Hsu, Cheng (Consultant)
2003-Feb-12 22:03 UTC
[Samba] Samba server in a failover environment
Hello, Samba Gurus .....
I have a Samba server running on a pair of SUN servers (server-a and
server-b).
The samba shares are NFS mounted from a third SUN server (server-c).
I installed Samba 2.2.7a on the paired SUN servers under /usr/local/samba
(Samba 2.2.7a is locally installed on server-a and server-b, since
/usr/local/samba
is local on the rootdisk.)
The failover environment works like this:
. I manually start up Samba daemons (smbd and nmbd) on server-a
. Users are able to map Samba shares to their PCs, and they can read and
write
. While users have their files open, I manually stop all Samba daemons on
server-a
. Then, I manually start up Samba daemons (smbd and nmbd) on server-b
(note that server-a and server-b have the same smb.conf file under
/usr/local/samba/lib)
a) We tested this failover environment, it didn't work. Those open files
are not accessible
after we failed over Samba daemons to server-b.
b) I manually changed the startup script so that server-b will explicitly
join
the NT domain, then everything works fine.
c) Then, I manually stop Samba daemons on server-b, and start Samba daemons
on
server-a and explicitly join the NT domain, and everything still works.
d) I can manually fail over Samba daemons between server-a and server-b.
Everything
works as long as I explicitly join the NT domain.
Our UNIX SAs and NT SAs told me that it is not required to explicitly join
the NT domain
after failover. But my experiment shows that I MUST explicitly join the
NT domain
in order for everything to work.
I cannot find anything which can help me understand how to properly failover
Samba daemons between two UNIX (SUN) servers.
Cheng Hsu
----- This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please delete it and all copies from your
system, destroy any hard copies and notify the sender. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any part
of this message if you are not the intended recipient. Nomura Holding
America Inc., Nomura Securities International, Inc, and their respective
subsidiaries each reserve the right to monitor all e-mail communications
through its networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorized to state the views of such entity. Unless otherwise stated,
any pricing information in this message is indicative only, is subject to
change and does not constitute an offer to deal at any price quoted. Any
reference to the terms of executed transactions should be treated as
preliminary only and subject to our formal written confirmation.
On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote:> The failover environment works like this: > . I manually start up Samba daemons (smbd and nmbd) on server-a > . Users are able to map Samba shares to their PCs, and they can read and > write > . While users have their files open, I manually stop all Samba daemons on > server-a > . Then, I manually start up Samba daemons (smbd and nmbd) on server-b > (note that server-a and server-b have the same smb.conf file under > /usr/local/samba/lib)> Our UNIX SAs and NT SAs told me that it is not required to explicitly join > the NT domain > after failover. But my experiment shows that I MUST explicitly join the > NT domain > in order for everything to work.Just a guess: Make sure that the server do not only have the same smb.conf, but also the same SID (MACHINE.SID or whatever setup of samba you use) __ Oktay Akbal
Hsu, Cheng (Consultant)
2003-Feb-19 14:29 UTC
[Samba] Samba server in a failover environment
Uli Luckas, Oktay Akbal, Samba Gurus, Where is the SID, or MACHINE.SID ? Is that a file ? I checked my Samba installation (/usr/local/samba) and I cannot find the file. Cheng Hsu -----Original Message----- From: Uli Luckas [mailto:Uli.Luckas@abakusag.de] Sent: Thursday, February 13, 2003 5:25 AM To: 'Oktay Akbal'; Hsu, Cheng (Consultant) Cc: 'samba@lists.samba.org' Subject: AW: [Samba] Samba server in a failover environment On Thu, 13 Feb 2003, Oktay Akbal wrote:> On Wed, 12 Feb 2003, Hsu, Cheng (Consultant) wrote: > > > But my experiment shows that I MUST > explicitly join the > > NT domain > > in order for everything to work. > > Just a guess: Make sure that the server do not only have the same > smb.conf, but also the same SID (MACHINE.SID or whatever > setup of samba > you use)This will not be enough in the long run... The SID is what identifies the machine all right. But on join your the machine registers a (random) password with the DC. Now if you join the second server with the same name/SID the DC will update the password to the 2nd machine's idea of what it should be and the 1st machine can't log into the domain any more :-( And it is worse... You could probably (r)sync smb.conf, MACHINE.SID plus the domain password (secrets.tdb?) between the two servers and things would work for a while. But you need to do this on a regular basis as the password is updated to a new random password every now and then (default once a week?) and the secondary server would be out of sync. Just as an suggestion to the samba team ... a hook like "machine pwd update script = sync_secrets.sh" in smb.conf would come in handy. Hope I was of any help Uli ----- This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please delete it and all copies from your system, destroy any hard copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Nomura Holding America Inc., Nomura Securities International, Inc, and their respective subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state the views of such entity. Unless otherwise stated, any pricing information in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation.