[Samba] Multiple samba instances on same machine in v4.8 and beyond

Wed May 20 19:39:22 UTC 2020

On 20/05/2020 19:59, Samuel Taylor Liston via samba wrote:
> This is a long shot as it look as though this may not be supported anymore.  Since moving to CentOS 7 we have been using the instantiation feature of systemd to run multiple winbind and smb instances on a single server as part of an HA setup (pacemaker/corosync).  In testing samba version 4.8 and beyond we have found that this doesn’t work anymore, or rather the client tools are unable to authenticate.  What it looks to stem from is client tools appear to be looking for the winbind socket file in the default location only (/run/samba/winbindd).  In order to have multiple smb instances we have been starting a winbind per smb and have been redirecting the winbind socket dir to a specific location per instance, and though the man page says otherwise this was work up until v4.8.  Right now we are version locked at 4.7, but can’t stay there forever.
> We have been searching and experimenting (unsuccessfully) to find a way around this.  Has anyone else encountered this and found a working solution?  And ideas of insights would be much appreciated.
>
> Here are my global and one individual instance config file to give a flavor of what we are doing:
>
> [root at xxxxxxxxxxxx ~]# cat /etc/samba/global.smb.conf
> [global]
>          workgroup = AD
>          server string = xxxxxxxxxxxxx (%L) Server
>          security = ADS
>          passdb backend = tdbsam
>          allow trusted domains = no
>          encrypt passwords = yes
>          realm = XX.XXXXX.EDU
>          local master = no
>          preferred master = no
>          wins support = no
>          wins proxy = no
>          dns proxy = no
>          load printers = no
>          printcap name = /dev/null
>          disable spoolss = yes
>          lanman auth = yes
>          client plaintext auth = yes
>          client lanman auth = yes
>          restrict anonymous = 2
>
>     
> [root at xxxxxxxxxxxxxx ~]# cat /etc/samba/smb.conf.xxxxxxxxxxxxx-vg3-0-lv1
> [global]
>          log file = /var/log/samba/%m-xxxxxxxxxxxxx-vg3-0-lv1.log
>          encrypt passwords = yes
>          include = /etc/samba/global.smb.conf
>          pid directory = /var/run/samba/xxvg3-0-lv1-smb
>          interfaces = 155.101.11.101
>          bind interfaces only = yes
>          netbios name = xxvg3-0-lv1-smb
>          lock directory = /var/lib/samba/xx301/lock
>          cache directory = /var/lib/samba/xx301/cache
>          state directory = /var/lib/samba/xx301/state
>          private dir = /var/lib/samba/xx301/priv
>          winbindd socket directory = /var/lib/samba/xx301/sock
>
> [hpc-home]
>          comment = hpc-home xxxxxxxxxxxxx-vg3-0-lv1 share
>          # Hide the secret cluster files
>          veto files = /.clumanager/.rgmanager/
>          browsable = yes
>          writable = yes
>          path = /uufs/xxxxxxxxxxxxx/common/xxxxxxxxxxxxx-vg3-0-lv1/hpc
>          create mask = 0644
>          directory mask = 0755
>          guest ok = no
>          nt acl support = yes
>          valid users = @hpc
>
>
The first fix: yum remove sssd

Install winbind etc and configure smb.conf correctly

You cannot use sssd with Samba >= 4.8.0

I 'think' that what you are trying do will probably work with CTDB, but 
you will need more than one client (you cannot really have a cluster 
with only one client), but this is outside my comfort zone, but I know 
of a couple of guys that do know about it and one of them is going to 
give a talk on the up coming online SambaXP: https://sambaxp.org/

Rowland