[Samba] Samba server in a failover environment
Hsu, Cheng (Consultant)
CHsu at us.nomura.com
Wed Feb 19 14:29:12 GMT 2003
Uli Luckas,
Oktay Akbal,
Samba Gurus,
Where is the SID, or MACHINE.SID ? Is that a file ?
I checked my Samba installation (/usr/local/samba) and
I cannot find the file.
Cheng Hsu
-----Original Message-----
From: Uli Luckas [mailto:Uli.Luckas at abakusag.de]
Sent: Thursday, February 13, 2003 5:25 AM
To: 'Oktay Akbal'; Hsu, Cheng (Consultant)
Cc: 'samba at lists.samba.org'
Subject: AW: [Samba] Samba server in a failover environment
On Thu, 13 Feb 2003, Oktay Akbal wrote:
> On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote:
>
> > But my experiment shows that I MUST
> explicitly join the
> > NT domain
> > in order for everything to work.
>
> Just a guess: Make sure that the server do not only have the same
> smb.conf, but also the same SID (MACHINE.SID or whatever
> setup of samba
> you use)
This will not be enough in the long run...
The SID is what identifies the machine all right. But on join your the
machine registers a (random) password with the DC. Now if you join the
second server with the same name/SID the DC will update the password to the
2nd machine's idea of what it should be and the 1st machine can't log into
the domain any more :-(
And it is worse... You could probably (r)sync smb.conf, MACHINE.SID plus the
domain password (secrets.tdb?) between the two servers and things would work
for a while. But you need to do this on a regular basis as the password is
updated to a new random password every now and then (default once a week?)
and the secondary server would be out of sync.
Just as an suggestion to the samba team ... a hook like "machine pwd update
script = sync_secrets.sh" in smb.conf would come in handy.
Hope I was of any help
Uli
----- This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please delete it and all copies from your
system, destroy any hard copies and notify the sender. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any part
of this message if you are not the intended recipient. Nomura Holding
America Inc., Nomura Securities International, Inc, and their respective
subsidiaries each reserve the right to monitor all e-mail communications
through its networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorized to state the views of such entity. Unless otherwise stated,
any pricing information in this message is indicative only, is subject to
change and does not constitute an offer to deal at any price quoted. Any
reference to the terms of executed transactions should be treated as
preliminary only and subject to our formal written confirmation.
More information about the samba
mailing list