[Samba] Joining samba domain post heartbeat install

David Christensen David.Christensen at viveli.com
Fri Jul 31 13:56:35 MDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Christensen wrote:
> I successfully setup heartbeat and glusterfs (instead of DRBD) to
> provide an HA Samba configuration.  I tested that fail over worked fine
> all the existing computers were able to get to their shares and re
> authenticate users.
> 
> However I discovered that I was not able to join computers to the domain
> after the configuration was setup.  The netbios name was changed to
> accommodate the new heartbeat VIP and the new VIP is the only address I
> have samba bound to.
> 
> When I go to add the computer to the domain, type to the domain in and
> hit enter, I am presented with a login dialog box.  When I enter the
> admin and password and hit enter, after a few seconds I get the warning
> that a controller for the domain could not be foumd.
> 
> I suspect that there is some caching going on and (maybe) winbind is
> using the old info for the PDC and not the new?
> 
> Are there any caches I could clear that may fix this?  Am I on the right
> track or is there somethign else I should be looking at?

Update

When I compare the ldap access logs with and without heartbeat, there is
a difference in the query.  As I previouslt mentioned, without
heartbeat, adding is successful, with heartbeat it is not.  The search
base is different:

With heartbeat - SRCH base="cn=groups,cn=accounts,dc=example,dc=com"
scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))"
attrs="gidNumber sambaSID sambaGroupType sambaSIDList description
displayName cn objectClass"

W/heartbeat - SRCH
base="sambaDomainName=exampleHQ,sambaDomainName=exampleHQ,dc=example,dc=com"
scope=2
filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=exampleHQ))"
attrs=ALL

When I compared the logs when executing pdbedit -Lv with both setups,
the queries are the same.

Why would samba do a different query to the same instance of ldap when
configured with heartbeat and without heartbeat?

The address that samba is binding to/from for access to ldap is not the
VIP provided by heartbeat.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpzTHMACgkQ5B+8XEnAvqscLQCggCw0jWgYI1p9p6JYdxJpOJTg
k0wAn0iA3J9zU/VD92vctfs6SwvDLNE3
=2Z7C
-----END PGP SIGNATURE-----

More information about the samba mailing list