I've got a new CentOS 7 server going into a remote location. I have local servers that authenticate against Active Directory (2012 if it matters) using winbindd. I'd like to have some method of using AD on the remote server, but I need to be able to access it if the network path to the AD servers is down. sssd caching won't do AFAIK (since that's just a cache that times out). This server is going to have out-of-band network access for remote management in case of network failure, so having access to it when it can't reach AD is its primary purpose. I'd like to use our existing AD setup (rather than manage local users) to make it easier to manage users/passwords. Is there a relatively simple method to replicate a chunk of the AD users/passwords to a remote CentOS server (I don't care about the SSO side of things)? Or is there some other way to solve this problem? -- Chris Adams <linux at cmadams.net>
----- Original Message ----- | I've got a new CentOS 7 server going into a remote location. I have | local servers that authenticate against Active Directory (2012 if it | matters) using winbindd. I'd like to have some method of using AD on | the remote server, but I need to be able to access it if the network | path to the AD servers is down. sssd caching won't do AFAIK (since | that's just a cache that times out). | | This server is going to have out-of-band network access for remote | management in case of network failure, so having access to it when it | can't reach AD is its primary purpose. I'd like to use our existing AD | setup (rather than manage local users) to make it easier to manage | users/passwords. | | Is there a relatively simple method to replicate a chunk of the AD | users/passwords to a remote CentOS server (I don't care about the SSO | side of things)? Or is there some other way to solve this problem? | | -- | Chris Adams <linux at cmadams.net> Disconnected operation may require you to have a local authentication service. For that I would suggest FreeIPA which can become a Tier-1 member of an Active Directory service. -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 604-365-6432 Fax : 778-782-3045 E-Mail : jpeltier at sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology