Hi all I’m doing some work for a client who are moving a bunch of stuff to an IaaS cloud. The cloud provider intends to integrate Linux (RHEL 6.4) with active directory using SSSD. To do this they want to install Identity Management for UNIX (IDMU) on the client’s DCs to allow the linux boxes to use NIS. Problem is IDMU is deprecated in 2012 R2 and removed from 2016: http://blogs.technet.com/b/activedirectoryua/archive/2015/01/25/identity-management-for-unix-idmu-is-deprecated-in-windows-server.aspx which means there would be a hard dependency stopping upgrade to Server 2016 active directory next year, something I am not happy with. MSFT do not appear to be supporting any NIS server integration going forward. Seems odd that the developers of SSSD would not know about this NIS dependency or have a way around it. I’m not that familiar with SSSD but given that (so the cloud provider’s tech says) they are using NIS for group lookups etc I would have thought SSSD would have a solution for this. Has anyone any experience of this, or know what the options might be? Dan Johnson
SSSD, NIS and identity management for UNIX
- 2.2K Views
- Last Post 23 November 2015
So as a Windows guy I had to google NIS to make sure I knew what you were talking about. Essentially NIS is a precursor to AD and LDAP that Sun came up with long before AD and LDAP.
I also use SSSD and Kerberos to join linux to our 2012 R2 AD, authenticate users, apply group policies to linux, and I can look up groups just fine. None of which uses or requires NIS. It’s a bit unclear to
me who really depends on NIS here. AD, SSSD, and Kerberos definitely don’t. Something legacy that the cloud provider requires maybe?
SSSD is an identity/authn daemon sort of like winbind that interfaces to the host through PAM and NSS configuration. I don't understand why they would be using NIS. You can configure both SSSD and winbind to use LDAP for name resolution.
Note that while winbind supports NTLM, SSSD doesn't...