4

I have a base system with a few (currently two) VMs on top of it, all running Ubuntu Server. I have to keep adding my user account on each system when I bring a new one up, as well as giving it sudo access, etc. and there are things in the way such as passwords/private keys not being automatically synchronized.

Is there a simple way to provide shared login for (one or two) user accounts on all these? They need to be real accounts with home directories and the like. They also already exist so I'll need to migrate them from a normal user account to the new solution.

LDAP seems a little (a lot) more complex than I really need, and I was having a hard time telling if NIS was what I wanted. What solutions should I be looking at, and how do I get started?

Jess
  • 473
  • 1
  • 6
  • 16

5 Answers5

5

Use a configuration management tool like puppet.

Doug
  • 646
  • 3
  • 8
  • +1 for puppet, but if LDAP is out, I assumed Puppet would be out too – sreimer Mar 30 '11 at 21:02
  • 1
    I had thought about this while writing the question, though I never thought it to be quite the right way of going about it, it might be a usable solution. – Jess Mar 30 '11 at 21:06
  • 3
    THIS. It is a usable solution, trust me. You can even transfer ssh keys. It's awesome. – Joseph Kern Mar 30 '11 at 23:30
  • +1 for puppet in general, but I wouldn't count out LDAP for user management - it isn't as complex as you think, and solves a multitude of problems. – voretaq7 Apr 01 '11 at 15:32
1

Have you considered creating a base VM to clone?

sreimer
  • 2,168
  • 14
  • 17
  • Either that, or write a script that mounts the VM image and customize it. If you build only a few machines now and them, chances are you want the latest version of Ubuntu, so maintaining a VM master may not be worth the effort. – Bittrance Mar 30 '11 at 20:30
  • 1
    I use ubuntu-vm-builder which supports initial configuration, so it's not what I'm after in this case. – Jess Mar 30 '11 at 21:04
1

Well, since everybody's posted all the reliable, scalable, right answers already, let me suggest instead what our shop does: sync your passwd/shadow/group files to your several systems from a reliable 'parent' system on which you do your account configuration.

This is by far the simplest solution, requiring only a bit of scriptage on each end to handle the sync, and provisioning of home directories etc. The downside is that it really doesn't scale gracefully, but for only a few systems this will be the path of least resistance.

Jeff Albert
  • 1,967
  • 9
  • 14
0

NIS, NIS+, and as you mentioned, LDAP, are what do these on an enterprise scale. But you're right that it's probably a lot more complexity than you want for a few servers.

Do you currently have a directory service already in use? (eg: Active Directory)

Private keys might be easier to keep synchronized if home directories were on a shared storage like NFS. Automount can help with that, but you might run into issues if you have users working on both boxes at the same time.


--Christopher Karel

Christopher Karel
  • 6,442
  • 1
  • 26
  • 34
  • No AD, this is entirely a self contained system. I'm just looking for a little ease of use. – Jess Mar 30 '11 at 21:05
0

389 Directory Server

AFAIK, this is similar to or the same as RedHat Directory Server. Yes, it uses LDAP, but the website claims it can be setup in an hour. If you never 'see' the LDAP Server, it might be worth a try.

http://directory.fedoraproject.org/

JeffG
  • 1,184
  • 6
  • 18