[Samba] Samba 4.1.7 CTDB winbind not syncing when connected to MS AD 2008R2 - WAS: Re: Samba 4.1.7 clustering not using private dir

Taylor, Jonn jonnt at taylortelephone.com
Mon Apr 28 06:26:07 MDT 2014 

This is the only thing that I see in the logs.

Apr 28 07:23:40 node1 winbindd[26142]: [2014/04/28 07:23:40.125831, 0] 
../source3/libsmb/cliconnect.c:1843(cli_session_setup_spnego_send)
Apr 28 07:23:40 node1 winbindd[26142]:   Kinit failed: Preauthentication 
failed

If I re-join the domain with net ads join it works again for awhile.

Jonn

On 04/28/2014 07:23 AM, Taylor, Jonn wrote:
> Update on my problem. I resetup my 2 node cluster per the samba wiki 
> for 4.x and CTDB. The only difference is that I am using DRBD and 
> GFS2. CTDB is not syncing the winbind databases between nodes. I had 
> to join each node before winbind would authenticate my users to AD. 
> This morning I found that one of the 2 nodes stopped authenticating 
> users again. It looks like CTDB is not syncing the samba/winbind 
> databases to keep the nodes in sync.
>
> How can I prove this out?
>
> Jonn
>
> On 04/25/2014 02:16 PM, Jonn Taylor wrote:
>> On 4/25/2014 11:56 AM, Rowland Penny wrote:
>>> On 25/04/14 16:46, Taylor, Jonn wrote:
>>>> I originally posted this on the dev list and opened a bug for this 
>>>> but was asked to post this to the users list.
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=10565
>>>>
>>>> Using sernet 4.1 packages. I am unable to get smbd to use private dir.
>>>> Set option in smb.conf and on command line.
>>>>
>>>> sernet-samba-libsmbclient0-4.1.7-7.el6.x86_64
>>>> sernet-samba-libs-4.1.7-7.el6.x86_64
>>>> sernet-samba-client-4.1.7-7.el6.x86_64
>>>> sernet-samba-4.1.7-7.el6.x86_64
>>>> sernet-samba-common-4.1.7-7.el6.x86_64
>>>> sernet-samba-winbind-4.1.7-7.el6.x86_64
>>>>
>>>> [global]
>>>>         workgroup = TAYLORTELEPHONE
>>>>         realm = TAYLORTELEPHONE.COM
>>>>         netbios name = SHR01
>>>>         server string = Cluster Share
>>>>         interfaces = eth0, lo
>>>>         security = ADS
>>>>         private dir = /clusterdata/private
>>>>         log file = /var/log/samba/log.samba
>>>>         server min protocol = NT1
>>>>         client signing = if_required
>>>>         server signing = if_required
>>>>         clustering = Yes
>>>>         printcap name = /etc/printcap
>>>>         wins server = 192.168.173.13, 192.168.173.14
>>>>         template shell = /bin/bash
>>>>         winbind enum users = Yes
>>>>         winbind enum groups = Yes
>>>>         winbind use default domain = Yes
>>>>         winbind refresh tickets = Yes
>>>>         winbind offline logon = Yes
>>>>         idmap config * : schema_mode = rfc2307
>>>>         idmap config TAYLORTELEPHONE:backend = rid
>>>>         idmap config TAYLORTELEPHONE:range = 500-4000000
>>>>         idmap config * : range = 1000-4000000
>>>>         idmap config * : backend = tdb2
>>>>         admin users = "@TAYLORTELEPHONE\Domain Admins"
>>>>         inherit acls = Yes
>>>>         map acl inherit = Yes
>>>>
>>>> # SAMBA_START_MODE defines how Samba should be started. Valid options
>>>> are one of
>>>> #   "none"    to not enable it at all,
>>>> #   "classic" to use the classic smbd/nmbd/winbind daemons
>>>> #   "ad"      to use the Active Directory server (which starts the 
>>>> smbd
>>>> on its own)
>>>> # (Be aware that you also need to enable the services/init scripts 
>>>> that
>>>> # automatically start up the desired daemons.)
>>>> SAMBA_START_MODE="classic"
>>>>
>>>> # SAMBA_RESTART_ON_UPDATE defines if the the services should be
>>>> restarted when
>>>> # the RPMs are updated. Setting this to "yes" effectively enables the
>>>> # functionality of the try-restart parameter of the init scripts.
>>>> SAMBA_RESTART_ON_UPDATE="yes"
>>>>
>>>> # NMBD_EXTRA_OPTS may contain extra options that are passed as 
>>>> additional
>>>> # arguments to the nmbd daemon
>>>> NMBD_EXTRA_OPTS=""
>>>>
>>>> # WINBINDD_EXTRA_OPTS may contain extra options that are passed as
>>>> additional
>>>> # arguments to the winbindd daemon
>>>> WINBINDD_EXTRA_OPTS=""
>>>>
>>>> # SMBD_EXTRA_OPTS may contain extra options that are passed as 
>>>> additional
>>>> # arguments to the smbd daemon
>>>> SMBD_EXTRA_OPTS="private-dir=/clusterdata/private"
>>> Hi,
>>>
>>> I think that this should be:
>>> SMBD_EXTRA_OPTS="--private-dir=/clusterdata/private"
>>>
>>> Rowland
>>>
>> What I was told is that the private dir is disabled when clustering = 
>> yes is set in samba 4.1. I started all over and tried the setup from 
>> the samba wiki. I still had to do a net ads join on both servers but 
>> it is working. The only thing I need to check is if CTDB is really 
>> replicating the databases for samba and winbind.
>>
>> Any know how to check this?
>>>>
>>>> # SAMBA_EXTRA_OPTS may contain extra options that are passed as 
>>>> additional
>>>> # arguments to the samba daemon
>>>> SAMBA_EXTRA_OPTS=""
>>>>
>>>> # SAMBA_IGNORE_NSUPDATE_G defines whether the samba daemon should 
>>>> be started
>>>> # when 'nsupdate -g' is not available. Setting this to "yes" would 
>>>> mean that
>>>> # samba will be started even without 'nsupdate -g'. This will lead 
>>>> to severe
>>>> # problems without a proper workaround!
>>>> SAMBA_IGNORE_NSUPDATE_G="no"
>>>>
>>>>
>>>>
>>>
>>
>

More information about the samba mailing list