systems pretty much just hang. It’s also only good | for workstations and servers, but not laptops that may not be on the | network. | | I would like to move to CentOS 7 and a model where we don’t use NIS at all, | the users and (local) home directories are automatically created on login | using the UID stored on the LDAP server. Before I re-invent the wheel, has | somebody done this already? If so, can you share the authconfig line from | your Kickstart file? To summarize, I’d like to: | | Use LDAP/Kerberos provided by Windows AD servers to authenticate users | Automatically create accounts/home directories upon first login | Not require the system to be on the network (provided the user has logged in | at least once to create the account locally) | | Thanks in advance for any suggestions/examples. | | Alfred | | _______________________________________________ | CentOS mailing list | CentOS at centos.org | http://lists.centos.org/mailman/listinfo/centos | You can feel free to contact me off list and we can let you know what we are doing to keep our NIS/AD environment in sync. ;) -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 604-365-6432 Fax : 778-782-3045 E-Mail : jpeltier at sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology