<div class="gmail_quote">On Fri, Jul 31, 2009 at 10:00 PM, David Christensen <<a href="mailto:David.Christensen@viveli.com">David.Christensen@viveli.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I successfully setup heartbeat and glusterfs (instead of DRBD) to provide an HA Samba configuration. I tested that fail over worked fine all the existing computers were able to get to their shares and re authenticate users. However I discovered that I was not able to join computers to the domain after the configuration was setup. The netbios name was changed to accommodate the new heartbeat VIP and the new VIP is the only address I have samba bound to. When I go to add the computer to the domain, type to the domain in and hit enter, I am presented with a login dialog box. When I enter the admin and password and hit enter, after a few seconds I get the warning that a controller for the domain could not be foumd. </blockquote><div> So samba is the PDC, if not clear to me from the mail. If this is the case the netbios name of the samba - or windows prewindows 2000 - domain PDC is domainname#1B The samba - or windows prewindos 200 - domain DC - so also the BC - is domain#1C (e.g. the domain master browser in windows term ) Now, how your samba PDC/BDC registrar their name ? If you use wins in smb.conf - let me call the wins server with the ip address x.y.z.w - try to lookup the domain name nmblookup -R -U x.y.z.w domainame#1C (e similar for #1B) If not - your PDC is into the same broadcast address (e.g subnet) of your client - nmblookup domainname#1B (#1C also) In reality the client was finding domainname#1C for update the machine account onto the PDC. If the one of the preceding command fail well it is only a wins or other namespace registration problem : not a local samba problem. Or, perhaps you have not tell in more depth the different configuration on samba you have done, so it is possible i am wrong. Regard </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> I suspect that there is some caching going on and (maybe) winbind is using the old info for the PDC and not the new? Are there any caches I could clear that may fix this? Am I on the right track or is there somethign else I should be looking at? When I compare the ldap access logs with and without heartbeat, there is a difference in the query. As I previously mentioned, without heartbeat, adding is successful, with heartbeat it is not. I found that the search base is different: With heartbeat - SRCH base="cn=groups,cn=accounts,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" W/heartbeat - SRCH base="sambaDomainName=exampleHQ,sambaDomainName=exampleHQ,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=exampleHQ))" attrs=ALL When I compared the logs when executing pdbedit -Lv with both setups, the queries are the same. Why would samba do a different query to the same instance of ldap when configured with heartbeat and without heartbeat? The address that samba is binding to/from for access to ldap is not the VIP provided by heartbeat. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a> iEYEARECAAYFAkpzTW4ACgkQ5B+8XEnAvqub1ACdGFBhVRaePH0fuTD0mORGIMgB V48AnR0znBY9KD3nhYYdPtR2dQXUWxBO =jrTm -----END PGP SIGNATURE----- -- 389 users mailing list <a href="mailto:389-users@redhat.com">389-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a> </blockquote></div>