Quote:
Originally Posted by chrism01
Post #22 is 4(!) yrs old ... don't hold your breath.
|
I think he's talking about Post #15, which is pretty stinkin' old, too.
If folks have questions about the way I set it up, I'll answer questions in my thread in post #22 because, imo, it's still relevant.
I'm now using AD's Kerberos for the auth and AD's LDAP for user attribute storage, instead of LDAP auth.
I auth about 200 Linux machines and a few Solaris 10 machines using this mechanism. I have not performed any performance tweaks other than adding "referrals off" in ldap.conf for a multi-site domain. I don't have thousands, or even hundreds of users authenticating, so what works for me may not work for you.
FYI: I've had problems on RHEL involving system message bus not wanting to start on boot if ldap is inaccessible. I actually have to iLO into my machines, boot with single user mode, turn off ldap in nsswitch.conf, boot, then enable it once I get into multi-user mode. There seems to be a patch or a workaround, see:
https://bugzilla.redhat.com/show_bug.cgi?id=186527, but I haven't used it as the problem has only occurred once in the last year.
AD auth works phenomenally on Solaris 10 amd64.