[Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin

simo idra at samba.org
Sun Jan 22 08:40:26 MST 2012 

On Fri, 2012-01-20 at 16:38 +1000, Peter Tan wrote: 
> I have set up a 2 node linux cluster and wish to share a ocfs2 mount on san storage. I have configured ctdb, samba and Kerberos and am able to map the share on my windows workstation when I hit the ip of each of the two nodes.
> 
> I am able to mount this share via nfs on other linux servers ok.
> 
> However it does not appear to be authenticating when I try to map to the DNS hostname that has been set up to round robins across the two ip's - I keep getting prompted for a login and password and I get the following in /var/log/messages: "krb5_rd_req failed (Key table entry not found)"
> 
> Node 1: 10.101.4.16
> Node 2: 10.101.4.17
> DNS A Name: clusterpub 10.101.4.16
> DNS A Name: clusterpub 10.101.4.17
> 
> I have set the "netbios name = clusterpub" in smb.conf on both nodes
> 
> Interestingly, I am able to successfully connect to the "clusterpub" share from one of the nodes via smbclient.
> 
> # smbclient //clusterpub/archive -U <user>
> Enter <user> password:
> Domain=[COUNCIL] OS=[Unix] Server=[Samba 3.5.4-0.83.el5]
> smb: \> dir
>   .                     D        0  Fri Jan 20 14:28:01 2012
>   ..                    D        0  Wed Jan 18 13:56:46 2012
>   hello-from-samba               0  Fri Jan 20 14:28:01 2012
> 
>                 64000 blocks of size 16777216. 63805 blocks available
> smb: \>
> 
> What am I missing?

You have 2 ways to solve this issue.

My preferred one is to join the cluster to the domain with the public
name (clusterpub) in your case, and share the keytab between the 2
nodes. They are logically a single server and need to share the same
credentials.

Another way I like a lot less is to make sure you have PTR records set
up so that they point to the respective private names, and join each
node with these names. I like this less because it relies on reverse
address resolution and kinda breaks the fact you are trying to present a
single service to the clients.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba mailing list