[Samba] Using Samba 2.2.8a with Microsoft Cluster Services
Zachariah Mully
zmully at smartbrief.com
Thu Sep 25 13:39:05 GMT 2003
On Thu, 2003-08-28 at 09:47, Zachariah Mully wrote:
> On Wed, 2003-08-27 at 19:16, Jeremy Allison wrote:
> > Hmmm. It's doing some an LSA_ENUMTRUSTDOM which we don't support fully
> > in 2.2.x. Can you try this with Samba 3.0 (which does) to see if this
> > makes a difference ?
> >
> > Thanks,
> >
> > Jeremy.
>
> Jeremy-
> I've upgraded to:
>
> bubbles-new:/etc/samba# smbd --version
> Version 3.0beta1-1 for Debian
>
> And I'm still having the same problem, I've posted the logs to:
> http://zaphod.smartbrief.com/pics/log.princess-1.smb3
>
> Thank you,
> Zack
>
Jerry, Jeremey-
I've continued working on getting logins working with MS Cluster
Services and I've made some progress, but I need your help diagnosing
the issue. First, I've upgraded my Samba PDC to 3.0.0rc4-Debian from the
samba.org unstable repository. I am using a tdb passwd backend and I
have the user "cluster" in the Domain Admins group:
ogo:/var/log/samba# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-2122776906-1968872760-1457807302-513) ->
domainusers
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Guests (S-1-5-21-2122776906-1968872760-1457807302-514) ->
domainguest
Domain Admins (S-1-5-21-2122776906-1968872760-1457807302-512) -> cluster
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
ogo:/var/log/samba#
To restate the problem, I'm trying to create a two-node active/passive
cluster with MSCS. MSCS requires the user used to create the cluster on
N1 to be a domain user and have administrator priveledges on both nodes,
so the user "cluster" was added to the domain admins group (the cluster
unixgroup contains, of course, the user cluster). I get a permissions
violation when I try and bring up the second node,
"CLUSTER\cluster does not have permission to administer the cluster.
Please use an account that has access privileges to the cluster."
Last night I discovered something really strange. If I restart my PDC
after N1 MSCS comes up and before N2 MSCS does, N2 MSCS is able to
sporadically start successfully. Once N2 MSCS comes up though, I am not
able to use the MSCS management tool on N2 (it requires the cluster user
to login) without again restarting my PDC. So other than the very first
login after the restart, no further logins have permissions on MSCS.
Here is a successful login on N2 after a restart (watch out this
logfile is about 2.5MB):
http://zaphod.smartbrief.com/pics/princess-1.log.good
And a bad login on N2:
http://zaphod.smartbrief.com/pics/princess-1.log.bad
Any ideas?
Thanks,
Zack
More information about the samba
mailing list