samba-technical digest, Vol 1 #2015 - 14 msgs

[Jim Morris]

Steve Langasek <vorlon at netexpress.net> wrote:

> Such a system would be neither simple, nor reliable; it would still be
> possible for changes to be made on two machines to one account in the
> same rsync window, resulting in one set of changes being lost.  It is
> much simpler to designate a "master" server (a PDC) that all update
> requests are sent to, then use rsync to propogate the master file out to 
> other servers.

I have to agree with this statement. I have implemented just such a
system, for 4 Samba servers at geographically distributed branch offices
of a company. One server is designated as a 'MASTER' server, and the
others are 'SLAVE' servers.   Any time a user account has to be modified
added or deleted, it is done on the one server, and within 15 minutes,
the changes have propogated to all of the others.

Richard - If user's have the need to change their own passwords,
consider the use of a tool such as Webmin, which has a UserMin module (I
think its called that). UserMin can be used to let them change their
password, etc.

You can easily extend the concept beyond just the smbpasswd file.  I
rsync files such as chap-secrets and pap-secrets for PPP dialup access,
and VPN access via pptpd.  The Linux system passwords are kept in sync
using NIS/YP - although I have considered trying to switch the systems
to use LDAP or SMB authentication instead....

-- 
/-----------------------------------------------
| Jim Morris  |  Email: Jim at Morris-World.com
|             |    AIM: JFM2001
\-----------------------------------------------