[CentOS] Remote auth against Active Directory

Thu Sep 10 19:42:33 UTC 2015
Chris Adams <linux at cmadams.net>

I've got a new CentOS 7 server going into a remote location.  I have
local servers that authenticate against Active Directory (2012 if it
matters) using winbindd.  I'd like to have some method of using AD on
the remote server, but I need to be able to access it if the network
path to the AD servers is down.  sssd caching won't do AFAIK (since
that's just a cache that times out).

This server is going to have out-of-band network access for remote
management in case of network failure, so having access to it when it
can't reach AD is its primary purpose.  I'd like to use our existing AD
setup (rather than manage local users) to make it easier to manage
users/passwords.

Is there a relatively simple method to replicate a chunk of the AD
users/passwords to a remote CentOS server (I don't care about the SSO
side of things)?  Or is there some other way to solve this problem?

-- 
Chris Adams <linux at cmadams.net>