Am 22.07.2016 um 01:11 schrieb David Sommerseth:

> Have a look at authconfig and sssd.  The former should help configure
> all these things for you, including proper PAM setup as well as LDAP and
> Kerberos.  For SSSD it is in particular helpful on laptops, where
> authentication data can be cached locally to be capable of offline
> authentication as well as caching enough information to automatically
> fetch a Kerberos ticket once the network access has been established.

I already had been using authconfig for sssd setup. Authentication (via
AD/ldap) and caching works well. I only need  per user mounting of their
AD-directories and hadn't found a hint in the authconfig man page.

> And SSSD do have some support for handling the autofs/automount stuff too.

Ok, that seems the way to go. Through your tip I now found that there is
an autofs/automount via "ldap_autofs_*" in sssd. Let's see if I get this
set up.

> Otherwise, do have a look at the FreeIPA stuff too.  There's a lot of
> good things in that package, which also doesn't require much resources
> on the server side.  For clients, it gets even easier.  You just need to
> install the proper IPA packages and run ipa-server-install or
> ipa-client-install, that's mostly all you need.  FreeIPA also makes use
> of SSSD and authconfig under the hood.

Yeah, looks like good thing but afaics I would have to set up a server
for that. I think at first I have to get comfy with the basics in the
"red hatted" world (I am coming from a debianic and SUSE background).

Thank you for your hints!

Cheerz,
Lars