On Tue, Aug 5, 2014 at 3:17 PM, Eero Volotinen <[log in to unmask]> wrote:
>
>
>
> 2014-08-05 20:29 GMT+03:00 Paul Robert Marino <[log in to unmask]>:
>
>> I've never heard of SCCM but the Microsoft's AD thing is doable but
>> difficult.
>>
>
> Doable, not difficult as it required only authconfig command twice.
>
> man authconfig

authconfig is *extremely* limited. Any sophisticated *removal* of
prevous Kerberos configurations, for example, requires manual editing
or managed redeployment of /etc/krb5.conf. And don't get me *started*
on tuning the Linux password policies in /etc/pam.d if anyone runs
authconfig to enable something else, like Kerberos or NIS or LDAP.

Not a full AD integration, but I've had good success with managing
user accounts locally with puppet, cfengine, chef, etc. and using only
the Kerberos service on the AD servers to keep centralized password
management.

I've also worked with Centrify, which some others mentioned. It
provides pretty well designed integration and management tools, but it
is  *bloody expensive* on a host by host licensing basis. If you're
investing that kind of money, you're probably also using RHEL directly
instead of a free rebuild, to get commercial support.