[Samba] CTDB + Samba + Winbind + ActiveDirectory
tim clusters
tim.clusters at gmail.com
Thu Dec 25 22:51:19 GMT 2008
Hi All,
Are there any special CTDB/SMB configuration settings/dependencies to manage
Winbind across CTDB managed servers authenticating via Active
Directory(AD)? An example would be Samba's IDMAP backend for Winbind: RID
vs. AD or tag Winbind to a primary CTDB node and point other nodes to
authenticate from AD via proxy primary CTDB node?
/etc/sysconfig/ctdb on all nodes is as follows:
CTDB_RECOVERY_LOCK=/mnt/gpfs/CTDB/recovery.lck
CTDB_PUBLIC_INTERFACE=eth2
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_WINBIND=yes
CTDB_NODES=/etc/ctdb/nodes
I had asked this before, but I have a strange scenario where Windows node is
able to mount only from one of the CTDB-managed SMB servers. The NetBIOS
name is same on all the nodes and "net ads join" is issued only from one of
the CTDB nodes. Any guidance to resolve this would be greatly appreciated.
[global]
workgroup = TESTDOMAIN
realm = TESTDOMAIN.LOCAL
netbios name = CTDB-HEAD
security = ADS
auth methods = winbind, sam
password server = 172.16.4.10
passdb backend = tdbsam
log level = 10 winbind:10 auth:10 passdb:10
log file = /var/log/samba/log.%m
max log size = 10000
smb ports = 445
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
use mmap = No
clustering = Yes
dns proxy = No
idmap backend = tdb2
idmap uid = 10000000-20000000
idmap gid = 10000000-20000000
template homedir = /home/%D+%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
gpfs:sharemodes = no
fileid:mapping = fsname
idmap config TESTDOMAIN:range = 10777216-57554431
idmap config TESTDOMAIN:backend = rid
force unknown acl user = Yes
strict locking = Yes
vfs objects = gpfs, fileid
[global-share]
comment = Global SMB NameSpace
path = /mnt/gpfs/nfsexport
read only = No
inherit permissions = Yes
inherit acls = Yes
guest ok = Yes
Regards,
-Tim
More information about the samba
mailing list