Thanks to
Nikola Milutinovic Nikola.Milutinovic_at_ev.co.yu
Frank Wortner <frank_at_bondnet.com>
Yousef Omar Nour <yousef.nour_at_digital-natcom.com>
Ann Majeske USG <Ann.Majeske_at_Compaq.com>
Simon simon.millard_at_barclays.co.uk
HAtasoy_at_ifk.com.tr (Sent a script that can be used for this purpose, I
haven't try it yet)
Actually the exact answer I was looking for came out from Frank Wortner,
Yousef Omar Nour and Ann Majeske . All of them nearly mentioned the solution
(AND IT WORKS) :- Some mentioned to use NFS (see below)
Use the following procedure to perform the desired task:
Copy over the following files from the source system to the target system;
be sure that the correct
permission settings are kept on the files:
/etc/auth/system directory (copy the whole directory)
/tcb/files/auth.db
/var/tcb/files/auth.db
/etc/passwd
/etc/group
If the old hashed password database files exist on the new target system,
remove them:
# rm /etc/passwd.dir
# rm /etc/passwd.pag
=======================================================================
My original Question was :
I have two Alpha 4100 servers both running DU4.0E enhanced security
installed. The server which has all the user accounts will be kept for
backup purposes. How can I export all the user accounts from Server A to
Server B so that users can log on Server B with the same user and password
used on Server A?
=======================================================================
The rest of the other suggestions and answers in full :-
(FROM : Nikola Milutinovic Nikola.Milutinovic_at_ev.co.yu )
Well, the first thing that is likely to cause problems are overlapping
UIDs. All files have their ownership as UID/GID, given as numbers, not
names. You will most likely archive their files by just "tar cf
users.tar /usr/users" in order to preserve UID <-> UserName mapping, you
need to copy information from /etc/passwd and /etc/group.
What would happen if those two machines both have:
USER(hisham) = UID(35)
USER(nikola) = UID(35)?
There is no easy way to "move" UID from one to another. Except to hack
it:
1. edit /etc/passwd and place one of the users to a "safe" UID (i.e.
1000).
2. find / -user 35 -exec chown 1000 {} \;
After that you would need to merge two passwd and group files.
Then you need to merge C2sec databases. Again, there is no easy way. I'd
sugest making an ASCII file for each of the additional accounts "edauth
-g -dp"+edit and then importing it with "cat list.txt | edauth -s -dp".
-------------------------------------------
(FROM : Simon simon.millard_at_barclays.co.uk
Use NIS/YP. Set up the live box as a NIS master and the backup box as a
NIS Slave. This way the if the master is down, the slave can still
authenticate users.
-------------------------------------------
(FROM : Ann Majeske USG <Ann.Majeske_at_Compaq.com>
If you want to have both systems share the database there are
two different ways that I can think of. The Enhanced Security
extended user account database is held in /var/tcb/files/auth.db
and /tcb/files/auth.db on your local system.
1) Use NFS to export the /var/tcb/files directory to both
systems; use NIS or any other method to distribute the passwd
and group information. Using this method all accounts with
uid < 100 will still be local to each machine. It is necessary
that at least the root account be local so that you can log into
either system if the other is down or the network is down.
2) Use NIS to distribute the prpasswd map (the equivalent of
the auth.db files) as well as the passwd and group maps.
There should be some information on both of these methods in
the Security manual.
If you just want to copy the information once from Server A to
Server B I think you can just copy the /var/tcb/files/auth.db,
/tcb/files/auth.db, /etc/passwd, and /etc/group files to
Server B. In some version the database being used for the
auth.db files changed and this simple method won't work for
that version or following versions, but I think it will work
for V4.0E. If there is a file "/var/tcb/files/dblogs" just
copying the database files won't work. If you want to try
this you should make sure that you have backup copies of all
of the files on Server B first, just in case this doesn't work.
----------------------------------
Hisham Al Saad
Bahrain Telecommunications Company
Tel : +973-883973
Fax : +973-9103973
ahisham_at_batelco.com.bh
Received on Fri Oct 27 2000 - 09:32:44 NZDT