[Samba] Samba HA issue

David Christensen David.Christensen at viveli.com
Wed Aug 5 16:10:54 MDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Du wrote:
> David Christensen wrote:
> 
> Liutauras Adomaitis wrote:
> 
> 
> On Tue, Aug 4, 2009 at 7:39 PM, David
> Christensen<David.Christensen at viveli.com><mailto:David.Christensen at viveli.com> wrote:
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> With samba configured for high availability using heartbeat, I am not
> able to join new computers to the domain after a fail over.  If I fail
> back to the "main" samba instance I can join the computer to the domain.
> 
> However With samba in a fail over state and running on the backup PDC
> users can still authenticate and gain access to their shares.
> 
> I have the two instances of samba configured nearly identical except for
> having them pointed to the instance of ldap that is running on the
> server itself (which is being replicated).  Is there something else,
> some tdb file etc,  that needs to be shared between the two instances of
> samba so a fail over appears identical to the ldap backend?
> 
> Thanks.
> 
> 
> If you are running PDC+BDC configuration with LDAP backend with
> replication, then you must have master to master replication. In case
> of master - slave replication you canot write ot slave while your
> muster is not accessible. Usual slave has a redirection to master for
> write operations. Slave is readonly and thats why you can authenticate
> to BDC, but cannot join new machines to the domain.
> This may be your case
> 
> Liutauras
> 
> 
> 
> Liutauras,
> 
> I have ldap using master-master replication so writing to either ldap
> instance is no problem.  In addition I have both instances of samba
> configured as PDC's (the smb.conf file is identical on both PDC's except
> for two things, the ldap each talks to and the host name of the PDC
> itself; not using the netbios parameter), however only one of them is
> running at a time.  The issue occurs when the 2nd PDC comes online.
> Based on the ldap logs the query I am seeing from the 2nd PDC in a
> failed over state is not the same query that the "primary" PDC does when
> I add a new computer successfuly.  I never see the lookup for the admin
> user who has the right to add a computer, along with other missing
> search strings.
> 
> Is there some SID or some other serial number etc. that the 2nd PDC is
> lacking that is causing this symptom?  Why would a query from a near
> identical instance of samba to the same ldap DB be so different?
> 
> 
> I had the same problem with samba 3.0.28 on rhel 4.  I fixed my problem by issuing "net rpc grant .." commands on the backup PDC.  I never understood why it behaved that way but those commands worked for me.  I thought those rights were in the LDAP database but it seemed that those rights are stored on the individual servers somehow.
> 
> 
> 
John,

Not familiar with net rpc grant, where is the invoked or added?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkp6A20ACgkQ5B+8XEnAvquDfACfZoxcbLHuoVAbqrUQauCbPD8R
VDYAn3Tz+0TfwD+Ip2HIKtVj5bG5reMc
=25vc
-----END PGP SIGNATURE-----

More information about the samba mailing list