OK, this may be a dumb question but I'm wondering if I can export /etc/passwd, /etc/group and /etc/shadow from an NFS server and mount those files over the local ones on the client machine. The goal is a simple centrally managed list of users and groups.
Begin rant:
I know that this is what LDAP is supposed to do. I have been able to successfully install and configure almost every open source server software imaginable. MySQL, Apache, Asterisk, NFS, Samba, KVM host Machines, DNS, etc. No problem. But OpenLDAP has caused me no end of misery, and I have never been able to get it installed and running. No matter which OS you use, which version of LDAP, which tutorial you follow, it always ends the same way. You slap this and ldif that and sooner or later one of the instructions (which you were following to the letter) produces some ambiguous error that no one knows how to solve but you can't ignore and you end up giving up. Then you still need a central user management system, do research, see that LDAP is (supposedly) the answer and start the whole thing again and get nowhere.
End Rant.
I'm sick of LDAP. What I want is to say "useradd jdoe", and then give him a password on one machine. All other machines use that same userlist so you only have to add jdoe to one computer. So what I want is a solution that doesn't require overly complicated schemas, is easy to setup, is reliable, and most importantly, just works.
So I was wondering if anyone had tried making client machines use a central server's passwd file remotly over NFS? If it would work and be reliable? Or is there a functionality for doing this type of setup already built in to Linux?
I've read about something called NIS but people have said its way out dated. Is there no better way?
This is a pure Linux environment with Ubuntu Servers and Clients. Most of the machines are running 10.04.
Best Answer
No, this is not going to work, at least not in any reliable form, and it's quite likely these files are needed before NFS shares could be mounted, which would make it impossible.
If you have such problems with LDAP, you might have a look into NIS, which is an kind of an (ancient) predecessor of LDAP and is arguably easier to get running. But as I said, this is old technology and I wouldn't want to use this for a new system.
As for your LDAP problem: I would wonder where the problem really lies. Countless sites manage to get LDAP up and running, so it's certainly possible to use it. Frankly, I think the key to your problem is to not just follow instructions to the letter but to understand the underlying software, so you know what you are doing and have a chance to solve them yourself.