We currently use a combination of Kerberos and NIS to manage users on our CentOS 6 systems in a Windows AD environment. NIS is provided by Windows Services for UNIX (or something named similarly), which has some issues, and is also not going to be supported by Microsoft in the future. NIS supplies the passed file as well as the auto mount map for home directories as shown by this excerpt from our /etc/nsswitch.conf file:
passwd: files nis shadow: files nis group: files nis Our systems are configured using something similar to the following in our Kickstart config file: authconfig --enablemd5 --passalgo=sha512 --enablenis —nisdomain=XXX \ --nisserver=nis.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com <http://ldap.xxx.com/> where nis1 and nis2 are the local AD domain controllers. With this configuration, any user can log into any CentOS system, and their home directory is automatically mounted over NFS with autofs. This works great, except for when the network is down and/or the home directory NFS server is not available, when the systems pretty much just hang. It’s also only good for workstations and servers, but not laptops that may not be on the network. I would like to move to CentOS 7 and a model where we don’t use NIS at all, the users and (local) home directories are automatically created on login using the UID stored on the LDAP server. Before I re-invent the wheel, has somebody done this already? If so, can you share the authconfig line from your Kickstart file? To summarize, I’d like to: Use LDAP/Kerberos provided by Windows AD servers to authenticate users Automatically create accounts/home directories upon first login Not require the system to be on the network (provided the user has logged in at least once to create the account locally) Thanks in advance for any suggestions/examples. Alfred _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
