[389-users] Samba integration with FDS and Heartbeat for HA Samba

Sun Aug 2 14:09:10 UTC 2009

On Fri, Jul 31, 2009 at 10:00 PM, David Christensen <
David.Christensen at viveli.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I successfully setup heartbeat and glusterfs (instead of DRBD) to
> provide an HA Samba configuration.  I tested that fail over worked fine
> all the existing computers were able to get to their shares and re
> authenticate users.
>
> However I discovered that I was not able to join computers to the domain
> after the configuration was setup.  The netbios name was changed to
> accommodate the new heartbeat VIP and the new VIP is the only address I
> have samba bound to.
>
> When I go to add the computer to the domain, type to the domain in and
> hit enter, I am presented with a login dialog box.  When I enter the
> admin and password and hit enter, after a few seconds I get the warning
> that a controller for the domain could not be foumd.
>

So samba is the PDC, if not clear to me from the mail. If this is the case
the netbios name
of the samba - or windows prewindows 2000  - domain PDC is

domainname#1B

The samba - or windows prewindos 200 - domain DC - so also the BC - is

domain#1C

(e.g. the domain master browser in windows term )

Now, how your samba PDC/BDC registrar  their name ? If you use wins in
smb.conf - let me call the wins server with the ip address x.y.z.w - try to
lookup the domain name

nmblookup  -R -U x.y.z.w domainame#1C (e similar for #1B)

If  not - your PDC is into the same broadcast address (e.g subnet) of your
client -

nmblookup domainname#1B  (#1C also)

In reality the client was finding domainname#1C for update the machine
account onto the PDC. If the one of the preceding command fail well it is
only a wins or other namespace registration problem : not a local samba
problem. Or, perhaps you have not tell in more depth the different
configuration on samba you have done, so it is possible i am wrong.

Regard

> I suspect that there is some caching going on and (maybe) winbind is
> using the old info for the PDC and not the new?
>
> Are there any caches I could clear that may fix this?  Am I on the right
> track or is there somethign else I should be looking at?
>
> When I compare the ldap access logs with and without heartbeat, there is
> a difference in the query.  As I previously mentioned, without
> heartbeat, adding is successful, with heartbeat it is not.  I found that
> the search base is different:
>
> With heartbeat - SRCH base="cn=groups,cn=accounts,dc=example,dc=com"
> scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))"
> attrs="gidNumber sambaSID sambaGroupType sambaSIDList description
> displayName cn objectClass"
>
> W/heartbeat - SRCH
>
> base="sambaDomainName=exampleHQ,sambaDomainName=exampleHQ,dc=example,dc=com"
> scope=2
>
> filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=exampleHQ))"
> attrs=ALL
>
> When I compared the logs when executing pdbedit -Lv with both setups,
> the queries are the same.
>
> Why would samba do a different query to the same instance of ldap when
> configured with heartbeat and without heartbeat?
>
> The address that samba is binding to/from for access to ldap is not the
> VIP provided by heartbeat.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpzTW4ACgkQ5B+8XEnAvqub1ACdGFBhVRaePH0fuTD0mORGIMgB
> V48AnR0znBY9KD3nhYYdPtR2dQXUWxBO
> =jrTm
> -----END PGP SIGNATURE-----
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090802/9200c95a/attachment.htm>