idmap.ldb

Ali Bendriss ali.bendriss at googlemail.com
Wed Jan 25 03:23:42 MST 2012 

> On 24/01/2012 12:56, Ali Bendriss wrote:
> > Hi,
> > 
> > Is it ok to share idmap.ldb between 2 samba4 servers ?
> > I've done a try using a shared gfs2 partition (on a shared storage),
> > it seems to work but is it safe ?
> 
> What are you trying to achieve ?
> 
> 
> Matthieu.

Hi,

I'm a running two gfs2 cluster node using ctdb (uniq public IP addresse).
each node run samba4 (samba binary) but I run smbd with a smb3 config file as 
well on the same nodes. samba4 have no share at all but run the winbind 
service.
I have simply set smb ports = 130 in the samba4 config file.
Each node run bind with a kind of split config (to be sure that the reply is 
the self node). The clients are named via dhcp so dns update is useless in 
that config and the client use the public IP as the DNS.

I can join clients to samba (tested with win7, osX) and use smbd for file 
sharing.
This week I have shared sysvol between the two nodes to use the GPO.
(until now I was editing idmap.ldb) to have the same uid/gid on the cluster.
Yesterday I've put idmap.ldb on a shared storage as well.
 
I'm trying to have the graal : a AD and file server cluster where each node 
share the same uid/gid (will be used for ftp soon).  The goal is to share the 
load bettween each node.

The last thing missing is the idmap sync.
If I garantie that the user creation/del/modif is only done from one 
(and alway the same) node in the whole network is sharing idmap.ldb a safe 
approche ? 

thanks

--
Ali


PS:
Some info about the config :

node 1 IP : adb.def.ghi.225/28, abc.def.ghi.226/28
node 2 IP : adb.def.ghi.225/28, abc.def.ghi.227/28

here is the config used (on samba4 bbacd90):

# samba4: /etc/samba/smb.conf
# Global parameters
[global]
log level = 1
        server role = domain controller
        workgroup = FOO
        realm = foo.test.org
        interfaces = 127.0.0.1/32, adb.def.ghi.225/28, abc.def.ghi.226/28
        bind interfaces only = Yes
        passdb backend = samba4
        smb ports = 130
        disable netbios = Yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        host msdfs = Yes
        template shell = /bin/bash

           ------------------

# smbd: /etc/samba/smb3.conf
[global]
log level = 1
        workgroup = FOO
        realm = foo.test.org
        interfaces = 127.0.0.1/32, abc.def.ghi.225/28, abc.def.ghi.226/28
#       server role = domain controller
        auth methods = guest, samba4
        password server = 193.54.174.226
        passdb backend = samba4
#       max protocol = SMB2
        disable netbios = Yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        template shell = /bin/bash
        rpc_server:samr = external
        rpc_server:netlogon = external
        rpc_server:lsarpc = external
        rpc_daemon:spoolssd = disabled
        rpc_server:tcpip = no
        rpc_server:spoolss = embedded
        rpc_server:dssetup = disabled
        rpc_server:default = external
        idmap config * : gid = 1000000-1999999
        idmap config * : uid = 1000000-1999999
#idmap config * : backend = rid
#clustering = yes

# Share
include = /etc/samba/default_share.conf
---------------------------------------------------------------------------

LOGFILE smbd
=========
[2012/01/25 10:43:40.908321,  0] 
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
  Failed to register endpoint 'ntsvcs'!
[2012/01/25 10:43:40.909271,  1] 
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
  ../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:40.909319,  0] 
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
  Failed to register endpoint 'eventlog'!
[2012/01/25 10:43:40.910268,  1] 
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
  ../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:40.910324,  0] 
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
  Failed to register endpoint 'initshutdown'!
[2012/01/25 10:43:56.977651,  1] 
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
  ../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:56.977750,  0] 
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)
  Failed to register endpoint 'winreg'!
[2012/01/25 10:43:56.978847,  1] 
../source3/rpc_client/cli_pipe.c:461(cli_pipe_validate_current_pdu)
  ../source3/rpc_client/cli_pipe.c:461: Bind NACK received from host minnie!
[2012/01/25 10:43:56.978967,  0] 
../source3/rpc_server/rpc_ep_register.c:136(rpc_ep_register_loop)

LOGFILE samba
==========
[2012/01/25 10:48:45,  3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2012/01/25 10:48:45,  3] 
../auth/gensec/gensec_start.c:679(gensec_start_mech_by_authtype)
  Could not find GENSEC backend for auth_type=200
[2012/01/25 10:48:45,  3] 
../source4/rpc_server/dcesrv_auth.c:91(dcesrv_auth_bind)
  Failed to start GENSEC mechanism for DCERPC server: auth_type=200, 
auth_level=2: NT_STATUS_INVALID_PARAMETER
[2012/01/25 10:48:45,  3] 
../source4/smbd/service_stream.c:63(stream_terminate_connection)
  Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2012/01/25 10:48:45,  3] 
../source4/smbd/process_single.c:104(single_terminate)
  single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

More information about the samba-technical mailing list