ctdb and set-auth-user

tridge at samba.org tridge at samba.org
Mon Feb 11 04:27:57 GMT 2008 

Volker,

The problem with this one is that wbinfo.c calls secrets_store() which
calls fetch_locked without a ctdb context.

The solution we've used in other places is something like what is in
smbcontrol.c, smbc_event_context().

I wonder if we should fix this globally instead? Maybe move to a
global event context in 3-0-ctdb ?

For Samba4 the talloc_find_parent stuff works nicely for this, as we
tend to always pass contexts around. For 3-0-ctdb I think it will be
less intrusive just to declare a global event_context and initialise
it on demand. What do you think?

Cheers, Tridge


Charles Weber writes:
 > Hi everyone,
 > After viewing the Australian presentation, I thought I would try ctdb.
 > We have used samba for a long time, either rpc or ads domain member.
 > My new generation hardware, ie. blades and SAN is here so I have a short
 > window to experiment.
 > 
 > Centos 5.1 x86_64, 3 blades. RHEL cluster with gfs2 filesystem on SAN.
 > Nodes go in and out of the cluster fine. GFS2 gets mounted up just fine,
 > no errors that I see.
 > 
 > After starting ctdb on all nodes:
 > ping_pong works fine, ctdb works fine with exception of 11.route
 > script. 
 > For now I set the route manually. I probably missed something.
 > But I cannot get winbind functioning.
 > 
 > net ads join works just like normal. 
 > wbinfo --set-auth-user=dom\\username%pass gives me the error:
 > "error storing username"
 > We require the auth-user to access our AD servers.
 > 
 > Config details below, 
 > I hope you can tell me what I missed.
 > Thanks,
 > Chuck
 > 
 > 
 > 
 > I use a gfs2 fs \clapps on all nodes to store config/lock files that
 > should be the same for the cluster. I then link the files to the proper
 > location.
 > files done like this are 
 > /etc/samba
 > smb.conf
 > secrets.tdb
 > /etc
 > sysconfig/ctdb
 > ctdb/nodes
 > ctdb/public_addresses
 > ctdb/events.d/11.route
 > 
 > here are sanitized files:
 > /etc/sysconfig/ctdb 
 > CTDB_RECOVERY_LOCK="/clapps/var/lock/ctdb"
 >  CTDB_PUBLIC_INTERFACE=eth1
 >  CTDB_PUBLIC_NETWORK="A.B.C.0/22"
 >  CTDB_PUBLIC_GATEWAY="A.B.C.1"
 > CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
 >  CTDB_MANAGES_SAMBA=yes
 > CTDB_MANAGES_WINBIND=yes
 > ulimit -n 10000
 > CTDB_NODES=/etc/ctdb/nodes
 > CTDB_DBDIR=/var/ctdb
 > CTDB_DBDIR_PERSISTENT=/var/ctdb/persistent
 > CTDB_DEBUGLEVEL=2
 > 
 > nodes 
 > 172.0.1.230
 > 172.0.1.231
 > 172.0.1.232
 > 
 > public_addresses
 > A.B.C.23/22
 > A.B.C.24/22
 > A.B.C.25/22
 > 
 > 11.route copied from sample on web, made exec and linked to all node
 > events.d
 > #!/bin/sh
 > 
 > . /etc/ctdb/functions
 > loadconfig ctdb
 > 
 > cmd="$1"
 > shift
 > 
 > case $cmd in
 >     takeip)
 >          # we ignore errors from this, as the route might be up already
 > when we're grabbing
 >          # a 2nd IP on this interface
 >          /sbin/ip route add $CTDB_PUBLIC_NETWORK via
 > $CTDB_PUBLIC_GATEWAY dev $1 2> /dev/null
 >          ;;
 > esac
 > 
 > exit 0
 > 
 > ctdb status
 > Number of nodes:3
 > pnn:0 172.0.1.230      OK
 > pnn:1 172.0.1.231      OK (THIS NODE)
 > pnn:2 172.0.1.232      OK
 > Generation:2036250492
 > Size:3
 > hash:0 lmaster:0
 > hash:1 lmaster:1
 > hash:2 lmaster:2
 > Recovery mode:NORMAL (0)
 > Recovery master:0
 > 
 > smb.conf
 > [global]
 > realm = X.X
 > workgroup = X
 > netbios name = XFILER
 > server string = XFILER Cluster Samba Server
 > name resolve order = wins bcast
 > security = ADS
 > syslog = 1
 > log file = /var/log/samba/%m
 > log level = 3
 > max log size = 50
 > username map = /etc/samba/smbusers
 > local master = no
 > domain master = no
 > deadtime = 30
 > dns proxy = No
 > winbind use default domain = yes
 > winbind enum users = no
 > winbind enum groups = no
 > client signing = Yes
 > server signing = Yes
 > encrypt passwords = yes
 > password server = X.X.X.X,X.X.X.X,*
 > client ntlmv2 auth = yes
 > lanman auth = no
 > client lanman auth = no
 > idmap uid = 15000-80000
 > idmap gid = 15000-80000
 > template shell = /bin/bash
 > template homedir = /home/%U
 > clustering = yes
 > idmap backend = tdb2
 > private dir = /clapps/etc/clsamba
 > fileid:mapping = fsname
 > use mmap = no
 > #nt acl support = yes
 > #ea support = yes
 > interfaces = eth1
 > 
 > /var/log/log.ctdb looks fine, basically shows recovering and ip
 > addresses being passed around.
 > 
 > smbstatus runs OK but with error in the middle 
 > "Unable to get tcp info for CTDB_CONTROL_TCP_CLIENT"
 > 
 >

More information about the samba-technical mailing list