4

OK, this may be a dumb question but I'm wondering if I can export /etc/passwd, /etc/group and /etc/shadow from an NFS server and mount those files over the local ones on the client machine. The goal is a simple centrally managed list of users and groups.

Begin rant:

I know that this is what LDAP is supposed to do. I have been able to successfully install and configure almost every open source server software imaginable. MySQL, Apache, Asterisk, NFS, Samba, KVM host Machines, DNS, etc. No problem. But OpenLDAP has caused me no end of misery, and I have never been able to get it installed and running. No matter which OS you use, which version of LDAP, which tutorial you follow, it always ends the same way. You slap this and ldif that and sooner or later one of the instructions (which you were following to the letter) produces some ambiguous error that no one knows how to solve but you can't ignore and you end up giving up. Then you still need a central user management system, do research, see that LDAP is (supposedly) the answer and start the whole thing again and get nowhere.

End Rant.

I'm sick of LDAP. What I want is to say "useradd jdoe", and then give him a password on one machine. All other machines use that same userlist so you only have to add jdoe to one computer. So what I want is a solution that doesn't require overly complicated schemas, is easy to setup, is reliable, and most importantly, just works.

So I was wondering if anyone had tried making client machines use a central server's passwd file remotly over NFS? If it would work and be reliable? Or is there a functionality for doing this type of setup already built in to Linux?

I've read about something called NIS but people have said its way out dated. Is there no better way?

This is a pure Linux environment with Ubuntu Servers and Clients. Most of the machines are running 10.04.

Nick
  • 4,433
  • 29
  • 67
  • 95
  • Well, this sounds like a great opportunity to read the OpenLDAP documentation and figure out how it works. Honestly, it's pretty simple -- if you really do all those other things you say you do, OpenLDAP shouldn't be any more difficult. If you've run into specific problems with the software, this is a great place to come with questions. – larsks Feb 05 '12 at 02:04
  • 1
    Have you looked at the alternatives like NIS, distributing your passwd/group/shadow via a sync tool, or setting up users via config management tool like puppet? – Zoredache Feb 05 '12 at 03:13
  • @larsks: I have read through the OpenLDAP documentation. That was one of the sources of information I used to attempt a setup, which lead to a vague unsolvable error. I have tried many other sources of documentation including nice tutorials that also led to problems. I have posted many of these problems on this site. I have earned numerous tumbleweed badges, and my accept rate has suffered since there are no good answers to the problems I've come across. Perhaps the problems are specific to Ubuntu, I don't know. But I do know that it is not a lack of reading or competence on my part. – Nick Feb 05 '12 at 04:08
  • @zoredache: I read about NIS but heard it was outdated so I didn't pursue it further. I was hoping there might be something MySQL based that isn't too difficult. When you say sync tool do you mean rsync or similar? I've heard of puppet but not tried it (yet). – Nick Feb 05 '12 at 04:10

1 Answers1

3

No, this is not going to work, at least not in any reliable form, and it's quite likely these files are needed before NFS shares could be mounted, which would make it impossible.

If you have such problems with LDAP, you might have a look into NIS, which is an kind of an (ancient) predecessor of LDAP and is arguably easier to get running. But as I said, this is old technology and I wouldn't want to use this for a new system.

As for your LDAP problem: I would wonder where the problem really lies. Countless sites manage to get LDAP up and running, so it's certainly possible to use it. Frankly, I think the key to your problem is to not just follow instructions to the letter but to understand the underlying software, so you know what you are doing and have a chance to solve them yourself.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • 1
    Agree on all points. When I first started setting OpenLDAP up, I just thought of it as 'magic'. I got it working, but wasnt really familiar with how it worked. Though once I understood how it worked, it became a HECK of a lot easier to manage and tweak. – phemmer Feb 05 '12 at 04:10