Hi all,

I have 3 Ubuntu boxes (2 desktops and a server) at home. I would like to know how to setup an account on one computer and be able to use that account (user name and password) to log into the other computers.

Currently, I have setup the computers manually to have the same user name and password so I can log into them with out any issues. If I change the password on one, I'll have to change it on the other.

I would like some sort of central user manager to do this for me. Is there a program out there that will do this? I am not really looking to sync my home folders, just login information. I like the idea of having a primary computer that I use to store all of my stuff. I just want to be able to log into the other machines from time to time to perform updates.

EDIT: As per the answers below, I have researched the LDAP idea and I like it. However, at this point I only want my primary computer to contain my real home directory. I don't want to have to move it to the server (it is a good idea for the future). I just want to be able to log into the other computers with the same user name and password to be able to perform updates and maintenance. I would probably be installing software for the kids as there account is very limited.

I would like to move shared files (music and pictures) to the server and share those as a network share.

In summary, I would like to be able to manage users (add/edit/delete) that can log onto any of the ubuntu computers, this includes controlling the permissions that they have on that computer i.e. sudo. I would like to maintain my desktop as is but have the login sync'd with LDAP. The ability to setup network shares and ssh based mounts would be excellent as well.

Thanks, Troy

asked 22 Jul '10, 13:10

Troy's gravatar image

Troy
122210
accept rate: 100%

edited 23 Jul '10, 12:08




In the Microsoft world, it's call "Active Directory" (or "AD" for short), but all in all, it's really just a bast*rdized version of LDAP, which is the way to go. You could setup LDAP on your server (along with the accounts) and then use LAT (sudo apt-get install lat) (LDAP Administration Tool) to assist you in managing the system, but one thing to consider is the UIDs.

Right now you have the same account (for example), let's call it "Joe") on all 3 systems. I would bet that on all 3 systems, you have different UIDs, which could cause some issues with file sharing and permissions if you wanted to say setup a Workgroup network and attempt to share files and folders. So if you are on Machine 1 logged as Joe with UID 1001 and you are logged onto Machine 2 as Joe with UIDS 1023, well, you can see right there that is going to cause some issues. It gets even messier, but I won't get into all of that here.

My advice is to:

1) Setup LDAP on your server and also make it a file server.

2) Setup the accounts to use LDAP / be issued from the server (Like a Windows Domain Controller using AD does)

3) Properly migrate all files, folders and permissions from all 3 systems /home into the /home on the server.

(This is kind of like setting up a log file server to hold all log files in /var and then pointing all of your other servers to use that /var directory vs. the local one. Same concept, but with /home instead.)

4) Point all 3 client systems to the /home directory on the server vs on the local systems.

UPDATE 08/31/10 - http://www.ghacks.net/2010/08/31/set-up-your-ldap-server-on-ubuntu-10-04/

link

answered 22 Jul '10, 18:45

Ron's gravatar image

Ron ♦
936117
accept rate: 13%

edited 31 Aug '10, 22:46

Upvoting in spite of MS-bashing. I don't like MS, I know you don't, and I don't think that anyone here would shed a tear if they went out of business tomorrow. However, piling manure on them isn't going to help things.

(23 Jul '10, 00:33) Kevin M

I have to look at LDAP more. It is a very good idea from what I have read.

(23 Jul '10, 12:08) Troy

Hey Kevin, thanks for the vote up, but no MS bashing intended. I was merely pointing out the fact that AD is based on LDAP really... just like MS file sharing is really based on Samba, etc. I used AD/MS as an example, but I guess I could have called it "jerry-rigged" or something like that vs. "bast*rdized".

(23 Jul '10, 14:59) Ron ♦

I thought it might not, but I may be a little sensitive to that since my current employer wanted to make sure I knew that I wouldn't get a chance to advance my linux skillz when I was first hired. And knowing the attitude of some of the people at my local LUG, I can't say I really blame him(my employer) for his caution.

(24 Jul '10, 00:06) Kevin M

@Kevin, this sounds like a prime case where you can 1) educate your employer and show him the options available with Linux or 2) if he's not open, perhaps find a different job or a second job where you can use your skills. Windows DOES have it's merits (ie: MS Exchange with Blackberry support - which is a dismal failure on Linux comparatively speaking). If he's not open to listening, then he's probably not open to change and the business is at risk to stagnation and death. The key is to innovate and then replicate, because stagnation always equals death.

(26 Jul '10, 15:05) Ron ♦

I would look into LDAP.

It's a centralized authentication mechanism.

link

answered 22 Jul '10, 13:16

rfelsburg's gravatar image

rfelsburg ♦
606417
accept rate: 25%

I have a similar set up and what I do is the following;

On my "main" computer, I have an account called aws and it located at /home/aws

I generated an SSH key

ssh-keygen

This creates a key in your .ssh directory. Check out the file *.pud

On the other machines, create a user account of the same name and mkdir .ssh

Permissions matter greatly for SSH, directory should be 700 and files 600.

At that point, I am able to do the following:

ssh -X aws@box2 or
ssh -X aws@box2

If you change the password on your main box, it doesn't matter since your SSH keys are installed on the other boxes.

Not sure if this is what you were looking for but that's how I manager my 3 boxes.

link

answered 22 Jul '10, 20:09

Andy's gravatar image

Andy
297317
accept rate: 14%

This still requires an account on all computers.

(23 Jul '10, 13:03) rfelsburg ♦

Explore NIS. Relatively easier than Ldap.

link

answered 17 Aug '10, 15:47

Rohan's gravatar image

Rohan
1
accept rate: 0%

Easier, yes. better? No.

(03 Jan '11, 20:49) Ron ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×79

Asked: 22 Jul '10, 13:10

Seen: 2,314 times

Last updated: 31 Aug '10, 22:46

powered by OSQA