[Samba] Windows client mounting SMB only from one CTDB server
tim clusters
tim.clusters at gmail.com
Fri Dec 12 00:20:10 GMT 2008
Hi,
Has anyone tried managing SMB servers via CTDB (http://ctdb.samba.org/)?
I have a setup with CTDB managing two SMB servers authenticating with Active
Directory via Winbind. The SMB is active on both the nodes. However, at a
given instance the Windows clients are able to mount only from one SMB
server.
When you try to connect to another server you get the following error:
###
The mapped networked drive could not be created because the following error
has
occurred:
"The specified network name is no longer available"
##
I use the \\IP-Address\global-share to mount SMB share. We have a
round-robin name setup for NAS-head (ctdb-head), but it works only if you
happen to chose the right IP
address that can be SMB mounted.
When we restart "Winbind" on the server from which Windows client would not
mount, it works! But after that when you try to mount from the other server,
it fails. So, at a given instance Windows client can only mount from single
SMB server in CTDB cluster.
Looking at the "SMB network packets" + SMB + Winbind + CTDB log, I do not
find any major error. Seems like at a time only one SMB server can
authenticate the client via Winbind. Wondering if this has something to do
with passdb.tdb stored in shared file-system and only one SMB server can
exclusively access it?
Please the configuration below. I would like Windows clients to mount from
multiple SMB servers controlled by CTDB. Thoughts/advice to resolve this
would be appreciated.
Thanks in Advance,
-Tim
Software version
----------------
CTDB:
ctdb-1.0-64
ctdb-debuginfo-1.0-64
Samba:
samba-debuginfo-3.2.3-ctdb.50
samba-3.2.3-ctdb.50
samba-doc-3.2.3-ctdb.50
samba-winbind-32bit-3.2.3-ctdb.50
samba-client-3.2.3-ctdb.50
samba-swat-3.2.3-ctdb.50
samba-common-3.2.3-ctdb.50
Kerberos:
krb5-workstation-1.5-17
krb5-libs-1.5-17
krb5-devel-1.5-17
krb5-auth-dialog-0.7-1
pam_krb5-2.2.11-1
krb5-devel-1.5-17
krb5-libs-1.5-17
pam_krb5-2.2.11-1
smb.conf (identical on all the SMB servers)
--------
[global]
workgroup = TESTDOMAIN
realm = TESTDOMAIN.LOCAL
netbios name = CTDB-HEAD
security = ADS
password server = 192.168.10.10
private dir = /mnt/global/CTDB
template homedir = /home/%D+%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
smb ports = 445
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
use mmap = No
clustering = Yes
dns proxy = No
gpfs:sharemodes = no
fileid:mapping = fsname
idmap alloc TESTDOMAIN:range = 10777216-57554431
idmap config TESTDOMAIN:range = 10777216-57554431
idmap config TESTDOMAIN:backend = rid
idmap config TESTDOMAIN:default = yes
force unknown acl user = Yes
passdb backend = tdbsam
vfs objects = gpfs
log level = 3 passdb:5 auth:10 winbind:5
log file = /var/log/samba/log.%m
max log size = 50
client NTLMv2 auth = Yes
client use spnego = yes
auth methods = winbind
[global-share]
comment = global NameSpace
path = /mnt/global/nfsexport
read only = No
inherit permissions = Yes
inherit acls = Yes
/etc/sysconfig/ctdb
-------------------
CTDB_RECOVERY_LOCK=/mnt/global/CTDB/recovery.lck
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_NFS=yes
CTDB_NODES=/etc/ctdb/nodes
CTDB configuration
------------------
[root at node-01 ~]# ctdb status
Number of nodes:2
pnn:0 172.16.2.252 OK
pnn:1 172.16.2.253 OK (THIS NODE)
Generation:1441566550
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0
[root at node-01 ~]# ctdb ip
Public IPs on node 1
192.168.97.5 0
192.168.97.6 1
[root at node-01 ~]# net ads testjoin
Join is OK
[root at node-01 ~]# wbinfo -u list
TESTDOMAIN+administrator
TESTDOMAIN+guest
TESTDOMAIN+krbtgt
TESTDOMAIN+testuser
TESTDOMAIN+peyton
TESTDOMAIN+eli
[root at node-01 ~]# wbinfo -g
TESTDOMAIN+domain computers
TESTDOMAIN+domain controllers
TESTDOMAIN+schema admins
TESTDOMAIN+enterprise admins
TESTDOMAIN+cert publishers
TESTDOMAIN+domain admins
TESTDOMAIN+domain users
TESTDOMAIN+domain guests
TESTDOMAIN+group policy creator owners
TESTDOMAIN+ras and ias servers
TESTDOMAIN+allowed rodc password replication group
TESTDOMAIN+denied rodc password replication group
TESTDOMAIN+read-only domain controllers
TESTDOMAIN+enterprise read-only domain controllers
TESTDOMAIN+dnsadmins
TESTDOMAIN+dnsupdateproxy
node-02 also has similar output
More information about the samba
mailing list