For small businesses with less than 10 PCs it's often an overkill to even have a central server, much less buy a Windows Domain Server which costs heaps of cash. However the need remains for people to share files and printers amongst their computers.
The standard solution would be to share the folders publicly. But sometimes that can be undesireable, for example if some unauthorized laptops appear in the network regularly.
Another solution is to create the same users on all computers (including setting the same passwords). This allows for authorized access, but adding new users or chaning passwords is a pain.
It would be great if it was possible to set up one of the machines as a central "user database". Other computers could then authenticate against that computer, and even set permissions on shares. Is this possible somehow?
What you're describing is exactly what a domain controller does. By the time you've done those two things (global users and share permissions), you've basically replicated all of the most commonly used functions of a domain.
That said, I'm sure that out there somewhere is a LDAP server and client that will integrate into Windows...
One way is to buy a server with Windows Server Foundation on it which is a "cheaper than SBS" OEM-only 15 user Windows Server 2008 R2 with no CAL requirements.
I don't know if you're viewing the fuller picture here. Windows SBS and a 5 CAL pack, which fits neatly into your 10 user example, will only cost about $1500 retail (you can probably get it for a good deal less through a licensing agreement, but either way it could hardly be called skyrocketing) and gives a lot more than just central authentication that I would argue is most definitely not completely irrelevant.
Right now for example, the way I see it is that your example network doesn't have proper backups. Maybe staff copy data off to a USB HD or something, but there is a dependency on staff actually doing it, and the data is scattered around all PCs in a non-secure manner. Do you really value your data so low that you would be satisfied for things to continue this way?
As cost is clearly a factor you might want to look into setting up a Linux Domain Controller instead of a Windows one. That will give you the functionality you are after without the license costs. Do some Googling and you should find plenty of information on the subject.
LDAP is a standard that fits what you describe, and which a MS server (and Active Directory) loosely adheres to. I'm sure you could find an open source alternative. It's going to take time to set up, though, and time to administer. Time that you'll regret losing should you not have backups, so I'd be sure to attend to those, as well.
Nobody's really trying to compete with MS on a Windows platform on user/directory services, so you'll be looking at Linux alternatives, as John mentioned. I suppose if you have an intern who's collecting $100/day or less, you could look at that $1500 SBS license and figure the kid has 15 days to figure it out. Otherwise, your savings disappear very quickly.
On the hardware end, there's no reason you can't set this up (windows OR *nix) on a workstation.
No. Windows Server uses kerberos to securely delegate authentication and ldap to determine who is authorized to do what. The desktop doesn't have this functionality.
You could use a workstation as an ersatz file server, and establish user accounts on that "server" with whatever delegation/permissions model you choose. You're also going to violate the Windows XP/Vista/7 license agreement, which limits users using a workstation to 3 or 5.
If you don't want to spend the money for Windows Server, get a book about Linux, put linux on a desktop and do it that way.
I do not believe what you are asking for exists in a nice tidy easy package like Windows Server. You could hack together a Linux box to do this, and it would be painful to setup and administer. I am not sure what you charge for your time, or get paid hourly, but to administer users centrally, and manage access to shares on multiple computers is exactly what Windows Server is designed and built for. Making something else do this would take a lot of time and effort.
If you just want one workstation to act like a server, have all of the access permissions and shares on the one workstation, you could setup Linux in a VM on a Windows box and use Samba. It would be much less complicated than trying to manage all of the PC's, and would only require some extra memory, and maybe a little higher specification PC than a normal workstation.
On Windows workstation you can use ADAM (Active Directory Application Mode) for this
Check
Not that I want to necro this question, but I noticed that no one ever mentioned Windows Home Server. For a small office / home office (<= 10 users), this is probably your best bet for a server level option for a normal Windows experience.
WHS is basically a stripped down version of Windows Server 2003. It'll manage file shares, shared printers, and workstation backups.
More info here: http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx
I just recently put one of these in at our vet's office. Works great so far. Just bought a bare-bones server and installed WHS on top of it.