[Samba] Samba 4.1.7 CTDB winbind not syncing when connected to MS AD 2008R2 - WAS: Re: Samba 4.1.7 clustering not using private dir

Taylor, Jonn jonnt at taylortelephone.com
Mon Apr 28 06:23:04 MDT 2014 

Update on my problem. I resetup my 2 node cluster per the samba wiki for 
4.x and CTDB. The only difference is that I am using DRBD and GFS2. CTDB 
is not syncing the winbind databases between nodes. I had to join each 
node before winbind would authenticate my users to AD. This morning I 
found that one of the 2 nodes stopped authenticating users again. It 
looks like CTDB is not syncing the samba/winbind databases to keep the 
nodes in sync.

How can I prove this out?

Jonn

On 04/25/2014 02:16 PM, Jonn Taylor wrote:
> On 4/25/2014 11:56 AM, Rowland Penny wrote:
>> On 25/04/14 16:46, Taylor, Jonn wrote:
>>> I originally posted this on the dev list and opened a bug for this 
>>> but was asked to post this to the users list.
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=10565
>>>
>>> Using sernet 4.1 packages. I am unable to get smbd to use private dir.
>>> Set option in smb.conf and on command line.
>>>
>>> sernet-samba-libsmbclient0-4.1.7-7.el6.x86_64
>>> sernet-samba-libs-4.1.7-7.el6.x86_64
>>> sernet-samba-client-4.1.7-7.el6.x86_64
>>> sernet-samba-4.1.7-7.el6.x86_64
>>> sernet-samba-common-4.1.7-7.el6.x86_64
>>> sernet-samba-winbind-4.1.7-7.el6.x86_64
>>>
>>> [global]
>>>         workgroup = TAYLORTELEPHONE
>>>         realm = TAYLORTELEPHONE.COM
>>>         netbios name = SHR01
>>>         server string = Cluster Share
>>>         interfaces = eth0, lo
>>>         security = ADS
>>>         private dir = /clusterdata/private
>>>         log file = /var/log/samba/log.samba
>>>         server min protocol = NT1
>>>         client signing = if_required
>>>         server signing = if_required
>>>         clustering = Yes
>>>         printcap name = /etc/printcap
>>>         wins server = 192.168.173.13, 192.168.173.14
>>>         template shell = /bin/bash
>>>         winbind enum users = Yes
>>>         winbind enum groups = Yes
>>>         winbind use default domain = Yes
>>>         winbind refresh tickets = Yes
>>>         winbind offline logon = Yes
>>>         idmap config * : schema_mode = rfc2307
>>>         idmap config TAYLORTELEPHONE:backend = rid
>>>         idmap config TAYLORTELEPHONE:range = 500-4000000
>>>         idmap config * : range = 1000-4000000
>>>         idmap config * : backend = tdb2
>>>         admin users = "@TAYLORTELEPHONE\Domain Admins"
>>>         inherit acls = Yes
>>>         map acl inherit = Yes
>>>
>>> # SAMBA_START_MODE defines how Samba should be started. Valid options
>>> are one of
>>> #   "none"    to not enable it at all,
>>> #   "classic" to use the classic smbd/nmbd/winbind daemons
>>> #   "ad"      to use the Active Directory server (which starts the smbd
>>> on its own)
>>> # (Be aware that you also need to enable the services/init scripts that
>>> # automatically start up the desired daemons.)
>>> SAMBA_START_MODE="classic"
>>>
>>> # SAMBA_RESTART_ON_UPDATE defines if the the services should be
>>> restarted when
>>> # the RPMs are updated. Setting this to "yes" effectively enables the
>>> # functionality of the try-restart parameter of the init scripts.
>>> SAMBA_RESTART_ON_UPDATE="yes"
>>>
>>> # NMBD_EXTRA_OPTS may contain extra options that are passed as 
>>> additional
>>> # arguments to the nmbd daemon
>>> NMBD_EXTRA_OPTS=""
>>>
>>> # WINBINDD_EXTRA_OPTS may contain extra options that are passed as
>>> additional
>>> # arguments to the winbindd daemon
>>> WINBINDD_EXTRA_OPTS=""
>>>
>>> # SMBD_EXTRA_OPTS may contain extra options that are passed as 
>>> additional
>>> # arguments to the smbd daemon
>>> SMBD_EXTRA_OPTS="private-dir=/clusterdata/private"
>> Hi,
>>
>> I think that this should be:
>> SMBD_EXTRA_OPTS="--private-dir=/clusterdata/private"
>>
>> Rowland
>>
> What I was told is that the private dir is disabled when clustering = 
> yes is set in samba 4.1. I started all over and tried the setup from 
> the samba wiki. I still had to do a net ads join on both servers but 
> it is working. The only thing I need to check is if CTDB is really 
> replicating the databases for samba and winbind.
>
> Any know how to check this?
>>>
>>> # SAMBA_EXTRA_OPTS may contain extra options that are passed as 
>>> additional
>>> # arguments to the samba daemon
>>> SAMBA_EXTRA_OPTS=""
>>>
>>> # SAMBA_IGNORE_NSUPDATE_G defines whether the samba daemon should be 
>>> started
>>> # when 'nsupdate -g' is not available. Setting this to "yes" would 
>>> mean that
>>> # samba will be started even without 'nsupdate -g'. This will lead 
>>> to severe
>>> # problems without a proper workaround!
>>> SAMBA_IGNORE_NSUPDATE_G="no"
>>>
>>>
>>>
>>
>

More information about the samba mailing list