Topic: Sync Users and groups to other SME Server

[finchwizard]

I have my PDC and everything working fine.

But I've got another SME Server here as well, and I want it to have the same users and groups on the second server, so I can create ibays etc and set permissions.....

Currently, we are rsync'ing between them, and I can see all the users with 'getent passwd'

But they don't show up in the server-manager panel.....

Can someone please tell me ALL the files I need to sync between the computers just to see the users and groups..........

Also, I have  NT server as well, which has joined the SME 6 final server, and the users show up, but not the groups.....any ideas about that anyone??

Thanks heaps
Finchwizard

[robert_from_au]

Hi
This sends all the config across. # indicates the beginning of a line. rsync used to speed up subsequent syncs.
Exchange ssh keys or it will drive you mad! Alternativly make the recieving end a one letter password untill you are done.

######################################################
#!/bin/sh
REMOTE=YOUR REMOTE SERVER
#rsync -aovc -e ssh   /etc/passwd root@$REMOTE:/etc
#rsync -aovc -e ssh   /etc/group root@$REMOTE:/etc
#rsync -aovc -e ssh   /etc/shadow root@$REMOTE:/etc
#rsync -aovc -e ssh   /etc/gshadow root@$REMOTE:/etc
#rsync -aovc -e ssh  /etc/smbpasswd root@$REMOTE:/etc
#rsync -aovc -e ssh  /home/e-smith/accounts root@$REMOTE:/home/e-smith


##CONFIG FILE. IN MOST CASES YOU SHOULD SEND THIS!#########
#rsync -aovc -e ssh /home/e-smith/configuration root@$REMOTE:/home/e-smith
#######################
#rsync -aovc -e ssh --delete /home/e-smith/domains root@$REMOTE:/home/e-smith

#rsync -aovc -e ssh --delete /home/e-smith/hosts root@$REMOTE:/home/e-smith

#rsync -aovc -e ssh --delete /home/e-smith/networks root@$REMOTE:/home/e-smith
#rsync -aovc -e ssh --delete /home/e-smith/db root@$REMOTE:/home/e-smith
#rsync -aovc -e ssh --delete /home/e-smith/Mail root@$REMOTE:/home/e-smith
exit
#################################################

[finchwizard]

Robert from Au??

Australia? GO AUSTRALIA.

I'm from QLD.

Thanks for that heaps, just needed the /home/e-smith/accounts part......

The only thing though, it has info on ibays.........so when I create a ibay on the second server........the rsync happends, and replaces the file with the ibays on the other machine......which we don't want to do...

Only need the usernames/passwords/groups
No other info.........

So close yet so far

Any ideas on how to get around that?

Thanks again!
Finchwizard

[Anonymous]

Any ideas on how to get around that?
[/quote]
On the accounts one don't set the --delete flag.
This will add the extra ibays but not delete the original ones..
Bit of a work around but it might work.
PS I HAVE NOT TESTED THIS
regards
robert
www.synapticserver.com[/quote]

[Anonymous]

I don't follow....

There is no -delete flag anyway next to the accounts part....

I'm not using the second half of the script....I  only want the usernames/passwords, groups.

And I do get all that, but because ibay info is located in /home/e-smith/accounts

I get the ones I've createed overwritten.

Thanks again
Finchwizard

[Jon Blakely]

I am working on a set of scripts that will update a second/backup server when a user, group or ibay is created or a password modified on the main server.

Below is an example of the remote-create-user script.
It is called by the signal-event create-user on the main server when a user is created.
I am using unison for synchronisation. I have created a RSA key pair between the two servers so I dont get asked for the password every time.

#!/usr/bin/perl -w

my $user = $ARGV [1];

system ("/usr/local/sbin/unison", "/home/e-smith/accounts", "ssh://192.168.2.4//home/e-smith/accounts", "-batch", "-silent", "
-force", "/home/e-smith/accounts");

system ("/usr/bin/ssh", "192.168.2.4", "/sbin/e-smith/signal-event", "user-create", $user);

I have created scripts for remote-user-create, remote-user-modify, remote-user-delete, remote-group-add, remote-group-modify, remote-group-delete, remote-ibay-create, remote-ibay-modify, remote-ibay-delete and remote-password modify.

The machine that you are updating can either be local or at a remote site.

I need to tidy the scripts up a bit and add few more for creating, modifying and deleting virtual domains. I want to add a remote-host property to the configuration database that is updated via a page on the server-manager and use a variable $remoteHost in the scripts. I will then package it up as a rpm.

Jon

[robert_from_au]

Sorry about that.
it was late...
This is script is really intended for "poor mans failover"
You have one primary machine which overwrites and keeps the other one about 10mins behind the primary machine
if the main machine fails. The other one comes up.sends a message along the lines of "Bugger primary server down"

Yours is a bit different. You need to cut out all references to ibays on the fly. Its a good idea.
I don't have a magic bullet I am afraid. Sounds like a job for perl though...
Unison is a fantastic thing Jon!
robert

[finchwizard]

Yeah, see I have about 350 users or so.

The primary SME Server does most of the work.

I have a second SME Server, I am using this as a storage server, so I need the usernames and groups etc so I can setup permissions on the ibays etc.....

I was going to use plain ole NT 4 for this, but for some weird reason, it would pick up the users in the Usermanager, but not the groups.

If I could get the thing to compare the two files and only update the differences, that might also work....

Hmmm, back to thinking hard. This server is already late enough, tis a real pain....

Thanks for the replies though, that unison script looks handy as well.

[Michiel]

You might want to have a look at the Lazy Admin Tools:
http://mirror.contribs.org/smeserver/contribs/mblotwijk/HowToGuides/lazy-admin-tools.htm

The lat-dump tool will extract all relevant account info from the various files in /etc and /home/e-smith. The resulting files can be used to set up identical accounts, ibays, groups, etc (including uid/gid) on an other server.

It won't do synchronisation between two servers, but with a bit of nifty scripting you could create a differnetial config file which then can be used to update the servers. Haven't yet tried that though.

Michiel

[finchwizard]

Cheers, will look at it monday.....

I'll let you know how I go....

Thanks,
Finchwizard

[Jon Blakely]

I initially looked at LAT to synchronise users between 2 servers

This was the script I used

#!/bin/bash
/usr/sbin/lat-dump -d -o=/root/lat

/usr/local/sbin/unison /root/lat ssh://192.168.2.4/lat -batch -silent -force /ro
ot/lat

/usr/local/sbin/unison /etc/shadow ssh://192.168.2.4//etc/shadow -batch -silent
-force /etc/shadow

/usr/local/sbin/unison /etc/shadow- ssh://192.168.2.4//etc/shadow- -batch -silen
t -force /etc/shadow-

ssh -l root 192.168.2.4 /root/lat/lat-restore

I modified lat-restore to restore only the info I wanted to synchronise, that is users and groups.
The lat-dump info was dumped to a directory /root/lat.
Unison is used to synchronise the /root/lat directory to the second server and to synchronise /etc/shadow and /etc/shadow-.
ssh is used to run the lat-restore command on the second server.

Jon

[Michiel]

I modified lat-restore to restore only the info I wanted to synchronise, that is users and groups.
The lat-dump info was dumped to a directory /root/lat.
Unison is used to synchronise the /root/lat directory to the second server and to synchronise /etc/shadow and /etc/shadow-.
ssh is used to run the lat-restore command on the second server.

Be aware that this will only _create_ users and groups, not delete. For that you would have to do a lat-dump on both machines, compare the results and add/delete as required.

Michiel