Originally posted by: SystemAdmin

I have a bunch of AIX and Linux machines which share one AIX machine as file server. Some users have their home directory mounted from the file server, others use local home directory to save space on file server.

To make uid and gid consistent among these machines, I use a script to set up new machine, which creates users and groups. However, if I want to create a new group and add users to the new group, I have to do it on all the machines, which is a tedious work.

I am wondering if there is a better way to manage users/groups across AIX/Linux machines. I heard that NIM may help. Thanks in advance if some one can give me some suggestion or point me to a good link.

Originally posted by: esv

I'd recommend LDAP, Active Directory might be viable solution if you have already deployed it.

best regards,
esv.

Originally posted by: j.gann

Directory services like ldap provide centralized user management and authentication. They are quite popular today but require significant effort to plan, setup and run.

For your specific question, why not think further than user management?
My approach would be to setup key-authenticated remote root login from one (management) server only to all the managed machines. Now you can easily automate remote operations from the management server like this:

for machine in server1 server2...
do
ssh $machine mkuser whatever...

1. check

done

or scp a prepared script to remote machines and run it like above...

dsh (distributed shell) works almost identically but I dislike its parallel operation.

Concerns about remote root login? Can be setup very restrictive with current openssh versions, password-protected private key on a personal storage (aka usb-stick) and ssh-agent.

nim is useful for os installation/upgrade and package management.

Joachim