From owner-freebsd-isp Mon Oct 21 16:18:37 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2B2637B401 for ; Mon, 21 Oct 2002 16:18:34 -0700 (PDT) Received: from mercury.jorsm.com (mercury.jorsm.com [207.112.128.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id B302743E91 for ; Mon, 21 Oct 2002 16:18:31 -0700 (PDT) (envelope-from jeff@mercury.jorsm.com) Received: by mercury.jorsm.com (Postfix, from userid 101) id 28AC21E1D9B; Mon, 21 Oct 2002 18:18:26 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by mercury.jorsm.com (Postfix) with ESMTP id 26FB81E1D5A; Mon, 21 Oct 2002 18:18:26 -0500 (CDT) Date: Mon, 21 Oct 2002 18:18:26 -0500 (CDT) From: Jeff Lynch To: Dexter McNeil Cc: freebsd-isp@freebsd.org Subject: Re: user account/password sync between machines? In-Reply-To: <20021021204543.GA14674@backtech.com> Message-ID: <20021021181446.K67091-100000@mercury.jorsm.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 21 Oct 2002, Dexter McNeil wrote: > I've got a project that involves two identically configured machines that > are providing DNS and remote user SSH login. The systems are configured > such that the users log into 'host', with each machine's DNS server > returning it's IP address in response to a lookup of 'host'. The idea being > that if one machine goes down, the other machine will still respond to DNS > lookups and users will still be able to log in. All of this seems to work > nicely in testing. > > The remaining piece of my puzzle for this is a method of keeping the user > accounts sync'd between the two machines. I've looked into hacking up the > adduser.perl script to allow for remote operations on the master.passwd > file on the two machines (use a third machine to contain the master > database & publish it to the two remote machines), however I'm wondering > if anyone has found an easier solution to this type of problem. I'm not in > a position to implement RADIUS or LDAP at this point, the two machines > need to be self contained, except for an optional administration machine > who's availability (or not) won't impact the operation of the two login > servers. > > Any suggestions?? We run this script from cron every 5 minutes to sync passwd dbs on two machines. Note, there may be some cut/paste errors. HTH, --jeff #!/bin/sh DATE=`date` SERVERS="\ machine.domain.com \ " for server in ${SERVERS} do /usr/local/bin/rsync -ptog -e /usr//bin/ssh /etc/group $server:/etc/group if [ $? -ne 0 ]; then echo "$DATE: rsync of /etc/group to $server failed" | mail root fi /usr/local/bin/rsync -ptog -e /usr/bin/ssh /etc/master.passwd $server:/etc/master.passwd if [ $? -ne 0 ]; then echo "$DATE: rsync of /etc/master.passwd to $server failed" | mail root break # No need to continue fi /usr/bin/ssh $server /usr/sbin/pwd_mkdb -p /etc/master.passwd if [ $? -ne 0 ]; then echo "$DATE: pwd_mkdb failed on $server" | mail root fi done > > Many thanks, > Dexter McNeil > dexter@backtech.com > > > -- > The ultimate destination on the journey of life is a hole 6 feet deep. > Enjoy the journey - the destination is nothing to write home about. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > ============================================================================ Jeffrey A. Lynch | JORSM Internet, Regional Internet Services email: jeff@jorsm.com | 7 Area Codes in Chicagoland and NW Indiana Voice: (219)322-2180 | 100Mbps+ Connectivity, 56K-DS3, V.90, ISDN Autoresponse: info@jorsm.com | Quality Service, Affordable Prices http://www.jorsm.com | Serving Gov, Biz, Residential Since 1995 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message