[Samba] Multiple samba instances on same machine in v4.8 and beyond

Samuel Taylor Liston sam.liston at utah.edu
Wed May 20 18:59:27 UTC 2020 

This is a long shot as it look as though this may not be supported anymore.  Since moving to CentOS 7 we have been using the instantiation feature of systemd to run multiple winbind and smb instances on a single server as part of an HA setup (pacemaker/corosync).  In testing samba version 4.8 and beyond we have found that this doesn’t work anymore, or rather the client tools are unable to authenticate.  What it looks to stem from is client tools appear to be looking for the winbind socket file in the default location only (/run/samba/winbindd).  In order to have multiple smb instances we have been starting a winbind per smb and have been redirecting the winbind socket dir to a specific location per instance, and though the man page says otherwise this was work up until v4.8.  Right now we are version locked at 4.7, but can’t stay there forever.
We have been searching and experimenting (unsuccessfully) to find a way around this.  Has anyone else encountered this and found a working solution?  And ideas of insights would be much appreciated.

Here are my global and one individual instance config file to give a flavor of what we are doing:

[root at xxxxxxxxxxxx ~]# cat /etc/samba/global.smb.conf 
[global]
        workgroup = AD
        server string = xxxxxxxxxxxxx (%L) Server
        security = ADS
        passdb backend = tdbsam
        allow trusted domains = no
        encrypt passwords = yes
        realm = XX.XXXXX.EDU
        local master = no
        preferred master = no
        wins support = no
        wins proxy = no
        dns proxy = no
        load printers = no
        printcap name = /dev/null
        disable spoolss = yes
        lanman auth = yes
        client plaintext auth = yes
        client lanman auth = yes
        restrict anonymous = 2

   
[root at xxxxxxxxxxxxxx ~]# cat /etc/samba/smb.conf.xxxxxxxxxxxxx-vg3-0-lv1 
[global]
        log file = /var/log/samba/%m-xxxxxxxxxxxxx-vg3-0-lv1.log
        encrypt passwords = yes
        include = /etc/samba/global.smb.conf
        pid directory = /var/run/samba/xxvg3-0-lv1-smb
        interfaces = 155.101.11.101
        bind interfaces only = yes
        netbios name = xxvg3-0-lv1-smb
        lock directory = /var/lib/samba/xx301/lock
        cache directory = /var/lib/samba/xx301/cache
        state directory = /var/lib/samba/xx301/state
        private dir = /var/lib/samba/xx301/priv
        winbindd socket directory = /var/lib/samba/xx301/sock

[hpc-home]
        comment = hpc-home xxxxxxxxxxxxx-vg3-0-lv1 share
        # Hide the secret cluster files
        veto files = /.clumanager/.rgmanager/
        browsable = yes
        writable = yes
        path = /uufs/xxxxxxxxxxxxx/common/xxxxxxxxxxxxx-vg3-0-lv1/hpc
        create mask = 0644
        directory mask = 0755
        guest ok = no
        nt acl support = yes
        valid users = @hpc 

==========================================
Center for High Performance Computing - Univ. of Utah
155 S. 1452 E. Rm 405
Salt Lake City, Utah 84112 (801)232-6932
==========================================

More information about the samba mailing list