[Samba] [Linux-HA] Samba failover causes different UID's
Tim Serong
tserong at novell.com
Mon Feb 28 04:39:04 MST 2011
On 2/28/2011 at 09:21 PM, Caspar Smit <c.smit at truebit.nl> wrote:
> Hi,
>
> I have two machines in a cluster and want to create a high available samba
> share that connects to active directory for user information. The storage is
> DRBD and the filesystem is XFS.
>
> I'm using pacemaker as cluster software and using the lsb:samba init script.
>
> I connected both machines to my Windows AD server and tested this using
> winbind.
>
> winbind -u gives me all AD users which seems fine. This works on both
> machines so everything looks ok.
>
> When I connect from a windows client to the samba share I don't need to
> enter credentials so that looks fine too. When I start to put some files on
> the share the correct credentials are used when I check with "ls -al" on the
> mountpoint in linux. So far so good.
>
> BUT when I do a failover to the other node the share is up but suddenly I
> cannot connect from the windows client anymore without entering credentials
> and when I check with "ls -al" on the mountpoint on the other machine it
> maps the existing files (which I put there when the share was running on the
> other node) suddenly with whole different UID's.
>
> Where is the mapping of UID's taking place and how can I fix this? Both
> systems lookup their user information from the same AD server, how can they
> still lookup different UID's when looking at the same server and files?
Because by default Samba hands out UIDs on a first come first served basis.
You need to configure a different UID mapping scheme. Have a look at "idmap
config" and "idmap backend" in the smb.conf manpage. RID might be the
easiest thing to set up (where Samba generates UIDs based on Windows SIDs).
Configuring UNIX UIDs in some LDAP backend, or directly in AD via (RFC2307
or Services For UNIX or whatever it's called these days) might be "better"
(you get to decide what the UIDs actually are, and this'll apparently work
with multiple AD domains/trusted domains).
HTH,
Tim
--
Tim Serong <tserong at novell.com>
Senior Clustering Engineer, OPS Engineering, Novell Inc.
More information about the samba
mailing list