[Samba] Failover

[Andrew Bartlett]

On Mon, 2013-10-07 at 15:36 +0200, Sandbox wrote:
> Hi guys,
> 
> 
> I have a domain with Samba 4.0.5 domain controllers and also a failover
> DRBD shared disk, where the "active" DC controlls the access to the disk.
> DOMAINC01 - 10.48.16.150
> DOMAINC02 - 10.48.16.151
> DOMAINCHA - 10.48.16.155 << this would be the failover IP, which works
> perfectly on Windows XP clients.
> I can see the shares, just like on DOMAINC01 or DOMAINC02 and if the users
> has the proper credentials they can write open etc.
> But when I try to do the same on a Windows 7 client I simply get an error
> message " You dont have the proper rights to open the directory"
> I guess because of the DOMAINCHA "virtual" controller is not in the AC, but
> shall I add a computer to the AC so my win7 clients could open the
> available shares?

Please don't use DRDB with Samba as an AD DC.  You don't need it (you
should have two DRS replicating DCs).  The reason I am so strongly
against this is that I had to work very hard to recover a corrupt
database at such a site.  We suspect that barriers were either not
enabled or not passed down to the OS in this case, followed by a
unexpected loss of power.  The corrupt database was then perfectly
mirrored to the DRDB clone, resulting in two corrupt mirrors.  DRS
replication likely would have detected the corruption (because the
database would not have been valid) and failed the replica, saving the
data.

Andrew Bartlett 

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz