[Samba] Samba 4.1.7 CTDB winbind not syncing when connected to MS AD 2008R2 - WAS: Re: Samba 4.1.7 clustering not using private dir
Taylor, Jonn
jonnt at taylortelephone.com
Mon Apr 28 06:26:07 MDT 2014
This is the only thing that I see in the logs.
Apr 28 07:23:40 node1 winbindd[26142]: [2014/04/28 07:23:40.125831, 0]
../source3/libsmb/cliconnect.c:1843(cli_session_setup_spnego_send)
Apr 28 07:23:40 node1 winbindd[26142]: Kinit failed: Preauthentication
failed
If I re-join the domain with net ads join it works again for awhile.
Jonn
On 04/28/2014 07:23 AM, Taylor, Jonn wrote:
> Update on my problem. I resetup my 2 node cluster per the samba wiki
> for 4.x and CTDB. The only difference is that I am using DRBD and
> GFS2. CTDB is not syncing the winbind databases between nodes. I had
> to join each node before winbind would authenticate my users to AD.
> This morning I found that one of the 2 nodes stopped authenticating
> users again. It looks like CTDB is not syncing the samba/winbind
> databases to keep the nodes in sync.
>
> How can I prove this out?
>
> Jonn
>
> On 04/25/2014 02:16 PM, Jonn Taylor wrote:
>> On 4/25/2014 11:56 AM, Rowland Penny wrote:
>>> On 25/04/14 16:46, Taylor, Jonn wrote:
>>>> I originally posted this on the dev list and opened a bug for this
>>>> but was asked to post this to the users list.
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=10565
>>>>
>>>> Using sernet 4.1 packages. I am unable to get smbd to use private dir.
>>>> Set option in smb.conf and on command line.
>>>>
>>>> sernet-samba-libsmbclient0-4.1.7-7.el6.x86_64
>>>> sernet-samba-libs-4.1.7-7.el6.x86_64
>>>> sernet-samba-client-4.1.7-7.el6.x86_64
>>>> sernet-samba-4.1.7-7.el6.x86_64
>>>> sernet-samba-common-4.1.7-7.el6.x86_64
>>>> sernet-samba-winbind-4.1.7-7.el6.x86_64
>>>>
>>>> [global]
>>>> workgroup = TAYLORTELEPHONE
>>>> realm = TAYLORTELEPHONE.COM
>>>> netbios name = SHR01
>>>> server string = Cluster Share
>>>> interfaces = eth0, lo
>>>> security = ADS
>>>> private dir = /clusterdata/private
>>>> log file = /var/log/samba/log.samba
>>>> server min protocol = NT1
>>>> client signing = if_required
>>>> server signing = if_required
>>>> clustering = Yes
>>>> printcap name = /etc/printcap
>>>> wins server = 192.168.173.13, 192.168.173.14
>>>> template shell = /bin/bash
>>>> winbind enum users = Yes
>>>> winbind enum groups = Yes
>>>> winbind use default domain = Yes
>>>> winbind refresh tickets = Yes
>>>> winbind offline logon = Yes
>>>> idmap config * : schema_mode = rfc2307
>>>> idmap config TAYLORTELEPHONE:backend = rid
>>>> idmap config TAYLORTELEPHONE:range = 500-4000000
>>>> idmap config * : range = 1000-4000000
>>>> idmap config * : backend = tdb2
>>>> admin users = "@TAYLORTELEPHONE\Domain Admins"
>>>> inherit acls = Yes
>>>> map acl inherit = Yes
>>>>
>>>> # SAMBA_START_MODE defines how Samba should be started. Valid options
>>>> are one of
>>>> # "none" to not enable it at all,
>>>> # "classic" to use the classic smbd/nmbd/winbind daemons
>>>> # "ad" to use the Active Directory server (which starts the
>>>> smbd
>>>> on its own)
>>>> # (Be aware that you also need to enable the services/init scripts
>>>> that
>>>> # automatically start up the desired daemons.)
>>>> SAMBA_START_MODE="classic"
>>>>
>>>> # SAMBA_RESTART_ON_UPDATE defines if the the services should be
>>>> restarted when
>>>> # the RPMs are updated. Setting this to "yes" effectively enables the
>>>> # functionality of the try-restart parameter of the init scripts.
>>>> SAMBA_RESTART_ON_UPDATE="yes"
>>>>
>>>> # NMBD_EXTRA_OPTS may contain extra options that are passed as
>>>> additional
>>>> # arguments to the nmbd daemon
>>>> NMBD_EXTRA_OPTS=""
>>>>
>>>> # WINBINDD_EXTRA_OPTS may contain extra options that are passed as
>>>> additional
>>>> # arguments to the winbindd daemon
>>>> WINBINDD_EXTRA_OPTS=""
>>>>
>>>> # SMBD_EXTRA_OPTS may contain extra options that are passed as
>>>> additional
>>>> # arguments to the smbd daemon
>>>> SMBD_EXTRA_OPTS="private-dir=/clusterdata/private"
>>> Hi,
>>>
>>> I think that this should be:
>>> SMBD_EXTRA_OPTS="--private-dir=/clusterdata/private"
>>>
>>> Rowland
>>>
>> What I was told is that the private dir is disabled when clustering =
>> yes is set in samba 4.1. I started all over and tried the setup from
>> the samba wiki. I still had to do a net ads join on both servers but
>> it is working. The only thing I need to check is if CTDB is really
>> replicating the databases for samba and winbind.
>>
>> Any know how to check this?
>>>>
>>>> # SAMBA_EXTRA_OPTS may contain extra options that are passed as
>>>> additional
>>>> # arguments to the samba daemon
>>>> SAMBA_EXTRA_OPTS=""
>>>>
>>>> # SAMBA_IGNORE_NSUPDATE_G defines whether the samba daemon should
>>>> be started
>>>> # when 'nsupdate -g' is not available. Setting this to "yes" would
>>>> mean that
>>>> # samba will be started even without 'nsupdate -g'. This will lead
>>>> to severe
>>>> # problems without a proper workaround!
>>>> SAMBA_IGNORE_NSUPDATE_G="no"
>>>>
>>>>
>>>>
>>>
>>
>
More information about the samba
mailing list