在沒有網域及NIS的狀況底下要同步帳號及密碼
又不想用LDAP
所以就在Window Server上面裝了 cygwin 來執行 Linux的SSH
********************************************************************
在Windows 伺服器上面 ( 要被同步的client)
http://www.cygwin.com/setup.exe
安裝 cygwin
選取從網路安裝, 安裝來源可以選 台大 ( ftp://ftp.ntu.edu.tw)
選取套件
- Openssh --> 從Net套件安裝
- diffutils --> 從Utils套件安裝
輸入
$chmod +r /etc/passwd
$chmod +r /etc/group
$chmod 777 /var
$ssh-host-config
詢問要建立私有權限帳號就答應他吧 ^^
設定好之後, 使用指令啟動 sshd
$net start sshd
接下來要建立個人家目錄內的 .ssh 目錄來存放金鑰
$ssh 127.0.0.1
未必要完成連線, 有這個動作就可以建立 ~/.ssh 目錄了
*******************************************************************
在Linux 伺服器上面
要建立個人家目錄內的 .ssh 目錄來存放金鑰
#ssh 127.0.0.1
未必要完成連線, 有這個動作就可以建立 ~/.ssh 目錄了
#ssh-keygen -d
連續按三下 Enter 鍵建立 DSA的金鑰
#scp ~/.ssh/id_dsa.pub administrator@Windows伺服器的IP:~/.ssh/authorized_keys
這樣以後連線就不需要密碼直接以Key 驗證
建立一個工作資料夾在 /root/lab
#mkdir /root/lab
將Windows Server 的IP 寫在 /root/lab/winserver
內容範例如下
192.168.3.131
192.168.3.134
將Linux Server 的IP 寫在 /root/lab/linuxserver
內容範例如下
192.168.3.136
編寫一個同步的 shell script
#vi syncaccount.sh
#!/bin/bash
# define windows server's ip
echo "****************************************************"
for i in $( cat /root/lab/winserver )
do
echo "Windows server's IP is $i"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q"
done
echo "****************************************************"
echo "Please select your task"
echo "1)to add user account please input --------> useradd"
echo "2)to delete user account please input -----> userdel"
echo "3)to change user's password please input --> passwd"
echo "4)to quit this script please input --------> quit"
echo "please input your choice"
#read the root's task from read
read task
case "$task" in
useradd)
echo "****************************************************"
echo "exec add a user account"
echo "please input user's name"
echo "****************************************************"
read useraddname
echo "****************************************************"
echo "we will add user $useraddname"
for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, add user $useraddname"
ssh administrator@$i "net user $useraddname /add"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, add user $useraddname"
ssh $q "useradd -m $useraddname"
done
;;
userdel)
echo "****************************************************"
echo "exec del a user account"
echo "please input user's name"
echo "****************************************************"
read userdelname
echo "****************************************************"
echo "we will delete user $userdelname"
for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, del user $userdelname"
ssh administrator@$i "net user $userdelname /delete"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, del user $userdelname"
ssh $q "userdel -r $userdelname"
done
;;
passwd)
echo "****************************************************"
echo "exec change user's password"
echo "please input user's name"
echo "****************************************************"
read userpasswdname
echo "****************************************************"
echo "please input user's password"
echo "****************************************************"
read userpasswd
echo "we will set user $userpasswdname password"
for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, change user $userpasswdname password"
ssh administrator@$i "net user $userpasswdname $userpasswd"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, change user $userpasswdname password"
ssh $q "echo $userpasswd |passwd --stdin $userpasswdname"
done
;;
quit)
exit
;;
*)
echo "you type the wrong word"
esac
執行shell script
#sh syncaccount.sh
enjoy it~~~~
do
echo "Windows server's IP is $i"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q"
done
echo "*****************************
echo "Please select your task"
echo "1)to add user account please input --------> useradd"
echo "2)to delete user account please input -----> userdel"
echo "3)to change user's password please input --> passwd"
echo "4)to quit this script please input --------> quit"
echo "please input your choice"
#read the root's task from read
read task
case "$task" in
useradd)
echo "*****************************
echo "exec add a user account"
echo "please input user's name"
echo "*****************************
read useraddname
echo "*****************************
echo "we will add user $useraddname"
for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, add user $useraddname"
ssh administrator@$i "net user $useraddname /add"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, add user $useraddname"
ssh $q "useradd -m $useraddname"
done
;;
userdel)
echo "*****************************
echo "exec del a user account"
echo "please input user's name"
echo "*****************************
read userdelname
echo "*****************************
echo "we will delete user $userdelname"
for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, del user $userdelname"
ssh administrator@$i "net user $userdelname /delete"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, del user $userdelname"
ssh $q "userdel -r $userdelname"
done
;;
passwd)
echo "*****************************
echo "exec change user's password"
echo "please input user's name"
echo "*****************************
read userpasswdname
echo "*****************************
echo "please input user's password"
echo "*****************************
read userpasswd
echo "we will set user $userpasswdname password"
for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, change user $userpasswdname password"
ssh administrator@$i "net user $userpasswdname $userpasswd"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, change user $userpasswdname password"
ssh $q "echo $userpasswd |passwd --stdin $userpasswdname"
done
;;
quit)
exit
;;
*)
echo "you type the wrong word"
esac
執行shell script
#sh syncaccount.sh
enjoy it~~~~