samba - Aug 2003 - Using Samba 2.2.8a with Microsoft Cluster Services

Hello all-
	First time posting to group in 3.5 years of using Samba ;) 
	I have a particularily odd problem that the folks over at
sql-server-performance.com forums have never seen nor heard of... I am
setting up an W2kAS/SQL2k active/passive cluster using Cluster Services.
The MSCS requires a common domain login for installing and configuring
MSCS which I have setup on my Samba 2.2.8a PDC (domain=cluster,
user=cluster). Both servers joined the domain without a problem and I'm
able to login to both using the domain account.
	The problem occurs during the installation of the MSCS software. I am
able to successfully install the first node using the cluster user
domain account, but when I go to install the second node using the same
account, it gives me the following error: "CLUSTER\cluster does not have
permission to administer the cluster. Please use an account that has
access privileges to the cluster."
	Now, I've gone through all the relevent KB articles and manually added
the CLUSTER/cluster user into the proper local security policies (see KB
#272129 and #269229) on both nodes in the cluster, but the install still
fails out on the second node. 
	I cranked up the logging on my PDC and I've posted the login/auth
failure section of the second node's log at
http://zaphod.smartbrief.com/pics/log.princess-1 
	My smb.conf file:

$:/var/log/samba# testparm -x -s
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Loaded services file OK.
# Global parameters
[global]
        workgroup = CLUSTER
        netbios name = BUBBLES-NEW
        server string = CLUSTER PDC
        encrypt passwords = Yes
        obey pam restrictions = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        unix password sync = Yes
        log level = 4
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = dns lmhosts host wins bcast
        domain admin group = cluster root
        logon path = \\%N\profiles\%u
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No

[homes]
        comment = Home Directories
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        write list = root cluster
        share modes = No

Is there any other information that I should be collecting? 

Thanks,
Zack

On Wed, Aug 27, 2003 at 06:24:33PM -0400, Zachariah Mully
wrote:
> Hello all-
> 	First time posting to group in 3.5 years of using Samba ;) 
> 	I have a particularily odd problem that the folks over at
> sql-server-performance.com forums have never seen nor heard of... I am
> setting up an W2kAS/SQL2k active/passive cluster using Cluster Services.
> The MSCS requires a common domain login for installing and configuring
> MSCS which I have setup on my Samba 2.2.8a PDC (domain=cluster,
> user=cluster). Both servers joined the domain without a problem and I'm
> able to login to both using the domain account.
> 	The problem occurs during the installation of the MSCS software. I am
> able to successfully install the first node using the cluster user
> domain account, but when I go to install the second node using the same
> account, it gives me the following error: "CLUSTER\cluster does not
have
> permission to administer the cluster. Please use an account that has
> access privileges to the cluster."
> 	Now, I've gone through all the relevent KB articles and manually added
> the CLUSTER/cluster user into the proper local security policies (see KB
> #272129 and #269229) on both nodes in the cluster, but the install still
> fails out on the second node. 
> 	I cranked up the logging on my PDC and I've posted the login/auth
> failure section of the second node's log at
> http://zaphod.smartbrief.com/pics/log.princess-1 
> 	My smb.conf file:
Hmmm. It's doing some an LSA_ENUMTRUSTDOM which we don't support fully
in 2.2.x. Can you try this with Samba 3.0 (which does) to see if this
makes a difference ?

Thanks,

	Jeremy.