[Linux-cluster] samba with ad support as cluster service

Daniel Stanek dan at orb.cz
Sun Nov 12 19:27:02 UTC 2006 

Hi friends,

is anybody here succesfuly running Samba with Active Directory
authorisation as an failover service over several cluster nodes?

I'd tried to run samba over two nodes with following configuration (part
of):

> [global]
>         workgroup = TEST-LAB
>         netbios name = MACHINE
>         server string = MACHINE
>         realm = TEST-LAB.CZ
>         socket address = 10.6.7.51
>         bind interfaces only = yes
>         interfaces = 10.6.7.51
>         security = ads
>         encrypt passwords = Yes
>         password server = *
>         syslog = 0
>         log file = /var/log/samba/%m.log
>         max log size = 2000
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         load printers = No
>         show add printer wizard = No
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         wins server = dc1.test-lab.cz
>         printing = lprng
>         log level = 2
>         ldap ssl = no
>         restrict anonymous = Yes
>         lanman auth = No
>         ntlm auth = No
>         client ntlmv2 auth = Yes
>         client lanman auth = No
>         client plaintext auth = No
>         idmap uid = 10000-19999
>         idmap gid = 20000-29999
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind separator = +
>         max disk size = 10000
>         template shell = /bin/false
>         winbind use default domain = no

and the idea behind start (and stop) is something like:

1) assign virtual ip (10.6.7.51)
2) mount shared gfs storage for data
3) mount shared gfs storage for /etc/samba and /var/cache/samba
3) switch system authorisation to winbind
3) start samba and winbind


This is working good until first switch to other node. After that AD
authorisation stops working and something like "could'nt verify kerberos
ticket" appears in logs. This may be something behind kerberos libs,
different hostnames etc. I think (??) I am using Centos4.4 and actual
cluster suite from centos.

Could anybody kick me to solve this? :)

BTW: what is the current status of support SMB on top of GFS - the faq
says, smb is not supported now?

Thanks
Dan

More information about the Linux-cluster mailing list