Reg : Samba / CTDB
Krishnanand
krishnanand.gouri at precisionit.co.in
Wed Mar 9 22:26:18 MST 2011
Hi,
As per your request, I am attaching the configuration files, please do the
need to me.
On Tue, 08 Mar 2011 10:27:05 -0600, "Christopher R. Hertel"
<crh at samba.org>
wrote:
> Krishnanand,
>
> I assume (since I saw your post on the Linux-Cluster list) that you are
> running on top of GFS2. Is that correct?
>
> Chris -)-----
>
> Brian McGrew wrote:
>> On 3/7/11 9:38 PM, "Krishnanand" <krishnanand.gouri at precisionit.co.in>
>> wrote:
>>> I have configured 2-Node cluster. Users will access the servers using
>>> the
>>> public IP's. Now I am facing problem server1-IP - 192.168.129.10 and
>>> server2-IP - 192.168.129.11. where as ctdb IP's are 192.168.129.14 &
15
>>> when ever I stop ctdb service in server1 then the users are not able
to
>>> access the shared drives even if the IP's are switch over to server2.
>>> But if at all i stop the ctdb service in server2 then the users are
able
>>> to access the share as usually.
>>>
>>> Please help me in this issue, what needs to modify.
>>
>> Krishnanand,
>>
>> Can you post your smb.conf and ctdb.conf files please?
>>
>> -b
>>
>
> --
> "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
> Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
> jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development,
uninq.
> ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
--
Thnaks & Regards,
Krishnanand Gouri
+919676333406
krishnanand.gouri at precisionit.co.in
-------------- next part --------------
CTDB_RECOVERY_LOCK="/ctdb/recoverylock"
CTDB_PUBLIC_INTERFACE=bond0
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_WINBIND=yes
CTDB_INIT_STYLE=redhat
CTDB_SERVICE_NMB=nmb
CTDB_SERVICE_SMB=smb
CTDB_NODES=/etc/ctdb/nodes
CTDB_EVENT_SCRIPT_DIR=/etc/ctdb/events.d
CTDB_DEBUGLEVEL=ERR
-------------- next part --------------
[global]
unix charset = LOCALE
workgroup = msdpl.com
# netbios name = filesrv1
server string = Cluster File Server 1
passdb backend = ldapsam:ldap://192.168.129.10
# clustering = yes
cluster addresses = 192.168.129.14 192.168.129.15
log level = 0
syslog = 0
max log size = 0
smb ports = 445 139
security = domain
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
deadtime = 15
kernel oplocks = no
name resolve order = wins bcasts hosts
# wins server = 192.168.129.20
dns proxy = no
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
ldap suffix = dc=msdpl,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=manager,dc=msdpl,dc=com
idmap backend = ldap:ldap://192.168.129.10
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap ssl = no
ldap timeout = 70
template shell = /bin/false
winbind use default domain = Yes
inherit permissions = yes
inherit acls = yes
nt acl support = yes
map acl inherit = yes
[hadata]
Comment = New Projects
path = /hadata
browseable = no
public = no
writeable = yes
create mask = 0765
veto files = /lost+found/.Trash-root/*.sh/*.scr/.recycle/
vfs objects = recycle
dos filemode = yes
store dos attributes =yes
force create mode = 0770
force directory mode = 0770
inherit permissions = yes
inherit acls = yes
hide dot files = yes
-------------- next part --------------
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel 256
# Load dynamic backend modules:
# modulepath /usr/local/ldap-2.3/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=msdpl,dc=com"
rootdn "cn=manager,dc=msdpl,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
idletimeout 50
timelimit 70
cachesize 2000
updatedn "cn=manager,dc=msdpl,dc=com"
updateref ldap://192.168.129.20
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
checkpoint 128 15
# Indices to maintain
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index loginShell eq,pres
index nisMapName,nisMapEntry eq,pres,sub
index displayName eq,pres,sub
index uidNumber eq
index gidNumber eq
index memberUID eq
#index sambaSID eq
index sambaPrimaryGroupSID eq
index default sub
index sambaGroupType eq,pres
index uniqueMember eq,pres
index sambaDomainName eq,pres
index uid eq,pres,sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdCanChange,sambaPwdMustChange,sambaKickoffTime,sambaKickoffTime,sambaLogoffTime
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Users,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Guests,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Print Operators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Backup Operators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Replicators,ou=Groups,dc=msdpl,dc=com" write
by anonymous auth
by * none
# some attributes need to be readable anonymously so that 'id user' can answer correctly
access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by * read
# somme attributes can be writable by users themselves
access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by * read
# some attributes need to be writable for samba
access to dn.base="dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
# samba need to be able to create new users account
access to dn="ou=People,dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
# samba need to be able to create new groups account
access to dn="ou=Groups,dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
# samba need to be able to create new computers account
access to dn="ou=Computers,dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
access to * by * read
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com at EXAMPLE.COM
More information about the samba-technical
mailing list