[Samba] CTDB + Samba + Winbind + ActiveDirectory

tim clusters tim.clusters at gmail.com
Thu Dec 25 22:51:19 GMT 2008 

Hi All,

Are there any special CTDB/SMB configuration settings/dependencies to manage
Winbind across CTDB managed servers authenticating via Active
Directory(AD)? An example would be Samba's IDMAP backend for Winbind: RID
vs. AD or tag Winbind to a primary CTDB node and point other nodes to
authenticate from AD via proxy primary CTDB node?

/etc/sysconfig/ctdb on all nodes is as follows:

CTDB_RECOVERY_LOCK=/mnt/gpfs/CTDB/recovery.lck
CTDB_PUBLIC_INTERFACE=eth2
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_WINBIND=yes
CTDB_NODES=/etc/ctdb/nodes

I had asked this before, but I have a strange scenario where Windows node is
able to mount only from one of the CTDB-managed SMB servers. The NetBIOS
name is same on all the nodes and "net ads join" is issued only from one of
the CTDB nodes. Any guidance to resolve this would be greatly appreciated.

[global]
        workgroup = TESTDOMAIN
        realm = TESTDOMAIN.LOCAL
        netbios name = CTDB-HEAD
        security = ADS
        auth methods = winbind, sam
        password server = 172.16.4.10
        passdb backend = tdbsam
        log level = 10 winbind:10 auth:10 passdb:10
        log file = /var/log/samba/log.%m
        max log size = 10000
        smb ports = 445
        server signing = auto
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        use mmap = No
        clustering = Yes
        dns proxy = No
        idmap backend = tdb2
        idmap uid = 10000000-20000000
        idmap gid = 10000000-20000000
        template homedir = /home/%D+%U
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        nfs4:acedup = merge
        nfs4:chown = yes
        nfs4:mode = special
        gpfs:sharemodes = no
        fileid:mapping = fsname
        idmap config TESTDOMAIN:range = 10777216-57554431
        idmap config TESTDOMAIN:backend = rid
        force unknown acl user = Yes
        strict locking = Yes
        vfs objects = gpfs, fileid
[global-share]
        comment = Global SMB NameSpace
        path = /mnt/gpfs/nfsexport
        read only = No
        inherit permissions = Yes
        inherit acls = Yes
        guest ok = Yes
Regards,
-Tim

More information about the samba mailing list