星期二, 8月 26, 2008

利用cygwin 同步 Windows and Linux 伺服器

因為 Windows 還有 Linux的伺服器比較多台
在沒有網域及NIS的狀況底下要同步帳號及密碼
又不想用LDAP

所以就在Window Server上面裝了 cygwin 來執行 Linux的SSH

********************************************************************
在Windows 伺服器上面 ( 要被同步的client)
http://www.cygwin.com/setup.exe
安裝 cygwin

選取從網路安裝, 安裝來源可以選 台大 ( ftp://ftp.ntu.edu.tw)
選取套件
  • Openssh --> 從Net套件安裝
  • diffutils --> 從Utils套件安裝
安裝完畢之後點選桌面上的cygwin 捷徑進入cygwin
輸入
$chmod +r /etc/passwd
$chmod +r /etc/group
$chmod 777 /var
$ssh-host-config

詢問要建立私有權限帳號就答應他吧 ^^

設定好之後, 使用指令啟動 sshd
$net start sshd

接下來要建立個人家目錄內的 .ssh 目錄來存放金鑰
$ssh 127.0.0.1

未必要完成連線, 有這個動作就可以建立 ~/.ssh 目錄了

*******************************************************************

在Linux 伺服器上面
要建立個人家目錄內的 .ssh 目錄來存放金鑰
#ssh 127.0.0.1
未必要完成連線, 有這個動作就可以建立 ~/.ssh 目錄了

#ssh-keygen -d
連續按三下 Enter 鍵建立 DSA的金鑰

#scp ~/.ssh/id_dsa.pub administrator@Windows伺服器的IP:~/.ssh/authorized_keys

這樣以後連線就不需要密碼直接以Key 驗證

建立一個工作資料夾在 /root/lab
#mkdir /root/lab

將Windows Server 的IP 寫在 /root/lab/winserver
內容範例如下
192.168.3.131
192.168.3.134

將Linux Server 的IP 寫在 /root/lab/linuxserver
內容範例如下
192.168.3.136



編寫一個同步的 shell script
#vi syncaccount.sh
#!/bin/bash
# define windows server's ip
echo "****************************************************"
for i in $( cat /root/lab/winserver )
do
echo "Windows server's IP is $i"
done
for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q"
done
echo "****************************************************"

echo "Please select your task"
echo "1)to add user account please input --------> useradd"
echo "2)to delete user account please input -----> userdel"
echo "3)to change user's password please input --> passwd"
echo "4)to quit this script please input --------> quit"
echo "please input your choice"

#read the root's task from read
read task

case "$task" in
useradd)
echo "****************************************************"
echo "exec add a user account"
echo "please input user's name"
echo "****************************************************"
read useraddname
echo "****************************************************"
echo "we will add user $useraddname"

for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, add user $useraddname"
ssh administrator@$i "net user $useraddname /add"
done


for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, add user $useraddname"
ssh $q "useradd -m $useraddname"
done
;;
userdel)
echo "****************************************************"
echo "exec del a user account"
echo "please input user's name"
echo "****************************************************"
read userdelname
echo "****************************************************"
echo "we will delete user $userdelname"

for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, del user $userdelname"
ssh administrator@$i "net user $userdelname /delete"
done


for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, del user $userdelname"
ssh $q "userdel -r $userdelname"
done
;;
passwd)
echo "****************************************************"
echo "exec change user's password"
echo "please input user's name"
echo "****************************************************"
read userpasswdname
echo "****************************************************"
echo "please input user's password"
echo "****************************************************"
read userpasswd
echo "we will set user $userpasswdname password"

for i in $( cat /root/lab/winserver )
do
echo "windows server is $i, change user $userpasswdname password"
ssh administrator@$i "net user $userpasswdname $userpasswd"
done


for q in $( cat /root/lab/linuxserver )
do
echo "Linux server's IP is $q, change user $userpasswdname password"
ssh $q "echo $userpasswd |passwd --stdin $userpasswdname"
done
;;
quit)
exit
;;
*)
echo "you type the wrong word"
esac


執行shell script
#sh syncaccount.sh

enjoy it~~~~

沒有留言: