[Samba] Clustering and winbindd

[John H Terpstra]

On Mon, 29 Dec 2003, Peter Giorgilli wrote:

> Hi all!
>
> I'm working on a project that, funnily enough, involves clustering and
> "winbindd". Specifically, we have a 2-node cluster configured in an
> active-active configuration whereby both servers are running Samba, each
> "exporting" different filesystems that are backed on a shared storage
> subsystem such that at any given time, one node can takeover from the other.
>
> The problem: if I run "winbindd" on both systems independently, the
> Windows-domain user accts are mapped to different UNIX uids/gids, which in turn creates a problem when a particular share is relocated from one node to
> the other because of the different file permissions. (Ideally, both nodes would see the same "winbindd_idmap.tdb".)
>
> Can I effectively configure "winbindd" in a master/backup configuration such
> that only one of the nodes is able to update the database, whilst the other is only able to read the database? I thought to set the "winbind cache time"
> to a value such as 1 day that would effectively relegate one of the nodes to
> "backup" status. At the same time, the "backup" server would periodically "rsync" the "winbindd_idmap.tdb" database to pickup any changes.
>
> Can anyone see any problems with this approach and/or suggest a better way of
> going about it?
>
> I should also mention that I'm running on Red Hat Linux Advanced Server
> release 2.1AS, using the latest "rpm" released by Red Hat which as best I can
> understand is based on Samba release 2.2.7, plus select patches back-ported from 2.2.8.

You should update to samba-3.0.0 or later. USA LDAP backend, and use:

idmap backend = ldap://your-ldap-server

This way both servers will have a common mapping of SIDs to UID/GIDs.

Cheers,
John T.
-- 
John H Terpstra
Email: jht at samba.org