[Samba] Error in domain or kerberos after configuring CTDB
Carlos Alberto Panozzo Cunha
carlos.hollow at gmail.com
Thu Jan 23 17:18:04 UTC 2025
Hi
More information..
Another thing that indicates to me is CTDB and that several other Linux
Domonio (not the same version of Samba) and Windows also do not present
this problem (not with this frequency of 24 to 48 hours).
Regards;
Em qui., 23 de jan. de 2025 às 08:50, Carlos Alberto Panozzo Cunha <
carlos.hollow at gmail.com> escreveu:
> Hello!
>
> I have two Samba servers (domain members) in cluster format to provide
> file shares, as follows:
>
> GlusterFS for data replication
> Heartbeat for HA
>
> Everything works fine... however I made a recent improvement (I think)
> which was the addition of CTDB for replication of Samba connections, just
> that, and nothing more.
> It worked and works but after that both nodes of the cluster started to
> lose the trust relationship with the domain and other errors with Kerberos
> (I believe), it may not be the problem but it worked without these errors
> for over years and soon after adding CTDB this started....
>
> Here is more information:
>
> Samba version: Version 4.19.5-Ubuntu
> OS Version: Ubuntu 24.04.1 LTS
>
> =========================
>
> smb.conf
>
> [global]
> workgroup = XXXXXXDC
> realm = INTERNO.XXXXXXX.SRV.BR
> password server = 172.16.1.101, 172.16.1.102, *
> username map = /etc/samba/user.map
> kerberos method = system keytab
> security = ADS
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config XXXXXXDC : backend = rid
> idmap config XXXXXXDC : range = 10000-999999
>
> allow trusted domains = yes
> winbind use default domain = yes
> winbind refresh tickets = Yes
> winbind offline logon = yes
> winbind cache time = 600
> winbind reconnect delay = 3
>
> ## ADD LINE TO CTDB
> clustering = yes
> private dir = /mnt/DADOS-GLUSTERFS/CTBD/
>
> template shell = /bin/bash
> template homedir = /home/%U
> map to guest = bad user
> guest ok = yes
> map acl inherit = yes
> store dos attributes = yes
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> ### TUNNING(many to small files) ###
>
> server multi channel support = yes
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
> SO_SNDBUF=131072
> aio read size = 1
> aio write size = 1
>
> min receivefile size = 16384
> use sendfile = yes
> read raw = yes
> write raw = yes
> getwd cache = yes
> large readwrite = yes
> kernel oplocks = yes
>
>
> ### TUNNING ###
>
> include = /etc/samba/compartilhamentos.conf
>
> ========
>
>
> /etc/krb5.conf
>
> [libdefaults]
> default_realm = INTERNO.XXXXXXX.SRV.BR
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> ========
>
> cat ctdb.conf
> # See ctdb.conf(5) for documentation
> #
> # See ctdb-script.options(5) for documentation about event script
> # options
>
> [logging]
> # Enable logging to syslog
> location = syslog
>
> # Default log level
> log level = NOTICE
>
> [cluster]
> # Shared cluster lock file to avoid split brain. Daemon
> # default is no cluster lock. Do NOT run CTDB without a
> # cluster lock file unless you know exactly what you are
> # doing.
> #
> # Please see the CLUSTER LOCK section in ctdb(7) for more
> # details.
> #
> # cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED
> lockdir = /mnt/DADOS-GLUSTERFS/CTBD/
> disable_ip_takeover = yes
> only_locks = yes
>
> ========
>
> Erros in Syslog
>
> 2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]:
> krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR
> 2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +>
> 2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd:
> action 'action-3-builtin:omfile' (module 'builtin:omfile') message lost,
> could not be processed. Check for additional error messages before this
> one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ]
> 2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: )
> (krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
> INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
> dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO.
>
>
> ========
> To resolve this, rejoin Samba to the domain and it works for another day
> or two, until the problems start again...
>
> Any ideas on how to fix this?
> I'm thinking about removing CTDB but wanted to try to fix it first...
>
> Regards;
>
More information about the samba
mailing list