In large Active Directory environments, it is always a challenge to provide optimal performance and functionality. Safeguard Authentication Services provides configuration settings that may help you improve performance in an enterprise deployment.
In large Active Directory environments, it is always a challenge to provide optimal performance and functionality. Safeguard Authentication Services provides configuration settings that may help you improve performance in an enterprise deployment.
Each Unix host running Safeguard Authentication Services builds a persistent cache of user and group information. By default, the cache is built from users and groups in the joined domain. It is possible to change the search base from which the users or groups are loaded by using the group-search-path and user-search-path options. These search paths can either restrict the location from which the users and groups are loaded, or you can specify a search base in an entirely different domain. This is useful in organizations that use resource domains, where computer objects are stored in a separate domain from the domains where users and groups are located.
You can specify a group or user search path using the -g or -u options to the vastool join command. The following command joins the Unix host to the computers.example.com domain, and loads users from the base of the sub.example.com domain:
vastool -u admin join -u DC=sub,DC=example,DC=com computers.example.com
You can change the default user or group search base at any time by adding the group-search-path and user-search-path options in the [vasd] section of vas.conf and running vastool flush. See the vas.conf man page for an example of user and group search paths.
By default, Safeguard Authentication Services caches Unix user information for all users in a domain on every machine joined to that domain. An alternate caching method, known as "workstation mode", allows you to limit the size of the user cache by caching user information only for users who log in to a particular workstation. To enable workstation mode, enable the workstation-mode option in vas.conf.
For details, refer to the vas.conf man page. See Using manual pages (man pages) for information about accessing the vas.conf man page.
Using Safeguard Authentication Services to augment or replace NIS
Limitations of RFC 2307 as implemented by Microsoft
Installing and configuring the Safeguard Authentication Services NIS components
Installing and configuring the Linux NIS client components
Installing and configuring the Oracle Solaris NIS client components
Installing and configuring the HP-UX NIS client components
Installing and configuring the AIX NIS client components
Deploying in a NIS environment
Starting the NIS Map Import Wizard
Safeguard Authentication Services simultaneously supports ongoing production operations and provides a NIS migration path that does not impact existing systems and processes. The combination of flexible deployment options, data transparency, and One Identity-provided tools enable migrating and consolidating NIS data from various stores into a single, consistent, enterprise-wide identity stored in Active Directory.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center