[Samba] CTDB + Likewise-open : What servername when joining AD?

Michael Adam obnox at samba.org
Thu Dec 1 16:06:25 MST 2011 

Hi Nicolas,

Nicolas Ecarnot wrote:
> Le 01/12/2011 09:35, Michael Adam a écrit :
> >Hi Nicolas,
> 
> Hi Michael,
> 
> >Generally, when running samba in a CTDB cluster, the principle
> >idea is that all nodes appear as one CIFS server to the outside.
> >(in Samba/winbindd you have the same config on all nodes an
> >in particular set the "netbios name" parameter to the same value
> >on all nodes).
> 
> >In particular, the AD-connector needs to join
> >the cluster just _once_ with the netbios name given to all the
> >nodes.
> 
> This is this particular point that I have to precisely understand.
> Joining to a domain with likewise is done with domainjoin-cli.
> Joining to a domain with samba is done with net ads join.
> 
> I succesfully used both.
> But, in both cases, I never specified the server name. I guess this 
> value is retreived from the system and/or the samba setting.

Yes, it is the netbios name, which can be set in samba
configuration (smb.conf) via "netbios name = ...".
If it is not set explicitly, samba sets this implicitly to the
(dns) host name. In a ctdb cluster, this needs to be set explicitly
to the common name under which all the nodes should appear as one
samba server.

I don't know how to set the netbios name with likewiese.
And I likewise don't know wheter running likewise as part
of a samba+ctdb cluster is supported or possible at all.

> The net man page says :
> "[UPN] (ADS only) set the principalname attribute during the join. The 
> default format is host/netbiosname at REALM."
> so this may help me to register this computer into the domain, but under 
> the common virtual name.
> 
> How do you usually add a virtual netbios name to a domain? Do you use 
> the net ads join createupn method mentionned above ?

You don't add such a name to a domain. The client (member)
sets its own netbios name. And this is transferred in the UPN
as part of the join and used to store the machine account on the
server.

> I'm pretty sure this is the very last big issue I have to deal with.
> 
> >Winbindd uses the secrets.tdb to store the join
> >information so that in the clustered case, this automatically
> >transferred to all nodes when a node joins.
> >
> >I could assist you with winbindd instead of likewise-open
> >running on top of ctdb as the authenticaion / AD-connection
> >piece, but I am sorry to say, that I don't know whether this
> >is at all possible with likewise.
> 
> I have discovered some "intricacy/links/constraints" between the machine 
> password stored into samba tdb and the one stored into likewise registry 
> (and I've managed to cope with it).
> As this cluster is made of only TWO nodes, I hope I'll be able to 
> correct any similar issues that may rise.

Samba's tdb (with the machine password) is distributed in the
cluster by ctdb. Likewise does not use ctdb, so you need other
means to synchronize its databases contents in the cluster.
I don't know whether distributing databases would be enough,
maybe there would be more required IPC infrastructure for
likewise to be aware of the fact that it is run on multiple
nodes but as the same identity. This problem is the same,
no matter how many nodes you have (as long as it is more than one).
But this is frankly the wrong place to ask how to make likewise
clusterable. :-)

Cheers - Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20111202/c5627d50/attachment.pgp>

More information about the samba mailing list