idmap.ldb
Ali Bendriss
ali.bendriss at googlemail.com
Wed Jan 25 03:23:42 MST 2012
> On 24/01/2012 12:56, Ali Bendriss wrote:
> > Hi,
> >
> > Is it ok to share idmap.ldb between 2 samba4 servers ?
> > I've done a try using a shared gfs2 partition (on a shared storage),
> > it seems to work but is it safe ?
>
> What are you trying to achieve ?
>
>
> Matthieu.
Hi,
I'm a running two gfs2 cluster node using ctdb (uniq public IP addresse).
each node run samba4 (samba binary) but I run smbd with a smb3 config file as
well on the same nodes. samba4 have no share at all but run the winbind
service.
I have simply set smb ports = 130 in the samba4 config file.
Each node run bind with a kind of split config (to be sure that the reply is
the self node). The clients are named via dhcp so dns update is useless in
that config and the client use the public IP as the DNS.
I can join clients to samba (tested with win7, osX) and use smbd for file
sharing.
This week I have shared sysvol between the two nodes to use the GPO.
(until now I was editing idmap.ldb) to have the same uid/gid on the cluster.
Yesterday I've put idmap.ldb on a shared storage as well.
I'm trying to have the graal : a AD and file server cluster where each node
share the same uid/gid (will be used for ftp soon). The goal is to share the
load bettween each node.
The last thing missing is the idmap sync.
If I garantie that the user creation/del/modif is only done from one
(and alway the same) node in the whole network is sharing idmap.ldb a safe
approche ?
thanks
--
Ali
PS:
Some info about the config :
node 1 IP : adb.def.ghi.225/28, abc.def.ghi.226/28
node 2 IP : adb.def.ghi.225/28, abc.def.ghi.227/28
here is the config used (on samba4 bbacd90):
# samba4: /etc/samba/smb.conf
# Global parameters
[global]
log level = 1
server role = domain controller
workgroup = FOO
realm = foo.test.org
interfaces = 127.0.0.1/32, adb.def.ghi.225/28, abc.def.ghi.226/28
bind interfaces only = Yes
passdb backend = samba4
smb ports = 130
disable netbios = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
host msdfs = Yes
template shell = /bin/bash
------------------
# smbd: /etc/samba/smb3.conf
[global]
log level = 1
workgroup = FOO
realm = foo.test.org
interfaces = 127.0.0.1/32, abc.def.ghi.225/28, abc.def.ghi.226/28
# server role = domain controller
auth methods = guest, samba4
password server = 193.54.174.226
passdb backend = samba4
# max protocol = SMB2
disable netbios = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
template shell = /bin/bash
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:lsarpc = external
rpc_daemon:spoolssd = disabled
rpc_server:tcpip = no
rpc_server:spoolss = embedded
rpc_server:dssetup = disabled
rpc_server:default = external
idmap config * : gid = 1000000-1999999
idmap config * : uid = 1000000-1999999
#idmap config * : backend = rid
#clustering = yes
# Share
include = /etc/samba/default_share.conf
---------------------------------------------------------------------------
LOGFILE smbd
=========
[2012/01/25 10:43:40.908321, 0]
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
Failed to register endpoint 'ntsvcs'!
[2012/01/25 10:43:40.909271, 1]
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:40.909319, 0]
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
Failed to register endpoint 'eventlog'!
[2012/01/25 10:43:40.910268, 1]
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:40.910324, 0]
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
Failed to register endpoint 'initshutdown'!
[2012/01/25 10:43:56.977651, 1]
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:56.977750, 0]
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
Failed to register endpoint 'winreg'!
[2012/01/25 10:43:56.978847, 1]
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:56.978967, 0]
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
LOGFILE samba
==========
[2012/01/25 10:48:45, 3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2012/01/25 10:48:45, 3]
../auth/gensec/gensec_start.c:679(gensec_start_mech_by_authtype)
Could not find GENSEC backend for auth_type=200
[2012/01/25 10:48:45, 3]
../source4/rpc_server/dcesrv_auth.c:91(dcesrv_auth_bind)
Failed to start GENSEC mechanism for DCERPC server: auth_type=200,
auth_level=2: NT_STATUS_INVALID_PARAMETER
[2012/01/25 10:48:45, 3]
../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2012/01/25 10:48:45, 3]
../source4/smbd/process_single.c:104(single_terminate)
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
More information about the samba-technical
mailing list