Error in Setup File Server Cluster with Samba
Martin Schwenke
martin at meltin.net
Thu Jun 22 01:15:06 UTC 2017
Hi Giang,
I'm not an expert in the finer details of setting up Samba with AD
authentication.
Given that this is a user-level question (instead of developer), you
really shoudl take this type question to samba at lists.samba.org (instead
of samba-technical at lists.samba.org).
Good luck...
peace & happiness,
martin
On Mon, 19 Jun 2017 20:28:13 +0700, GiangCoi Mr <ltrgiang86 at gmail.com>
wrote:
> Hi Martin.
>
> Today, I configured Samba for authentication User Active Directory, in my
> configure below:
> --------------
> vim /etc/krb5.conf
>
> [logging]
>
> default = FILE:/var/log/krb5libs.log
>
> kdc = FILE:/var/log/krb5kdc.log
>
> admin_server = FILE:/var/log/kadmind.log
>
>
>
> [libdefaults]
>
> default_realm = GIANG.LOCAL
>
> dns_lookup_realm = false
>
> dns_lookup_kdc = true
> ---------------
> vim /etc/samba/smb.conf
>
> clustering = yes
>
> log file = /var/log/samba/log.%m
>
> max log size = 50
>
> workgroup = GIANG
>
> realm = GIANG.LOCAL
>
> netbios name = FILESERVER
>
> security = ads
>
> idmap config GIANG:range = 100000-200000
>
> idmap config GIANG:backend = autorid
>
> idmap config * : backend = autorid
>
> idmap config * : range = 200001-299999
>
>
>
> [share]
>
> comment = Gluster and CTDB based share
>
> path = /data/share
>
> read only = no
>
> writable = yes
>
> valid users = +"domain users"
>
> create mask = 0660
>
> directory mask = 0770
> ---------------
> vim /etc/nsswitch.conf
>
>
> passwd: files winbind
>
> shadow: files
>
> group: files winbind
> --------------------
>
> vi /data/lock/ctdb
>
> CTDB_RECOVERY_LOCK=/data/lock/lockfile
> #CIFS only
> CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
> CTDB_MANAGES_SAMBA=yes
> CTDB_MANAGES_WINBIND=yes
>
> #CIFS only
> CTDB_NODES=/etc/ctdb/nodes
>
> 1.
> When I restart CTDB and join:
> kinit administrator at GIANG.LOCAL
> net join ads -U administrator
> It's OK
> Both 2 file server 01,02 can join OK,
> - I use command: "wbinfo -u" --> It show username in AD.
> - I use command: "getent passwd" --> It didn't show username in /etc/passwd
>
> 2.
> When I create username on AD and I use "wbinfo -u" --> it didn't show new
> username. how I can sync immediately username from AD?
>
> 3.
> When I access file with user AD (example: GIANG\test1), I cannot access to
> folder /data/share to write and read file.
>
> I read a article from "
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member" but I
> think I am wrong to configure samba.
> Please help me to fix it. Thanks so much Martin
>
> Regards,
> Giang
>
>
>
>
> 2017-06-01 11:07 GMT+07:00 GiangCoi Mr <ltrgiang86 at gmail.com>:
>
> > Dear Martin.
> > I am sorry, Private network is 172.17.0.0/24.
> >
> > I will setup real network with physical device for this test case. And I
> > will configure again Samba Cluster with AD. Thanks so much for your support.
> >
> > Regards,
> > Giang
> >
> > 2017-06-01 10:59 GMT+07:00 Martin Schwenke <martin at meltin.net>:
> >
> >> Hi Giang,
> >>
> >> On Wed, 31 May 2017 20:12:25 +0700, GiangCoi Mr <ltrgiang86 at gmail.com>
> >> wrote:
> >>
> [...]
> >> but
> [...]
> >>
> >> I don't see any routes for 172.16.0.0/24 in the "route -n" output you
> >> sent. Something looks wrong there.
> >>
> [...]
> >> only
> [...]
> >> for
> [...]
> >> File
> [...]
> >> Thanks so
> [...]
> >>
> >> This is generally no different to setting up non-clustered Samba
> >> against an AD server.
> >>
> >> The main issue when clustering is consistent ID mapping across the
> >> cluster.
> >> Please see https://wiki.samba.org/index.php/Configuring_clustered_Samba
> >> for this.
> >>
> >> Good luck!
> >>
> >> peace & happiness,
> >> martin
> >>
> >
> >
More information about the samba-technical
mailing list