From owner-freebsd-isp Mon Oct 21 20:34:22 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2280D37B401 for ; Mon, 21 Oct 2002 20:34:20 -0700 (PDT) Received: from scan.pnc.com.au (scan.pnc.com.au [203.13.174.123]) by mx1.FreeBSD.org (Postfix) with SMTP id 0C89443E42 for ; Mon, 21 Oct 2002 20:34:19 -0700 (PDT) (envelope-from peterh@ripewithdecay.com) Received: (qmail 7403 invoked by uid 84); 22 Oct 2002 13:43:26 +1000 Received: from unknown (HELO dialup-246.159.220.203.acc01-high-pen.comindico.com.au) (203.13.174.1) by scan.pnc.com.au with SMTP; 22 Oct 2002 13:43:23 +1000 Date: Tue, 22 Oct 2002 13:34:46 +1000 (EST) From: Peter Hoskin X-X-Sender: peterh@extortion.peterh.dropbear.id.au To: Jeff Lynch Cc: Dexter McNeil , Subject: Re: user account/password sync between machines? In-Reply-To: <20021021181446.K67091-100000@mercury.jorsm.com> Message-ID: <20021022133305.V38432-100000@extortion.peterh.dropbear.id.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Wouldn't NIS be a better alternative? The FreeBSD handbook has a section on it. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nis.html Regards, Peter Hoskin On Mon, 21 Oct 2002, Jeff Lynch wrote: > On Mon, 21 Oct 2002, Dexter McNeil wrote: > > > I've got a project that involves two identically configured machines that > > are providing DNS and remote user SSH login. The systems are configured > > such that the users log into 'host', with each machine's DNS server > > returning it's IP address in response to a lookup of 'host'. The idea being > > that if one machine goes down, the other machine will still respond to DNS > > lookups and users will still be able to log in. All of this seems to work > > nicely in testing. > > > > The remaining piece of my puzzle for this is a method of keeping the user > > accounts sync'd between the two machines. I've looked into hacking up the > > adduser.perl script to allow for remote operations on the master.passwd > > file on the two machines (use a third machine to contain the master > > database & publish it to the two remote machines), however I'm wondering > > if anyone has found an easier solution to this type of problem. I'm not in > > a position to implement RADIUS or LDAP at this point, the two machines > > need to be self contained, except for an optional administration machine > > who's availability (or not) won't impact the operation of the two login > > servers. > > > > Any suggestions?? > > We run this script from cron every 5 minutes to sync passwd dbs on > two machines. Note, there may be some cut/paste errors. > > HTH, > --jeff > > #!/bin/sh > DATE=`date` > > SERVERS="\ > machine.domain.com \ > " > > for server in ${SERVERS} > do > > /usr/local/bin/rsync -ptog -e /usr//bin/ssh /etc/group $server:/etc/group > > if [ $? -ne 0 ]; then > echo "$DATE: rsync of /etc/group to $server failed" | mail root > fi > > /usr/local/bin/rsync -ptog -e /usr/bin/ssh /etc/master.passwd $server:/etc/master.passwd > > if [ $? -ne 0 ]; then > echo "$DATE: rsync of /etc/master.passwd to $server failed" | mail root > break # No need to continue > fi > > /usr/bin/ssh $server /usr/sbin/pwd_mkdb -p /etc/master.passwd > > if [ $? -ne 0 ]; then > echo "$DATE: pwd_mkdb failed on $server" | mail root > fi > > done > > > > > > Many thanks, > > Dexter McNeil > > dexter@backtech.com > > > > > > -- > > The ultimate destination on the journey of life is a hole 6 feet deep. > > Enjoy the journey - the destination is nothing to write home about. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > ============================================================================ > Jeffrey A. Lynch | JORSM Internet, Regional Internet Services > email: jeff@jorsm.com | 7 Area Codes in Chicagoland and NW Indiana > Voice: (219)322-2180 | 100Mbps+ Connectivity, 56K-DS3, V.90, ISDN > Autoresponse: info@jorsm.com | Quality Service, Affordable Prices > http://www.jorsm.com | Serving Gov, Biz, Residential Since 1995 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message