[Samba] Samba HA issue
David Christensen
David.Christensen at viveli.com
Wed Aug 5 16:10:54 MDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Du wrote:
> David Christensen wrote:
>
> Liutauras Adomaitis wrote:
>
>
> On Tue, Aug 4, 2009 at 7:39 PM, David
> Christensen<David.Christensen at viveli.com><mailto:David.Christensen at viveli.com> wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> With samba configured for high availability using heartbeat, I am not
> able to join new computers to the domain after a fail over. If I fail
> back to the "main" samba instance I can join the computer to the domain.
>
> However With samba in a fail over state and running on the backup PDC
> users can still authenticate and gain access to their shares.
>
> I have the two instances of samba configured nearly identical except for
> having them pointed to the instance of ldap that is running on the
> server itself (which is being replicated). Is there something else,
> some tdb file etc, that needs to be shared between the two instances of
> samba so a fail over appears identical to the ldap backend?
>
> Thanks.
>
>
> If you are running PDC+BDC configuration with LDAP backend with
> replication, then you must have master to master replication. In case
> of master - slave replication you canot write ot slave while your
> muster is not accessible. Usual slave has a redirection to master for
> write operations. Slave is readonly and thats why you can authenticate
> to BDC, but cannot join new machines to the domain.
> This may be your case
>
> Liutauras
>
>
>
> Liutauras,
>
> I have ldap using master-master replication so writing to either ldap
> instance is no problem. In addition I have both instances of samba
> configured as PDC's (the smb.conf file is identical on both PDC's except
> for two things, the ldap each talks to and the host name of the PDC
> itself; not using the netbios parameter), however only one of them is
> running at a time. The issue occurs when the 2nd PDC comes online.
> Based on the ldap logs the query I am seeing from the 2nd PDC in a
> failed over state is not the same query that the "primary" PDC does when
> I add a new computer successfuly. I never see the lookup for the admin
> user who has the right to add a computer, along with other missing
> search strings.
>
> Is there some SID or some other serial number etc. that the 2nd PDC is
> lacking that is causing this symptom? Why would a query from a near
> identical instance of samba to the same ldap DB be so different?
>
>
> I had the same problem with samba 3.0.28 on rhel 4. I fixed my problem by issuing "net rpc grant .." commands on the backup PDC. I never understood why it behaved that way but those commands worked for me. I thought those rights were in the LDAP database but it seemed that those rights are stored on the individual servers somehow.
>
>
>
John,
Not familiar with net rpc grant, where is the invoked or added?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkp6A20ACgkQ5B+8XEnAvquDfACfZoxcbLHuoVAbqrUQauCbPD8R
VDYAn3Tz+0TfwD+Ip2HIKtVj5bG5reMc
=25vc
-----END PGP SIGNATURE-----
More information about the samba
mailing list