[Samba] Two SMB Domain member gateways to CEPHFS
oskari at datalounges.com
Mon Mar 29 18:36:12 UTC 2021
I have 2 ceph clusters served via SMB-gateways to a single domain.
The cluster reside away from each other few thousand kilometers so having 2 separate SMB-servers is a must.
The Samba works kind of, I can access the shares and am able to set permissions to share-tab and security-tab if certain features are enabled. Or I could, now it seems I’m not able to do that anymore.
My hypothesis is that since having 2 samba-gateways both joined to domain and having RID as a backend confuses the actual AD-part.
From both gateways I can query the domain users and groups from getent passwd. But the gateways return different ID-numbers.
This is my current smb.conf:
workgroup = DOMAIN
netbios name = HOSTNAME
clustering = no
load printers = no
usershare allow guests = No
smbd: backgroundqueue = no
realm = DOMAIN
security = ADS
template homedir = /home/%D/%U
domain logons = No
domain master = No
wins support = no
password server = *
winbind refresh tickets = yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MICT : backend = rid
idmap config MICT : range = 10000-20000
template shell = /bin/bash
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
I’ve tried to read the samba.org and did the configuration based on ttps://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member.
Could anyone point out what is going on here and why I’m getting this kind of problems.
More information about the samba