Koozali.org: home of the SME Server

sync user & group

Offline darmasanthi

  • ***
  • 139
  • +0/-0
sync user & group
« on: February 11, 2008, 09:17:57 AM »
Dear Forums,

We has 2 SME 7.3 server, all work greatly
but now i need contribs which is can sync the user & group betwen 2 SME Server,
it mean when we have to create a user or group on one server it will be sync to other server,
shortly the user & group will automatically created on the other server.

regards,
darmasanthi


Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: sync user & group
« Reply #1 on: February 11, 2008, 11:14:13 AM »
Dear Forums,

We has 2 SME 7.3 server, all work greatly
but now i need contribs which is can sync the user & group betwen 2 SME Server,
it mean when we have to create a user or group on one server it will be sync to other server,
shortly the user & group will automatically created on the other server.
Do you really need it like that? Most of the times there are other solutions, please describe your problem more extensive as a lot of people seem to have creative options you might not have thought about, it might not even be necessary to sync, but perhaps the Affa contrib might be useful for your purposes.

If you have two servers on different locations you might consider setting up a VPN connection between both locations so you might effectively only need one server holding all the user information...
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline darmasanthi

  • ***
  • 139
  • +0/-0
Re: sync user & group
« Reply #2 on: February 11, 2008, 12:00:06 PM »
Do you really need it like that? Most of the times there are other solutions, please describe your problem more extensive as a lot of people seem to have creative options you might not have thought about, it might not even be necessary to sync, but perhaps the Affa contrib might be useful for your purposes.

If you have two servers on different locations you might consider setting up a VPN connection between both locations so you might effectively only need one server holding all the user information...

Hi Cactus,
thank you for your reply,
yes we need this cron ..
we already have a VPN, and it's all running OK.
cause one SME server act as file sharing only, and the other once as Domain Controler

regards,
darmasanthi
« Last Edit: February 11, 2008, 12:04:06 PM by darmasanthi »

Offline PapaQube

  • 9
  • +0/-0
Re: sync user & group
« Reply #3 on: March 24, 2008, 12:39:04 PM »
Hi darmasanthi

Just wondered if you got anywhere with syncing user and groups. I am looking for a similar solution, but can't seem to locate a striaght forward solution - unless I have missed something?

Thx

Offline raem

  • *
  • 3,972
  • +4/-0
Re: sync user & group
« Reply #4 on: March 24, 2008, 06:33:57 PM »
darmasanthi & PapaQube

Answered previously here
http://forums.contribs.org/index.php?topic=40148.0

This has been asked for many times over the years, but there is no implementation specific to the current version of sme server.
There was a fairly well developed version created for sme5.1 by RequestedDeletion (RequestedDeletion), search for high availability or heartbeat or DRBD in these forums, but it probably needs some work to bring it up to date. Xen has also been mentioned.

See (wait for mirrors to sync)
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/High%20Availability%20How-To%20for%20Linux%20Mitel%20SME%20v5.htm

The most promising is the The High Availability Linux Project, which is basically what you want, but it would need to be sorted out for the sme server.

http://www.linux-ha.org/

Also see this
http://www.howtoforge.com/high_availability_heartbeat_centos


Another thread also refers to the basics being included in CentOS5 which sme8 will be based on, so it may be a far easier implementation when sme8 arrives.

http://forums.contribs.org/index.php?topic=38430.0


If you really want it and are prepared to pay, Charlie Brady mentioned the basics of how to do it the sme way long ago either in these forums or the devinfo list. One of the main issues was developing code that extracted all user/account information from the various databases & files it was contained in. You could sponsor him to develop it for you and then the community will also benefit. Many features of sme have come about because of direct development sponsorship by companies/individuals.

« Last Edit: March 24, 2008, 06:37:43 PM by RayMitchell »
...

Offline thomasch

  • *
  • 232
  • +0/-0
Re: sync user & group
« Reply #5 on: March 25, 2008, 05:27:11 AM »
cause one SME server act as file sharing only, and the other once as Domain Controler

Set up a NAS capable to sync to SME domain controller.
Openfiler Linux will do the job

Offline PapaQube

  • 9
  • +0/-0
Re: sync user & group
« Reply #6 on: March 25, 2008, 09:31:31 PM »
Thanks for your help Guys

Still evaluating SME, and the possibilties of it benefits for home use. Brand new to linux, so getting use to all the different components to be honest - each one takes you on a journey around the world.

I have traditionally always had a seperate server for the external world, and one for the internal world. I have seen many posts reassuringly promoting the security of everything in one box, but to be honest this is still a hard pill to swallow. Therefore not sure not sure High Availability is what I want.

I will agree though that there are other solutions to achieve what I want, other password, user and group sync. I will keep scoring the forums for alternatives, still yet to try some stuff around samba.

Thanks again - A lazy windoze'r.

Offline raem

  • *
  • 3,972
  • +4/-0
Re: sync user & group
« Reply #7 on: March 25, 2008, 09:51:23 PM »
PapaQube

Quote
Still evaluating SME, and the possibilties of it benefits for home use.
I have traditionally always had a seperate server for the external world, and one for the internal world. I have seen many posts reassuringly promoting the security of everything in one box, but to be honest this is still a hard pill to swallow. Therefore not sure not sure High Availability is what I want.

Not sure what you are asking here. I think you are confusing the purpose of High Availability.

I have used sme servers for 8 years in server gateway mode without separate firewalls etc, and they have performed admirably. There was only one incident with a buggy web application that was installed & got hacked, but thousands of others got hacked due to the same set of bugs in a well known php app.

The issue is not the security of sme server as it is inherently very secure by default.
The issue is really the security of web applications you install, and unwise or inadvertant changes you make that could affect security. A separate firewall does not stop hackers gaining access via buggy web apps on the server.

sme server will be more than you need for a home server, and will be quite OK to use as a "one box does all" solution. There are thousands of them out there doing exactly that.

High Availability is really a way to allow another LIVE server to automatically take over in the event your main server fails, generally due to hardware failure etc, without interruption to any services.

If you want a reliable home server then install two drives in RAID1 array and ensure you have good backup in place eg using the Affa contrib (which will allow you to quickly bring up a replacement system in 10-20 minutes), or use the built in backup with dar (under test) or the Dar2 contrib.

...

Offline PapaQube

  • 9
  • +0/-0
Re: sync user & group
« Reply #8 on: March 27, 2008, 01:23:43 PM »
Hi Ray

Many thanks for your support, i have found it most valuable through out the forum.

Quote
Not sure what you are asking here. I think you are confusing the purpose of High Availability.

Just sharing my unease about having my server with all my personal content exposed to the external world, and this is something I have traditionally avoided. Therefore my need/want to have 2 servers with Sync users and password was more about security than performance.

I guess my experience of running a W2k server in the past has tarnished my understanding of a secure environment.

I have opt'd for the one box solution as you have advised, so I can now look at exploring other benefits SME has to offer.

Thanks again.

Offline raem

  • *
  • 3,972
  • +4/-0
Re: sync user & group
« Reply #9 on: March 27, 2008, 08:26:07 PM »
PapaQube

Quote
I have opt'd for the one box solution as you have advised, so I can now look at exploring other benefits SME has to offer.

Keep in mind not to install everything you see out there just for the fun of it. Every change you make from the default configuration, adds a perceivably small security risk, and in some cases quite a large security risk. These are application issues not sme server issues. Also make internal changes to your server wisely eg use Public/Private keys for ssh access rather than password access. Use strong passwords ie do not reduce the passwordstrength on your server, and similar concepts. Don't make changes if you don't really understand the implications of those changes.
If you don't really really need it (an app or contrib), then don't install it, and only choose to install well known and well supported apps, and keep them up to date as security fixes are released. Add yourself to mainstream app mailing lists to keep aware of new updates and security fix releases etc.

Are you using server & gateway mode with a bridged modem, or server only with a router ?
« Last Edit: March 27, 2008, 10:43:14 PM by RayMitchell »
...

Offline PapaQube

  • 9
  • +0/-0
Re: sync user & group
« Reply #10 on: March 27, 2008, 10:10:08 PM »
Thanks Ray. Wise words, I will take note.

Server only mode - I am behind a firewall with ports 25, 80 & 443 open at the moment.