Samba in a high availablity enviroment

Alberto Patino jalbertop at
Tue Mar 30 20:29:20 GMT 2004

On Mon, 2004-03-29 at 07:17, Per Kofod wrote:
> Hi Xperts
> We are running a samba server in a High availability environment,
> where we have a primary server, and a backup server, normally 
> only the primary server normally runs the SMBD and NMBD daemons,
> and the backup server is just monitoring the primary server ready 
> to take over in case the primary server, or its applications goes
> down. Both servers share the same raid system, so the backup server
> can take over any files from the primary in case of a fail over.
> The backup server also takes over the samba configuration files.
FYI we are running samba 3.0.0 on a Solaris Sun cluster but no failover.
We implement a very simple HA agent for SAMBA and basically this shell
was run by the faiover node, inside was a sentence to rejoin the samba
node to the AD domain. Same problem that you. This is because
secrets.tdb  hold the kerberos key for the samba server. We avoid the
manual rejoin just using a permanent keytab file with the Administrator
key inside of it.
> The problem is that when failing over, or falling back, the samba
> server needs to rejoin the domain controlled by an W2K AD server.
> Yes you are rght. But I think this in not enough to provide failover in the cluster.
Try to failover a open session from the fail node but be certain that
you have a document  that you extensively modified. You will get error
messages in
the application side. 
> They want to avoid having to rejoin ( as this is a manually process ),
> and I was wondering where the needed membership information is kept,
> and if it would be possibly to avoid having to rejoin if this file
> was shared between the two servers. ( the daemons are never run on both
> nodes at the same time).
It would be very interesting to analyze the scope of Samba 3.0 in a HA environment.

> My guess is that this information is kept in one of the files under
> $SAMBA/var/locks directory; but which one, and can the other node take 
> over this file without any complications?
> If needed, it is possibly to also fail over the MAC address.
> Thanks Per

More information about the samba-technical mailing list