The company where I work is mostly a Windows shop, but I run a few CentOS
servers and desktops. I have configured my systems as follows with Kickstart:
authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \
--nisserver=nis1.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \
--krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com
The /etc/nsswitch.conf file looks like this:
passwd: files nis
shadow: files nis
group: files nis
The NIS services are provided by the Windows Domain controllers using Windows
Unix Services (or something similarly named). This allows anyone that’s in
the NIS database to log into any CentOS system with their Windows username
and password. Home directories are automounted from a big NAS box (and are
also available on Windows). This all works great most of the time. However,
if the network or the NIS server goes down, the CentOS system just hangs.
For CentOS 7 I'd like to make the systems more robust to network failures.
I could create local accounts (I believe there is a way to autocreate an
account and a home directory upon login), but I'm not sure how to go about
it. This also implies that the home directories will not be shared among
the systems, so ssh keys will have to be manually copied to the local home
directories. Ideally, I'd like to get rid of NIS altogether and use LDAP
and Kerberos for everything, but I don't know if that is feasible. I
think these are the only services that we currently rely on NIS for:
- passwd file
- group file
- automount maps (including auto.home for home directories)
Before I go re-inventing the wheel, I'd like to find out how others manage
multiple users on multiple systems using a central service. And in case
it wasn’t obvious, I want to use the same usernames and passwords that are
used in the Windows environment.
Thanks,
Alfred
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
