Samba in an HA environment

[Nicolas Williams]

Thanks for the warning. Fortunately we do not use Samba servers as
domain master browsers. Additionally, we do not list 127.0.0.1 in 'bind
interfaces'. This means that SWAT doesn't work, of course, but it's so
easy to administer environment files and files that define shares, with
a single standard global config for all of our Samba servers, that not
having SWAT is no big deal.

As I have suggested before, SWAT should be modified to work with the
model we use where all relevant config info for each server is stored in
a simple environment file and a shares definition file. It's much easier
to programmatically deal with such a config system than it is to deal
with the general smb.conf format.

:)

Nico


On Tue, May 30, 2000 at 04:46:20PM +0200, Stephan Lauffer wrote:
> Hi all!
> 
> > HA partner). Each instance of nmbd/smbd should bind only to the IP
> > addresses of the virtual host they represent; see the 'interfaces' and
> > 'bind interfaces only' configuration parameters in smb.conf(5). This
> > means that you must be using the HA model whereby a one host takes over
> > a disabled host's IP addresses and services.
> By the way... there´s an uggly, little bug in nmbd_nameregister.c
> So it could be a very bad idea to use "bind interfaces = true" and "interfaces =..."
> 
> For example this bug will happen, if you´re using samba as dmb and if samba
> has to register his ip(s) on another wins-server.
> ---
> interfaces = aaa.bbb.ccc.ddd/netmask 127.0.0.1
> bind interfaces = true
> domain master = true
> wins server = eee.fff.ggg.hhh
> ---
> (The localhost is necessary to allow password changes on the samba server)
> 
> >From now on, the complete browsing in the domain sucks down... 
> ( 1st: Samba will be rejected to add his ips on the wins server, because nmbd
>        is trying to register localhost!!!!!
>   2nd: Samba will not become a dmb
>   3rd: all LMBs could not sync their list with the dmb
>   and so on...
> )
> 
> If someone is interested in more (and closer detailed) informations, just feel free to
> connect me via mail. I could offer some logfiles and for some hacker it
> would be possible to get an account on a testmachine in our network.
> 
> (sorry for the bad english - maybe it´s funny... ;) )
> 
> Liebe Gruesse, yours
> Stephan Lauffer
> 
> [ Paedagogische Hochschule Freiburg - Systemtechnik - Germany    ]
> [ Abteilung ZIK: <a href="http://www.ph-freiburg.de/zik">WWW</a> ]
> [ Tel.: 0761 - 682 459                    Mobil: 0172 - 7145 197 ]
> 
> 
--

..

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.