On 3/29/2011 2:27 PM, Ray Van Dolson wrote: > >>> That said, if you have a variety of platforms and OS'es to support, >>> Likewise is a great option... (never tried Centrify) >> >> Do either/both of these let you add accounts for the Linux side that >> don't propagate back to AD? I'd like something to use in a lab so >> existing users/passwords didn't take extra work but we could still add >> accounts that don't exist (and we don't want) in AD. Easy hooks for >> apache and java web services to see the combined accounts would be a big >> plus. > > My understanding is you'd have to rely on local accounts or a second > centralized authentication source (probably done via NSS not via > Likewise directly). > > Maybe allowing the accounts to float back to AD but somehow restricting > them for Unix login use only... > > (We have a long-standing project to migrate off NIS to AD-only -- > preserving UID's/GID's and defining the sort of access requirements you > describe is a bit of a challenge). I thought I had seen tools that can proxy LDAP services to multiple backends, with one of them being AD but at the time it seemed too complicated so I set up pam_smb and mod_auth_pam in apache (and set up apache to not require account info). That lets me add local accounts to a machine for the people who either need login-type services or aren't in AD and still accept passwords that are in AD. But, it has to be repeated per machine and I don't have java web services working with it. What I'd like to have is an LDAP server or even a separate AD server to manage extra users and then a proxy service that combines the logins from both sources for any number of clients. Basically I want to trust both authentication sources, but not add mine to the main AD or have it trust mine, and I want it in a way that apache, java, etc. already understand, besides being usable for login service. -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos