Date: Tue, 22 Oct 2002 13:34:46 +1000 (EST) From: Peter Hoskin <peterh@ripewithdecay.com> To: Jeff Lynch <jeff@mercury.jorsm.com> Cc: Dexter McNeil <dexter@backtech.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: user account/password sync between machines? Message-ID: <20021022133305.V38432-100000@extortion.peterh.dropbear.id.au> In-Reply-To: <20021021181446.K67091-100000@mercury.jorsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wouldn't NIS be a better alternative? The FreeBSD handbook has a section on it. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nis.html Regards, Peter Hoskin On Mon, 21 Oct 2002, Jeff Lynch wrote: > On Mon, 21 Oct 2002, Dexter McNeil wrote: > > > I've got a project that involves two identically configured machines that > > are providing DNS and remote user SSH login. The systems are configured > > such that the users log into 'host', with each machine's DNS server > > returning it's IP address in response to a lookup of 'host'. The idea being > > that if one machine goes down, the other machine will still respond to DNS > > lookups and users will still be able to log in. All of this seems to work > > nicely in testing. > > > > The remaining piece of my puzzle for this is a method of keeping the user > > accounts sync'd between the two machines. I've looked into hacking up the > > adduser.perl script to allow for remote operations on the master.passwd > > file on the two machines (use a third machine to contain the master > > database & publish it to the two remote machines), however I'm wondering > > if anyone has found an easier solution to this type of problem. I'm not in > > a position to implement RADIUS or LDAP at this point, the two machines > > need to be self contained, except for an optional administration machine > > who's availability (or not) won't impact the operation of the two login > > servers. > > > > Any suggestions?? > > We run this script from cron every 5 minutes to sync passwd dbs on > two machines. Note, there may be some cut/paste errors. > > HTH, > --jeff > > #!/bin/sh > DATE=`date` > > SERVERS="\ > machine.domain.com \ > " > > for server in ${SERVERS} > do > > /usr/local/bin/rsync -ptog -e /usr//bin/ssh /etc/group $server:/etc/group > > if [ $? -ne 0 ]; then > echo "$DATE: rsync of /etc/group to $server failed" | mail root > fi > > /usr/local/bin/rsync -ptog -e /usr/bin/ssh /etc/master.passwd $server:/etc/master.passwd > > if [ $? -ne 0 ]; then > echo "$DATE: rsync of /etc/master.passwd to $server failed" | mail root > break # No need to continue > fi > > /usr/bin/ssh $server /usr/sbin/pwd_mkdb -p /etc/master.passwd > > if [ $? -ne 0 ]; then > echo "$DATE: pwd_mkdb failed on $server" | mail root > fi > > done > > > > > > Many thanks, > > Dexter McNeil > > dexter@backtech.com > > > > > > -- > > The ultimate destination on the journey of life is a hole 6 feet deep. > > Enjoy the journey - the destination is nothing to write home about. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > ============================================================================ > Jeffrey A. Lynch | JORSM Internet, Regional Internet Services > email: jeff@jorsm.com | 7 Area Codes in Chicagoland and NW Indiana > Voice: (219)322-2180 | 100Mbps+ Connectivity, 56K-DS3, V.90, ISDN > Autoresponse: info@jorsm.com | Quality Service, Affordable Prices > http://www.jorsm.com | Serving Gov, Biz, Residential Since 1995 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021022133305.V38432-100000>