[Samba] CTDB + Likewise-open : What servername when joining AD?

Nicolas Ecarnot nicolas at ecarnot.net
Thu Dec 1 07:03:58 MST 2011


Le 01/12/2011 09:35, Michael Adam a écrit :
> Hi Nicolas,

Hi Michael,

> Generally, when running samba in a CTDB cluster, the principle
> idea is that all nodes appear as one CIFS server to the outside.
> (in Samba/winbindd you have the same config on all nodes an
> in particular set the "netbios name" parameter to the same value
> on all nodes).




> In particular, the AD-connector needs to join
> the cluster just _once_ with the netbios name given to all the
> nodes.


This is this particular point that I have to precisely understand.
Joining to a domain with likewise is done with domainjoin-cli.
Joining to a domain with samba is done with net ads join.

I succesfully used both.
But, in both cases, I never specified the server name. I guess this 
value is retreived from the system and/or the samba setting.

The net man page says :
"[UPN] (ADS only) set the principalname attribute during the join. The 
default format is host/netbiosname at REALM."
so this may help me to register this computer into the domain, but under 
the common virtual name.

How do you usually add a virtual netbios name to a domain? Do you use 
the net ads join createupn method mentionned above ?

I'm pretty sure this is the very last big issue I have to deal with.

> Winbindd uses the secrets.tdb to store the join
> information so that in the clustered case, this automatically
> transferred to all nodes when a node joins.
>
> I could assist you with winbindd instead of likewise-open
> running on top of ctdb as the authenticaion / AD-connection
> piece, but I am sorry to say, that I don't know whether this
> is at all possible with likewise.

I have discovered some "intricacy/links/constraints" between the machine 
password stored into samba tdb and the one stored into likewise registry 
(and I've managed to cope with it).
As this cluster is made of only TWO nodes, I hope I'll be able to 
correct any similar issues that may rise.

>
> (Note: likewise-open was iirc originally a rebranded winbindd
> with some additional gui tools, but this has long been replaced
> completely.)
>
> Cheers - Michael


-- 
Nicolas Ecarnot


More information about the samba mailing list