[Samba] Heartbeat and secrets.tdb

Michael Gasch gasch at eva.mpg.de
Wed Nov 14 14:11:16 GMT 2007


for each samba instance (netbios name) we use different IP addresses and 
configuration files. thus we have several secret.tdb files which are 
also located on a cluster filesystem. this works and prevents machines 
from kicking off each other from the domain


Henrik Carlqvist wrote:
> I'm configuring a HA-cluster to share disks using heartbeat from
> http://www.linux-ha.org/
> Two machines, lets call them server1 and server2 share the same disk with
> an ocfs2 file system. However, the two machines have separate disks for
> their OS installations. The two physical servers have two gigabit nics
> each and on those nics I place four virtual IP addresses which heartbeat
> makes sure is working as long at as least one server is up. Lets say the
> four IP addresses get host names samba1, samba2, samba3 and samba4.
> When both servers are up and running it looks something like this:
> samba1    server1, eth0:0
> samba2    server1, eth1:0
> samba3    server2, eth0:0
> samba4    server2, eth1:0
> If one server would go down, either for a planned maintenance or by
> accident heartbeat will rearrange the configuration to something like
> this:
> samba1    server2, eth0:1
> samba2    server2, eth1:1
> samba3    server2, eth0:0
> samba4    server2, eth1:0
> Once the failed server gets back heartbeat will again distribute the IP
> addresses over both servers in an active/active configuration.
> Smb.conf look the same on both servers and all four IP adresses are listed
> as interfaces on both machines. This works fine, when a server takes over
> IP addresses from the other server samba immediately works on those
> addresses without need for any restart.
> My problem is that the samba servers use security=domain. I have used net
> join to join the domain and all works fine for a while. However, after
> some time the servers get locked out from the domain and I don't really
> know why. 
> Is it because samba use several IP addresses on the same machine and the
> same secrets.tdb? If so, would it work better if I used four different
> smb.conf, one for each IP address pointing to different secrets.tdb? Would
> this work with local copies of secrets.tdb on the two servers?
> Is it because the same IP adresses move between two different machines
> with different secrets.tdb? If so, would it work better if secrets.tdb
> would be placed on a ocfs2 file system shared between the two servers?
> regards Henrik

Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig

Phone: 49 (0)341 - 3550 137
        49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399

More information about the samba mailing list