Created attachment 9871 [details] /etc/sysconfig/ctdb config file Using sernet 4.1 packages. I am unable to get smbd/winbind to use private dir. Set option in smb.conf and on command line does not work. Using latest CTDB build. Samba continues to use /var/lib/samba as private dir. sernet-samba-libsmbclient0-4.1.7-7.el6.x86_64 sernet-samba-libs-4.1.7-7.el6.x86_64 sernet-samba-client-4.1.7-7.el6.x86_64 sernet-samba-4.1.7-7.el6.x86_64 sernet-samba-common-4.1.7-7.el6.x86_64 sernet-samba-winbind-4.1.7-7.el6.x86_64 [global] workgroup = TAYLORTELEPHONE realm = TAYLORTELEPHONE.COM netbios name = SHR01 server string = Cluster Share interfaces = eth0, lo security = ADS private dir = /clusterdata/private log file = /var/log/samba/log.samba server min protocol = NT1 client signing = if_required server signing = if_required clustering = Yes printcap name = /etc/printcap wins server = 192.168.173.13, 192.168.173.14 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes idmap config * : schema_mode = rfc2307 idmap config TAYLORTELEPHONE:backend = rid idmap config TAYLORTELEPHONE:range = 500-4000000 idmap config * : range = 1000-4000000 idmap config * : backend = tdb2 admin users = "@TAYLORTELEPHONE\Domain Admins" inherit acls = Yes map acl inherit = Yes # SAMBA_START_MODE defines how Samba should be started. Valid options are one of # "none" to not enable it at all, # "classic" to use the classic smbd/nmbd/winbind daemons # "ad" to use the Active Directory server (which starts the smbd on its own) # (Be aware that you also need to enable the services/init scripts that # automatically start up the desired daemons.) SAMBA_START_MODE="classic" # SAMBA_RESTART_ON_UPDATE defines if the the services should be restarted when # the RPMs are updated. Setting this to "yes" effectively enables the # functionality of the try-restart parameter of the init scripts. SAMBA_RESTART_ON_UPDATE="yes" # NMBD_EXTRA_OPTS may contain extra options that are passed as additional # arguments to the nmbd daemon NMBD_EXTRA_OPTS="" # WINBINDD_EXTRA_OPTS may contain extra options that are passed as additional # arguments to the winbindd daemon WINBINDD_EXTRA_OPTS="" # SMBD_EXTRA_OPTS may contain extra options that are passed as additional # arguments to the smbd daemon SMBD_EXTRA_OPTS="private-dir=/clusterdata/private" # SAMBA_EXTRA_OPTS may contain extra options that are passed as additional # arguments to the samba daemon SAMBA_EXTRA_OPTS="" # SAMBA_IGNORE_NSUPDATE_G defines whether the samba daemon should be started # when 'nsupdate -g' is not available. Setting this to "yes" would mean that # samba will be started even without 'nsupdate -g'. This will lead to severe # problems without a proper workaround! SAMBA_IGNORE_NSUPDATE_G="no"
In the clustering case the private dir is insignificant. The significant directories can be set in the sysconfig/ctdb file. For example via CTDB_DBDIR, this shouldn't be your cluster filesystem, in contrast to the reclock file.
The problem is winbind is not sharing the same files between the clusters and then I get one that will not auth users.
With ctdb:secrets.tdb = false you can have individual secrets.tdb files per node. For these winbind should respect the private dir again.
I am just looking to get the 3.6 behaviour back. I had this same setup and it worked very well for many years.
(In reply to comment #3) > With > > ctdb:secrets.tdb = false > > you can have individual secrets.tdb files per node. For these winbind should > respect the private dir again. That option is not in any of the man pages.
3.6 with clustering did obey "private dir"?
(In reply to comment #5) > That option is not in any of the man pages. Can you try it nevertheless, or do you want us to document it properly first before you give it a try?
This what my private dir looks like now. [root@node2 ~]# ls -al /clusterdata/private/ total 432 drwxr-xr-x 2 root root 3864 Apr 25 09:59 . drwxr-xr-x 20 root root 3864 Apr 23 16:09 .. -rw------- 1 root root 430080 Apr 25 09:57 secrets.tdb [root@node2 ~]# Is it normal to have to join each node to the domain before winbind will work correctly? This is what I had before we upgraded to 4.1. total 2212 drwxr-xr-x 5 root root 4096 Apr 2 12:49 . drwxr-xr-x 18 root root 4096 Apr 8 13:15 .. -rw------- 1 root root 16384 Mar 26 09:33 account_policy.tdb -rw-r--r-- 1 root root 40200 Apr 2 12:49 brlock.tdb -rw-r--r-- 1 root root 114688 Apr 2 12:44 connections.tdb -rw------- 1 root root 16384 Apr 2 12:52 dbwrap_watchers.tdb -rw-r--r-- 1 root root 425984 Apr 2 16:57 gencache_notrans.tdb -rw-r--r-- 1 root root 57344 Apr 2 16:57 gencache.tdb -rw------- 1 root root 696 Mar 26 09:30 group_mapping.tdb -rw-r--r-- 1 root root 950272 Apr 2 15:22 locking.tdb -rw------- 1 root root 16384 Apr 2 16:57 messages.tdb -rw------- 1 root root 696 Apr 2 16:57 mutex.tdb -rw------- 1 root root 61440 Apr 2 15:21 netsamlogon_cache.tdb -rw-r--r-- 1 root root 696 Apr 2 12:49 notify_index.tdb -rw-r--r-- 1 root root 696 Mar 26 20:39 notify_onelevel.tdb -rw-r--r-- 1 root root 696 Apr 2 16:51 notify.tdb -rw-r--r-- 1 root root 12288 Apr 2 15:13 printer_list.tdb drwxr-xr-x 2 root root 4096 Mar 26 09:34 printing -rw------- 1 root root 49152 Mar 26 09:34 registry.tdb -rw-r--r-- 1 root root 696 Apr 2 16:51 serverid.tdb -rw-r--r-- 1 root root 204800 Apr 2 12:44 sessionid.tdb -rw------- 1 root root 16384 Mar 26 09:33 share_info.tdb drwxr-xr-x 2 root root 4096 Apr 2 12:49 smb_krb5 -rw------- 1 root root 28672 Apr 2 15:22 smbXsrv_open_global.tdb -rw------- 1 root root 32768 Apr 2 15:22 smbXsrv_session_global.tdb -rw------- 1 root root 16384 Apr 2 15:22 smbXsrv_tcon_global.tdb -rw------- 1 root root 16384 Apr 2 12:49 smbXsrv_version_global.tdb -rw------- 1 root root 45056 Apr 2 12:44 winbindd_cache.tdb -rw------- 1 root root 36864 Mar 26 20:39 winbindd_cache.tdb.bak -rw------- 1 root root 36864 Mar 26 20:36 winbindd_cache.tdb.bak.old drwxr-x--- 2 root root 4096 Mar 26 20:39 winbindd_privileged
My guess would be that you did not have clustering compiled into 3.6
(In reply to comment #8) > Is it normal to have to join each node to the domain before winbind will work > correctly? No, it is not. That's the whole point of sharing the secrets.tdb. Volker
(In reply to comment #9) > My guess would be that you did not have clustering compiled into 3.6 Yes, I was using the sernet packages for samba 3.6 and ctdb.
(In reply to comment #11) > (In reply to comment #9) > > My guess would be that you did not have clustering compiled into 3.6 > > Yes, I was using the sernet packages for samba 3.6 and ctdb. Ok, this is really weird. "clustering = yes" gave you per-node tdb files? Something must have been severely broken in those packages. I don't get it. Let's get back to the start: What do you want to achieve? Do you want to share the tdb files for a common SMB export space, or do you not want to share tdb files, having separate instances?
(In reply to comment #12) > (In reply to comment #11) > > (In reply to comment #9) > > > My guess would be that you did not have clustering compiled into 3.6 > > > > Yes, I was using the sernet packages for samba 3.6 and ctdb. > > Ok, this is really weird. "clustering = yes" gave you per-node tdb files? > Something must have been severely broken in those packages. I don't get it. > > Let's get back to the start: What do you want to achieve? Do you want to share > the tdb files for a common SMB export space, or do you not want to share tdb > files, having separate instances? I need a properly working 2 node ctdb cluster with samba 4.1. The file system is DRBD, GFS2, Pacemaker and corosync. Authentication is AD 2008R2. The cluster is for sharing files, home dir and profiles.
(In reply to comment #13) > (In reply to comment #12) > > (In reply to comment #11) > > > (In reply to comment #9) > > > > My guess would be that you did not have clustering compiled into 3.6 > > > > > > Yes, I was using the sernet packages for samba 3.6 and ctdb. > > > > Ok, this is really weird. "clustering = yes" gave you per-node tdb files? > > Something must have been severely broken in those packages. I don't get it. > > > > Let's get back to the start: What do you want to achieve? Do you want to share > > the tdb files for a common SMB export space, or do you not want to share tdb > > files, having separate instances? > > I need a properly working 2 node ctdb cluster with samba 4.1. The file system > is DRBD, GFS2, Pacemaker and corosync. Authentication is AD 2008R2. The cluster > is for sharing files, home dir and profiles. This was the original setup that worked very well. http://www.howtoforge.com/setting-up-an-active-active-samba-ctdb-cluster-using-gfs-and-drbd-centos-5.5 We moved to CentOS 6 and DRBD 8.4. This cluster also holds the shared storage for our xenserver pools via nfs.
I think this is going beyond what we can do in bugzilla here. Björn is right in that "private dir" is ignored in cluster mode, and this is by design. So it is correct to close this bug as "WORKSFORME". Further support can be found on the mailing lists such as samba@samba.org or if you want a commercial offering, take a look at http://www.samba.org/samba/support/
Still think this way be a bug because if I use this setup from http://wiki.samba.org/index.php/Samba_CTDB_GPFS_Cluster_HowTo it does not work either.
With clustering, it is by design that "private dir" is ignored.