[Samba] Samba HA issue

David Christensen David.Christensen at viveli.com
Wed Aug 5 15:45:17 MDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liutauras Adomaitis wrote:
> On Tue, Aug 4, 2009 at 7:39 PM, David
> Christensen<David.Christensen at viveli.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> With samba configured for high availability using heartbeat, I am not
>> able to join new computers to the domain after a fail over.  If I fail
>> back to the "main" samba instance I can join the computer to the domain.
>>
>> However With samba in a fail over state and running on the backup PDC
>> users can still authenticate and gain access to their shares.
>>
>> I have the two instances of samba configured nearly identical except for
>> having them pointed to the instance of ldap that is running on the
>> server itself (which is being replicated).  Is there something else,
>> some tdb file etc,  that needs to be shared between the two instances of
>> samba so a fail over appears identical to the ldap backend?
>>
>> Thanks.
> 
> If you are running PDC+BDC configuration with LDAP backend with
> replication, then you must have master to master replication. In case
> of master - slave replication you canot write ot slave while your
> muster is not accessible. Usual slave has a redirection to master for
> write operations. Slave is readonly and thats why you can authenticate
> to BDC, but cannot join new machines to the domain.
> This may be your case
> 
> Liutauras

Liutauras,

I have ldap using master-master replication so writing to either ldap
instance is no problem.  In addition I have both instances of samba
configured as PDC's (the smb.conf file is identical on both PDC's except
for two things, the ldap each talks to and the host name of the PDC
itself; not using the netbios parameter), however only one of them is
running at a time.  The issue occurs when the 2nd PDC comes online.
Based on the ldap logs the query I am seeing from the 2nd PDC in a
failed over state is not the same query that the "primary" PDC does when
I add a new computer successfuly.  I never see the lookup for the admin
user who has the right to add a computer, along with other missing
search strings.

Is there some SID or some other serial number etc. that the 2nd PDC is
lacking that is causing this symptom?  Why would a query from a near
identical instance of samba to the same ldap DB be so different?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp5/W0ACgkQ5B+8XEnAvqsohQCeK6w0icqAS9d2acH0tLf0FphL
vpYAn2YVsxoCZ729gDnxsZCVY6TPZwp9
=zlN2
-----END PGP SIGNATURE-----

More information about the samba mailing list