[Samba] Heartbeat and secrets.tdb

Henrik Carlqvist hc1 at poolhem.se
Fri Nov 9 21:57:21 GMT 2007


I'm configuring a HA-cluster to share disks using heartbeat from
http://www.linux-ha.org/

Two machines, lets call them server1 and server2 share the same disk with
an ocfs2 file system. However, the two machines have separate disks for
their OS installations. The two physical servers have two gigabit nics
each and on those nics I place four virtual IP addresses which heartbeat
makes sure is working as long at as least one server is up. Lets say the
four IP addresses get host names samba1, samba2, samba3 and samba4.

When both servers are up and running it looks something like this:

samba1    server1, eth0:0
samba2    server1, eth1:0
samba3    server2, eth0:0
samba4    server2, eth1:0

If one server would go down, either for a planned maintenance or by
accident heartbeat will rearrange the configuration to something like
this:

samba1    server2, eth0:1
samba2    server2, eth1:1
samba3    server2, eth0:0
samba4    server2, eth1:0

Once the failed server gets back heartbeat will again distribute the IP
addresses over both servers in an active/active configuration.

Smb.conf look the same on both servers and all four IP adresses are listed
as interfaces on both machines. This works fine, when a server takes over
IP addresses from the other server samba immediately works on those
addresses without need for any restart.

My problem is that the samba servers use security=domain. I have used net
join to join the domain and all works fine for a while. However, after
some time the servers get locked out from the domain and I don't really
know why. 

Is it because samba use several IP addresses on the same machine and the
same secrets.tdb? If so, would it work better if I used four different
smb.conf, one for each IP address pointing to different secrets.tdb? Would
this work with local copies of secrets.tdb on the two servers?

Is it because the same IP adresses move between two different machines
with different secrets.tdb? If so, would it work better if secrets.tdb
would be placed on a ocfs2 file system shared between the two servers?

regards Henrik


More information about the samba mailing list