Freeipa can be used to manage users/groups, however on CoreOS the setup process is currently broken.

When setting up the Freeipa client on a CoreOS system the following directories need to be created manually.

mkdir -p /var/lib/ipa-client/sysrestore/
mkdir -p /var/lib/ipa-client/pki/
mkdir -p /var/lib/sss/pubconf/krb5.include.d/