[Samba] Heartbeat and secrets.tdb
Michael Gasch
gasch at eva.mpg.de
Wed Nov 14 14:11:16 GMT 2007
hi,
for each samba instance (netbios name) we use different IP addresses and
configuration files. thus we have several secret.tdb files which are
also located on a cluster filesystem. this works and prevents machines
from kicking off each other from the domain
micha
Henrik Carlqvist wrote:
> I'm configuring a HA-cluster to share disks using heartbeat from
> http://www.linux-ha.org/
>
> Two machines, lets call them server1 and server2 share the same disk with
> an ocfs2 file system. However, the two machines have separate disks for
> their OS installations. The two physical servers have two gigabit nics
> each and on those nics I place four virtual IP addresses which heartbeat
> makes sure is working as long at as least one server is up. Lets say the
> four IP addresses get host names samba1, samba2, samba3 and samba4.
>
> When both servers are up and running it looks something like this:
>
> samba1 server1, eth0:0
> samba2 server1, eth1:0
> samba3 server2, eth0:0
> samba4 server2, eth1:0
>
> If one server would go down, either for a planned maintenance or by
> accident heartbeat will rearrange the configuration to something like
> this:
>
> samba1 server2, eth0:1
> samba2 server2, eth1:1
> samba3 server2, eth0:0
> samba4 server2, eth1:0
>
> Once the failed server gets back heartbeat will again distribute the IP
> addresses over both servers in an active/active configuration.
>
> Smb.conf look the same on both servers and all four IP adresses are listed
> as interfaces on both machines. This works fine, when a server takes over
> IP addresses from the other server samba immediately works on those
> addresses without need for any restart.
>
> My problem is that the samba servers use security=domain. I have used net
> join to join the domain and all works fine for a while. However, after
> some time the servers get locked out from the domain and I don't really
> know why.
>
> Is it because samba use several IP addresses on the same machine and the
> same secrets.tdb? If so, would it work better if I used four different
> smb.conf, one for each IP address pointing to different secrets.tdb? Would
> this work with local copies of secrets.tdb on the two servers?
>
> Is it because the same IP adresses move between two different machines
> with different secrets.tdb? If so, would it work better if secrets.tdb
> would be placed on a ocfs2 file system shared between the two servers?
>
> regards Henrik
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
49 (0)341 - 3550 374
Fax: 49 (0)341 - 3550 399
More information about the samba
mailing list