|
On Sat, 7 Sep 2002, Chris A. Kalin wrote:
Instead of using NIS, or NIS+ I use LDAP for all my customer information
records. I store, Radius, Qmail, DHCP, DNS, and Apache Virtual Host
information in my LDAP server. We have a couple LDAP slaves and have all
servers query the LDAP servers for info. Radius, Qmail are real time,
everything else is updated via a script.
To replicate NIS functions in LDAP check out www.padl.com. They have a
schema and migration tool set
-Matt
> would just flip over to the other RADIUS server, and all the web and mail
> servers would start using the one NIS server that was still working. If
> they BOTH go down, well, then my users aren't dialing in and then I've got a
> lot more to worry about. :)
>
> I can't really speak about LDAP because I haven't looked at it much -
> although it _is_ a lot more flexible in terms of what sort of information
> you can centralize. But if all you want to replicate are what's in the
> /etc/passwd file right now, use NIS. It's better than scp-ing a bunch of
> files around because if that sort of setup breaks at 2 AM, or you get an
> incomplete copy of the password file on a box for some reason, you're going
> to have no end of headaches tracking that down (the system I inherited did
> the exact same thing - scp-ed the password files to six other boxes.) NIS,
> once you get it going (and there are a ton of HOWTOs on the net - note that
> you want the NIS ones and NOT the NIS+ ones) just works, and works well.
>
> Failing _that_, you could always ask the people who gave you this advice for
> help offlist. :)
>
> Chris Kalin
>
>
>
> ----- Original Message -----
> From: "Doug Schasteen" <dschast@xxxxxxxxxxxx>
> To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Friday, September 06, 2002 4:57 PM
> Subject: Syncing user accounts between server
>
>
> > Sorry if I'm getting off topic here, but I figure most of you are in the
> > same boat as me when it comes to the fact that you don't want to have to
> > set up user accounts on EVERY real server in your farm. When somebody
> > needs a password reset, I can't imagine having to log in to 5 different
> > servers to change the password on each of them.
> >
> > I've done a little bit of research on this, and it seems there are 2
> > ways of using centralized authentication. They are LDAP and NIS. I don't
> > personally like either of these, because my main reason for having
> > multiple servers is actually for redundancy (if one server goes down, I
> > have others). So what good is it to me if no one can log into the
> > servers because the central authentication server is down? NIS seems to
> > have one plausible solution, which is to run 1 master server and every
> > other server be a slave server, but have each server set as a client to
> > itself. That way the user accounts are propagating from the master to
> > all of the slaves, but none of the slaves are relying on any other
> > server for authentication. They are actually using themselves as their
> > own authentication server.
> >
> > Does that sound right? Does anyone have any experience with doing that
> > kind of a setup with NIS?
> >
> > My other idea would be simply to rsync all of the necessary files. I'm
> > running FreeBSD on my real servers so I would just rsync /etc/group,
> > /etc/passwd, /etc/master.passwd, and /etc/aliases. This way, all of my
> > machines are using their normal authentication, but they all receive the
> > newest set of user accounts and password files every minute (if I put
> > the rsync commands in cron).
> >
> > What do you guys think? Let me know what you are doing to solve this
> > problem.
> >
> > - Doug
> >
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> >
> >
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
--
----------------------------------------------------------------------
Matthew S. Crocker
Vice President / Internet Division Email: matthew@xxxxxxxxxxx
Crocker Communications Phone: (413) 746-2760
PO BOX 710 Fax: (413) 746-3704
Greenfield, MA 01302-0710 http://www.crocker.com
----------------------------------------------------------------------
|
