Example of Using NIS Clients with the Centrify NIS Server

An organization has an existing NIS environment, and wants to centralize user authentication with Active Directory and keep standard NIS maps and custom maps used by an in-house application on NIS. A simple approach is to install the Centrify Agents on the NIS Servers, migrating NIS data to Active Directory and then use the Centrify NIS Server to serve the maps to NIS clients.

The following steps can be performed:

  1. Create a Centrify Zone in Active Directory.
  2. Define the NIS domain name within the Zone Properties for the NIS domain that you are migrating.
  3. Install the Centrify password sync agent on Domain Controllers so that AD passwords can be saved in UNIX Crypt format for NIS client user login.
  4. Install the Centrify Agent on all NIS server machines.
  5. Join each NIS server machine to Active Directory and add them to the Centrify Zone.
  6. Import all the users and groups from the NIS servers into the Centrify Zone using the Centrify Access Manager import wizard.
  7. Import all NIS maps into the Centrify Zone NIS Maps node within UNIX Data using the Access Manager import wizard.
  8. Schedule down time, and stop the legacy NIS servers.
  9. Install and start the Centrify NIS Server daemon (adnisd) on the NIS servers.

NIS client computers and any NAS appliances will continue to use the NIS servers for all NIS client calls where users will be authenticated against their Active Directory credentials and they will also get their NIS maps from the Centrify Zone via normal NIS requests. The benefit is that you will now be able to use Active Directory for all NIS map management as well as all user authentication. The downside is that the insecure NIS protocol is still being used between the NIS clients and the Centrify NIS Servers.

Examples of Migrating Users Gradually