[Samba] [Linux-HA] Samba failover causes different UID's

Caspar Smit c.smit at truebit.nl
Mon Feb 28 05:24:18 MST 2011


Thank you very much for this, I will check out the manpage and wiki page.

Kind regards,

Caspar Smit

2011/2/28 Tim Serong <tserong at novell.com>

> On 2/28/2011 at 09:21 PM, Caspar Smit <c.smit at truebit.nl> wrote:
> > Hi,
> >
> > I have two machines in a cluster and want to create a high available
> samba
> > share that connects to active directory for user information. The storage
> is
> > DRBD and the filesystem is XFS.
> >
> > I'm using pacemaker as cluster software and using the lsb:samba init
> script.
> >
> > I connected both machines to my Windows AD server and tested this using
> > winbind.
> >
> > winbind -u gives me all AD users which seems fine. This works on both
> > machines so everything looks ok.
> >
> > When I connect from a windows client to the samba share I don't need to
> > enter credentials so that looks fine too. When I start to put some files
> on
> > the share the correct credentials are used when I check with "ls -al" on
> the
> > mountpoint in linux. So far so good.
> >
> > BUT when I do a failover to the other node the share is up but suddenly I
> > cannot connect from the windows client anymore without entering
> credentials
> > and when I check with "ls -al" on the mountpoint on the other machine it
> > maps the existing files (which I put there when the share was running on
> the
> > other node) suddenly with whole different UID's.
> >
> > Where is the mapping of UID's taking place and how can I fix this? Both
> > systems lookup their user information from the same AD server, how can
> they
> > still lookup different UID's when looking at the same server and files?
> Because by default Samba hands out UIDs on a first come first served basis.
> You need to configure a different UID mapping scheme.  Have a look at
> "idmap
> config" and "idmap backend" in the smb.conf manpage.  RID might be the
> easiest thing to set up (where Samba generates UIDs based on Windows SIDs).
> Configuring UNIX UIDs in some LDAP backend, or directly in AD via (RFC2307
> or Services For UNIX or whatever it's called these days) might be "better"
> (you get to decide what the UIDs actually are, and this'll apparently work
> with multiple AD domains/trusted domains).
> HTH,
> Tim
> --
> Tim Serong <tserong at novell.com>
> Senior Clustering Engineer, OPS Engineering, Novell Inc.
> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems

More information about the samba mailing list