[Samba] CTDB + Likewise-open : What servername when joining AD?

Nicolas Ecarnot nicolas at ecarnot.net
Thu Jan 19 07:50:05 MST 2012 

Le 02/12/2011 00:06, Michael Adam a écrit :
> Samba's tdb (with the machine password) is distributed in the
> cluster by ctdb. Likewise does not use ctdb, so you need other
> means to synchronize its databases contents in the cluster.
> I don't know whether distributing databases would be enough,
> maybe there would be more required IPC infrastructure for
> likewise to be aware of the fact that it is run on multiple
> nodes but as the same identity. This problem is the same,
> no matter how many nodes you have (as long as it is more than one).
> But this is frankly the wrong place to ask how to make likewise
> clusterable. :-)

Hi,

After much research, I eventually came to the conclusion that for the 
time being, it might not be a good idea to hope to try to assemble samba 
+ ctdb + likewise-open, as, as you said, ctdb won't distribute any 
likewise open information amongst the cluster nodes.

I then felt back to use winbind and I still haven't reach any honorable 
success.

My ctdb setup sounds quite sane, as I try to keep it simple :
- only two nodes
- CTDB_RECOVERY_LOCK="/ctdb/.ctdb.lock" working correctly (is it normal 
this file is correctly created but sized 0 ?)
- CTDB_DBDIR=/var/ctdb
- CTDB_DBDIR_PERSISTENT=/var/ctdb/persistent
   /var/ctdb only contains a iptables-ctdb.flock also empty (0 ko)

- On node0, running the below actions is succesful :
   - kdestroy
   - kinit adminUser
   - klist
     (correctly displays the ticket)
   - net ads join -UadminUser
     (correctly showing the AD join)
   - net ads testjoin
     (ok)
   - wbinfo -t
     (ok)
   - wbinfo -u / wbinfo -g correctly returns users and groups lists

- On node1 :
   - net ads join -UadminUser
     (correctly showing the AD join)
   - net ads testjoin
     (ok)
   - wbinfo -t
     shows :

could not obtain winbind interface details!
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
Could not check secret

   - wbinfo -u shows
Error looking up domain users
   - wbinfo -g shows
Error looking up domain groups

According to what I understand, every node has to share a common machine 
password.
In this mailing list, you wrote an answer about that :
http://lists.samba.org/archive/samba/2008-December/145550.html
I first tried without # private dir = /ctdb/samba
and then with this setting.
But according to what you wrote, ctdb is in charge of transfering the 
changes from one node to the other.
On node0, when running net ads join, /var/lib/samba/secrets.tdb gets 
updated (and tdbdump shows the machine password has changed).
On node1, I don't see any change on secrets.tdb.

Should I?

-- 
Nicolas Ecarnot

More information about the samba mailing list