I have a homelab there is growing larger and larger and I am learning more and more every day. I was wondering if it is possible to manage all of my users from one server? So i don't have to create a new root and normal user with sudo access each time i spin up another Vm? and easily create a new user, reset password and ect.
Asked
Active
Viewed 180 times
4 Answers
3
You can manage your users using a ldap server, look at freeipa: https://www.freeipa.org/page/Main_Page
Fredi
- 2,227
- 9
- 13
2
There are a variety of central user management techniques available in Linux: ldap, nis, and kerberos are the oldest and probably the best documented and debugged. All of those are going to require a master-slave setup to maintain semi-reliably and replication can be arduous to configure.
Rather than pull your hair out that much when trying to simplify your life I'd suggest using ansible. You can get started without creating any infrastructure other than ssh keys. Ansible has a user module for managing users, but it also allows you to configure everything else. Maybe you want to have all of your servers using the same name servers: add a little more ansible. Maybe you want all of your servers to display a helpful /etc/motd then ansible can help again. The opportunities for saving yourself repeated work go on and on and go much further than keeping your users in sync.
chicks
- 3,639
- 10
- 26
- 36
-
Ansible is similair to puppet right? I all ready have a puppet serv. Running but i thougt it would be a great exercise to srtup somethibg like ldap – Daniel Guldberg Aaes Nov 04 '15 at 21:42
-
1Yes, ansible is like puppet, but it doesn't require the central server. If you're looking for something fun to setup, go for Kerberos. – chicks Nov 04 '15 at 21:47
-
puppet neither requires a central server, you can use it if you wish but it's just an option. But i think we're getting OT here. – Fredi Nov 05 '15 at 00:05
-
Fredi: you are correct, but that wasn't always so and most places I've been still use it as client-server. Ansible is still easier to get going standalone. Plus the whole question is OT since homelabs are probably not a professional context. :) – chicks Nov 05 '15 at 00:40
-
it is defently not a professional but it is fun to see how close i can get to a professional enviroment – Daniel Guldberg Aaes Nov 06 '15 at 10:42
1
using OpenLdap is a good idea... It's almost used everywhere and + you can even use ldap to:
- store your sudo configuration check what the documentation of sudo says about Sudoers ldap (http://www.sudo.ws/man/1.8.14/sudoers.ldap.man.ht
ml)
- store your openssh authorized_keys,for more information you can check this post: SSH key authentication using LDAP
cheers, Julian
julian3680
- 46
- 1
0
If your network is reasonably protected, using NIS is very simple to manage. NIS itself isn't very secure, but the setup is not at all complicated. I would also suggest exporting the home directories to all the other machines via nfs from the same server.
I've had several labs at work with the NIS/nfs setup and I can add, replace or upgrade machines and the users just log on like nothing ever changed - all their configs and files just show up no matter what machine they use.
AntEater
- 21
- 2