[CentOS] Remote auth against Active Directory

Thu Sep 10 23:35:25 UTC 2015
James A. Peltier <jpeltier at sfu.ca>

----- Original Message -----
| I've got a new CentOS 7 server going into a remote location.  I have
| local servers that authenticate against Active Directory (2012 if it
| matters) using winbindd.  I'd like to have some method of using AD on
| the remote server, but I need to be able to access it if the network
| path to the AD servers is down.  sssd caching won't do AFAIK (since
| that's just a cache that times out).
| 
| This server is going to have out-of-band network access for remote
| management in case of network failure, so having access to it when it
| can't reach AD is its primary purpose.  I'd like to use our existing AD
| setup (rather than manage local users) to make it easier to manage
| users/passwords.
| 
| Is there a relatively simple method to replicate a chunk of the AD
| users/passwords to a remote CentOS server (I don't care about the SSO
| side of things)?  Or is there some other way to solve this problem?
| 
| --
| Chris Adams <linux at cmadams.net>

Disconnected operation may require you to have a local authentication service.  For that I would suggest FreeIPA which can become a Tier-1 member of an Active Directory service.

-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 604-365-6432
Fax     : 778-782-3045
E-Mail  : jpeltier at sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology