[DRBD-user] Synching users, /etc/passwd /etc/shadow

Todd Denniston Todd.Denniston at ssa.crane.navy.mil
Tue Jan 27 19:34:09 CET 2004

"Boulytchev, Vasiliy" wrote:
> OK, will absolutely go this route.  Anything against running two NIS
> servers on the two redundant servers?  Kinda aiming to a contained
> environment.

As I understand NIS, you can only have one 'Master' server, but you can have
many slave servers. While the Master is down the slaves can operate on the
cached info, but you can't update the info on the slaves till the master comes
Also as I have recently found out, the 'Real' name[2][3] of the host seems to
be used in the communications between master and slave[5], so it may be
difficult to setup one of your drbd backed servers as a master and switch over
to the other one (as the master) in case of failure.

If anyone has information on making the above statement false, I would very
much like to hear it, as until I had the difficulty, we were planning on
moving our nis server to the drbd machine(s). If I knew how to get around the
'Real' name problem we could probably use the information in the last
paragraph of how to set up the "ypserv" NIS server[4], to setup the
information files on a drbd controlled device.

[1] Again, As I understand NIS, which is just barely.
[2] on Red Hat:
 find /etc/sysconfig/ -type f | xargs grep HOSTNAME 

other systems are probably:
find /etc/ -type f | xargs grep $HOSTNAME 

[3] as opposed to the name of the IP that the machine takes over on fall over.

[4] http://www.linux.org/docs/ldp/howto/NIS-HOWTO/ypserv.html#AEN400
"Alternatively, you could edit the /var/yp/Makefile file and set NIS to use
another source password file. On large systems the NIS password and group
files are usually stored in /etc/yp/. If you do this the normal tools to
administrate the password file such as passwd, chfn, adduser will not work
anymore and you need special homemade tools for this.
However, yppasswd, ypchsh and ypchfn will work of course."

[5] someone had changed the 'Real' name of our fileserver&NIS server to the
generic DNS name used for the fileserver, and when I changed it back to the
'Real' name it was supposed to have (so we could migrate the fileserver name
to the drbd machines) and did a yppush the slaves revolted and trashed their
caches.  After thrashing for a while I figured out I had to cause the ypserver
to update ALL of the db's for everything it serves (thus change the name in
each of those to the new one), and then do a new `ypinit -s Real_name` on the

I suppose one workaround then, might be that when you have to switch to the
other drbd machine have either a heartbeat or manual job that causes the
update of ALL db's to happen on the 'new' yp master and then causes the slaves
to do a `ypinit -s drbd_slave_name`.

> Vasiliy Boulytchev
> Colorado Information Technologies, Inc.
> http://www.coinfotech.com
> -----Original Message-----
> From: Benjamin Diaz [mailto:bdiaz at aullox.com]
> Sent: Friday, January 23, 2004 5:09 PM
> To: Boulytchev, Vasiliy
> Subject: Re: [DRBD-user] Synching users, /etc/passwd /etc/shadow
> Boulytchev, Vasiliy wrote:
> > Ladies and Gents,
> >   Can anyone point me in the right direction.  I wish to synch my
> > users between the nodes.
> >
> YP/NIS/NIS+ is the service you're looking for. Most distros include a
> yp{server|client|tools} package. There's a howto in
> http://www.linux.org/docs/ldp/howto/NIS-HOWTO/index.html

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter

More information about the drbd-user mailing list