Best way to avoide UID/GID conflicts across new systems

[leveraction]

I am setting up several new FreeBSD servers (using bhyve). There are currently no users (other than me and root). I use NFS and have run into problems with GID and UID conflicts across systems in the past and would like to avoid that if possible. Is there a standard way of handling this? I have seen LDAP and NIS mentioned and those may be the way to go, but before I get neck deep in that I was hoping to confirm what I should be reading about. Thanks in advance.

 

[ekingston]

I believe LDAP is the current preferred way to set-up user accounts at a network level. NIS is somewhat old and hasn't changed in a very long time.

Also note, NFSv4 uses symbolic names instead of UID/GID if you set it up right. This reduces the problem when you don't have network authentication.

https://www.freebsd.org/cgi/man.cgi?query=nfsv4&sektion=4

 

[ralphbsz]

For a small shop, the easiest is to create a single master list of all users and groups. One way to handle it is to declare one server to be the "master", whose /etc/passwd and /etc/group rule over all others. That server doesn't have to be the only NFS server, it just has to have the master copy of the user/group list.

For a large shop, LDAP seems to be the tool of choice. Or use implementations that can do UID/GID translation or symbolic names. All these things are lots of work and painful.