[Samba] Problem Accessing Samba share from Windows workstation via DNS Round Robin
simo
idra at samba.org
Sun Jan 22 08:40:26 MST 2012
On Fri, 2012-01-20 at 16:38 +1000, Peter Tan wrote:
> I have set up a 2 node linux cluster and wish to share a ocfs2 mount on san storage. I have configured ctdb, samba and Kerberos and am able to map the share on my windows workstation when I hit the ip of each of the two nodes.
>
> I am able to mount this share via nfs on other linux servers ok.
>
> However it does not appear to be authenticating when I try to map to the DNS hostname that has been set up to round robins across the two ip's - I keep getting prompted for a login and password and I get the following in /var/log/messages: "krb5_rd_req failed (Key table entry not found)"
>
> Node 1: 10.101.4.16
> Node 2: 10.101.4.17
> DNS A Name: clusterpub 10.101.4.16
> DNS A Name: clusterpub 10.101.4.17
>
> I have set the "netbios name = clusterpub" in smb.conf on both nodes
>
> Interestingly, I am able to successfully connect to the "clusterpub" share from one of the nodes via smbclient.
>
> # smbclient //clusterpub/archive -U <user>
> Enter <user> password:
> Domain=[COUNCIL] OS=[Unix] Server=[Samba 3.5.4-0.83.el5]
> smb: \> dir
> . D 0 Fri Jan 20 14:28:01 2012
> .. D 0 Wed Jan 18 13:56:46 2012
> hello-from-samba 0 Fri Jan 20 14:28:01 2012
>
> 64000 blocks of size 16777216. 63805 blocks available
> smb: \>
>
> What am I missing?
You have 2 ways to solve this issue.
My preferred one is to join the cluster to the domain with the public
name (clusterpub) in your case, and share the keytab between the 2
nodes. They are logically a single server and need to share the same
credentials.
Another way I like a lot less is to make sure you have PTR records set
up so that they point to the respective private names, and join each
node with these names. I like this less because it relies on reverse
address resolution and kinda breaks the fact you are trying to present a
single service to the clients.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba
mailing list