[Samba] multiple samba instances unable to join domain simultaneously

[Jonathan Woytek]

File this under the "this used to work" section.

Particulars:
Version:  3.0.13
Build source:  Source RPM
OS/Distribution:  RedHat Enterprise Linux AS 3
Hardware:  dual-Xeon, 4GB RAM, SCSI OS disks
Security configuration:  NT4 domain, NT4 PDC and BDC

This system is being run under RedHat Cluster Services.

We have three samba instances running on one physical machine, providing 
windows access to three separate "services" (to use the RedHat Cluster 
Services terminology).  These instances were initially configured with 
the RedHat configuration utility, then hand-tuned to configure our 
security settings and other particulars that the configuration utility 
doesn't do (and because I usually don't care much for 
automatically-generated configuration files).

The problem that we've recently started to see (since the upgrade to 
3.0.13, it seems) is that only ONE of the three instances can be joined 
to the domain at any time.  I can do a "net rpc join" with all three 
configuration files, and each one will list that they have successfully 
joined the domain.  A "testjoin" shows that only the last instance 
joined is actually associated with the domain.  Windows Server Manager 
shows that all three instances have registered their names as domain 
members.  Logging on the PDC shows that all three were successfully 
joined and machine accounts created.  Subsequent access to shares on 
either of the two instances that show that they are not associated 
results in a log message on the PDC indicating that there is no trust 
account for the machine.  If I go back and "net rpc join" one of those 
two instances, that one instance shows that it is connected to the 
domain, and the other two now show that they are not.

I've poked-around google and this list, trying to see what I could find 
about this.  I have found people who are successfully running multiple 
instances on their servers with no real issues.  In fact, this is the 
supported configuration from RedHat, and it used to work under the older 
2.x release of Samba that came with RHEL.

Any clues?  I can make partial configuration files available, if that 
helps.  We are using "bind interfaces only" and appropriate interfaces 
lines.  We upgraded to 3.0.13 a number of months ago, but only recently 
discovered this service problem.  The message we get when this happens 
is the predictable "trust relationship failed" error while trying to 
access a non-associated service.

jonathan
-- 
Jonathan Woytek                 w: 412-681-3463         woytek+ at cmu.edu
NREC Computing Manager          c: 412-401-1627         KB3HOZ
PGP Key available upon request