Reg : Samba / CTDB

Krishnanand krishnanand.gouri at precisionit.co.in
Wed Mar 9 22:26:18 MST 2011


Hi,

As per your request, I am attaching the configuration files, please do the
need to me.

On Tue, 08 Mar 2011 10:27:05 -0600, "Christopher R. Hertel"
<crh at samba.org>
wrote:
> Krishnanand,
> 
> I assume (since I saw your post on the Linux-Cluster list) that you are
> running on top of GFS2.  Is that correct?
> 
> Chris -)-----
> 
> Brian McGrew wrote:
>> On 3/7/11 9:38 PM, "Krishnanand" <krishnanand.gouri at precisionit.co.in>
>> wrote:
>>> I have configured 2-Node cluster. Users will access the servers using
>>> the
>>> public IP's. Now I am facing problem server1-IP - 192.168.129.10 and
>>> server2-IP - 192.168.129.11. where as ctdb IP's are 192.168.129.14 &
15
>>> when ever I stop ctdb service in server1 then the users are not able
to
>>> access the shared drives even if the IP's are switch over to server2.
>>> But if at all i stop the ctdb service in server2 then the users are
able
>>> to access the share as usually.
>>>
>>> Please help me in this issue, what needs to modify.
>> 
>> Krishnanand,
>> 
>> Can you post your smb.conf and ctdb.conf files please?
>> 
>> -b
>> 
> 
> -- 
> "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
> Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
> jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development,
uninq.
> ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

-- 
Thnaks & Regards,
Krishnanand Gouri 
+919676333406
krishnanand.gouri at precisionit.co.in
-------------- next part --------------
CTDB_RECOVERY_LOCK="/ctdb/recoverylock"
CTDB_PUBLIC_INTERFACE=bond0
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_WINBIND=yes
CTDB_INIT_STYLE=redhat
CTDB_SERVICE_NMB=nmb
CTDB_SERVICE_SMB=smb
CTDB_NODES=/etc/ctdb/nodes
CTDB_EVENT_SCRIPT_DIR=/etc/ctdb/events.d
CTDB_DEBUGLEVEL=ERR
-------------- next part --------------
[global]
 unix charset = LOCALE
 workgroup = msdpl.com
# netbios name = filesrv1
 server string = Cluster File Server 1
 passdb backend = ldapsam:ldap://192.168.129.10
# clustering = yes
 cluster addresses = 192.168.129.14 192.168.129.15
 log level = 0
 syslog = 0
 max log size = 0
 smb ports = 445 139 
 security = domain
 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 
 deadtime = 15
 kernel oplocks = no
 name resolve order = wins bcasts hosts
# wins server = 192.168.129.20
 dns proxy = no
 load printers = no
 show add printer wizard = no
 printcap name = /dev/null
 disable spoolss = yes
 ldap suffix = dc=msdpl,dc=com
 ldap machine suffix = ou=Computers
 ldap user suffix = ou=People
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
 ldap admin dn = cn=manager,dc=msdpl,dc=com
 idmap backend = ldap:ldap://192.168.129.10
 idmap uid = 10000-20000
 idmap gid = 10000-20000
 ldap ssl = no
 ldap timeout = 70
 template shell = /bin/false
 winbind use default domain = Yes
 inherit permissions = yes
 inherit acls = yes
 nt acl support = yes
 map acl inherit = yes


[hadata]
Comment = New Projects
path = /hadata
browseable = no
public = no
writeable = yes
create mask = 0765
veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/
vfs objects = recycle
dos filemode = yes
store dos attributes =yes
force create mode = 0770
force directory mode = 0770
inherit permissions = yes
inherit acls = yes
hide dot files = yes
-------------- next part --------------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
loglevel 256
# Load dynamic backend modules:
# modulepath	/usr/local/ldap-2.3/libexec/openldap
# moduleload	back_bdb.la
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"dc=msdpl,dc=com"
rootdn		"cn=manager,dc=msdpl,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
idletimeout	50
timelimit 	70
cachesize	2000
updatedn 	"cn=manager,dc=msdpl,dc=com"
updateref	ldap://192.168.129.20
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	/var/lib/ldap
checkpoint	128 15
# Indices to maintain
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index loginShell                        eq,pres
index nisMapName,nisMapEntry            eq,pres,sub
index displayName                       eq,pres,sub
index uidNumber                         eq
index gidNumber                         eq
index memberUID                         eq
#index sambaSID                          eq
index sambaPrimaryGroupSID              eq
index default                           sub
index sambaGroupType			eq,pres
index uniqueMember			eq,pres
index sambaDomainName			eq,pres
index uid				eq,pres,sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdCanChange,sambaPwdMustChange,sambaKickoffTime,sambaKickoffTime,sambaLogoffTime
        by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Domain Users,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Domain Guests,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Print Operators,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Backup Operators,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Replicators,ou=Groups,dc=msdpl,dc=com" write
        by anonymous auth
        by * none
# some attributes need to be readable anonymously so that 'id user' can answer correctly
access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
         by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
         by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
         by * read
# somme attributes can be writable by users themselves
access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
        by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
        by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
        by * read
# some attributes need to be writable for samba
access to dn.base="dc=msdpl,dc=com"
      by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
      by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write
      by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
      by * none
# samba need to be able to create new users account
access to dn="ou=People,dc=msdpl,dc=com"
      by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
      by * none
# samba need to be able to create new groups account
access to dn="ou=Groups,dc=msdpl,dc=com"
      by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
      by * none
# samba need to be able to create new computers account
access to dn="ou=Computers,dc=msdpl,dc=com"
      by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
      by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write
      by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
      by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
      by * none
access to * by * read

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com at EXAMPLE.COM


More information about the samba-technical mailing list