On Tue, Aug 5, 2014 at 3:17 PM, Eero Volotinen <[log in to unmask]> wrote: > > > > 2014-08-05 20:29 GMT+03:00 Paul Robert Marino <[log in to unmask]>: > >> I've never heard of SCCM but the Microsoft's AD thing is doable but >> difficult. >> > > Doable, not difficult as it required only authconfig command twice. > > man authconfig authconfig is *extremely* limited. Any sophisticated *removal* of prevous Kerberos configurations, for example, requires manual editing or managed redeployment of /etc/krb5.conf. And don't get me *started* on tuning the Linux password policies in /etc/pam.d if anyone runs authconfig to enable something else, like Kerberos or NIS or LDAP. Not a full AD integration, but I've had good success with managing user accounts locally with puppet, cfengine, chef, etc. and using only the Kerberos service on the AD servers to keep centralized password management. I've also worked with Centrify, which some others mentioned. It provides pretty well designed integration and management tools, but it is *bloody expensive* on a host by host licensing basis. If you're investing that kind of money, you're probably also using RHEL directly instead of a free rebuild, to get commercial support.