samba - Dec 2008 - Windows client mounting SMB only from one CTDB server

Hi,

Has anyone tried managing SMB servers via CTDB (http://ctdb.samba.org/)?

I have a setup with CTDB managing two SMB servers authenticating with Active
Directory via Winbind. The SMB is active on both the nodes. However, at a
given instance the Windows clients are able to mount only from one SMB
server.

When you try to connect to another server you get the following error:
###

The mapped networked drive could not be created because the following error
has
occurred:
"The specified network name is no longer available"

##
I use the \\IP-Address\global-share to mount SMB share. We have a
round-robin name setup for NAS-head (ctdb-head), but it works only if you
happen to chose the right IP
address that can be SMB mounted.

When we restart "Winbind" on the server from which Windows client
would not
mount, it works! But after that when you try to mount from the other server,
it fails. So, at a given instance Windows client can only mount from single
SMB server in CTDB cluster.

Looking at the "SMB network packets" + SMB + Winbind + CTDB log, I do
not
find any major error. Seems like at a time only one SMB server can
authenticate the client via Winbind. Wondering if this has something to do
with passdb.tdb stored in shared file-system and only one SMB server can
exclusively access it?

Please the configuration below. I would like Windows clients to mount from
multiple SMB servers controlled by CTDB. Thoughts/advice to resolve this
would be appreciated.

Thanks in Advance,
-Tim
Software version
----------------
CTDB:
ctdb-1.0-64
ctdb-debuginfo-1.0-64
Samba:
samba-debuginfo-3.2.3-ctdb.50
samba-3.2.3-ctdb.50
samba-doc-3.2.3-ctdb.50
samba-winbind-32bit-3.2.3-ctdb.50
samba-client-3.2.3-ctdb.50
samba-swat-3.2.3-ctdb.50
samba-common-3.2.3-ctdb.50
Kerberos:
krb5-workstation-1.5-17
krb5-libs-1.5-17
krb5-devel-1.5-17
krb5-auth-dialog-0.7-1
pam_krb5-2.2.11-1
krb5-devel-1.5-17
krb5-libs-1.5-17
pam_krb5-2.2.11-1

smb.conf (identical on all the SMB servers)
--------
[global]
        workgroup = TESTDOMAIN
        realm = TESTDOMAIN.LOCAL
        netbios name = CTDB-HEAD
        security = ADS
        password server = 192.168.10.10
        private dir = /mnt/global/CTDB
        template homedir = /home/%D+%U
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        smb ports = 445
        server signing = auto
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        use mmap = No
        clustering = Yes
        dns proxy = No
        gpfs:sharemodes = no
        fileid:mapping = fsname
        idmap alloc TESTDOMAIN:range = 10777216-57554431
        idmap config TESTDOMAIN:range = 10777216-57554431
        idmap config TESTDOMAIN:backend = rid
        idmap config TESTDOMAIN:default = yes
        force unknown acl user = Yes
        passdb backend = tdbsam
        vfs objects = gpfs
        log level = 3 passdb:5 auth:10 winbind:5
        log file = /var/log/samba/log.%m
        max log size = 50
 client NTLMv2 auth = Yes
        client use spnego = yes
        auth methods = winbind
[global-share]
        comment = global NameSpace
        path = /mnt/global/nfsexport
        read only = No
        inherit permissions = Yes
        inherit acls = Yes

/etc/sysconfig/ctdb
-------------------
CTDB_RECOVERY_LOCK=/mnt/global/CTDB/recovery.lck
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_MANAGES_NFS=yes
CTDB_NODES=/etc/ctdb/nodes

CTDB configuration
------------------
[root@node-01 ~]# ctdb status
Number of nodes:2
pnn:0 172.16.2.252     OK
pnn:1 172.16.2.253     OK (THIS NODE)
Generation:1441566550
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0
[root@node-01 ~]# ctdb ip
Public IPs on node 1
192.168.97.5 0
192.168.97.6 1

[root@node-01 ~]# net ads testjoin
Join is OK

[root@node-01 ~]# wbinfo -u list
TESTDOMAIN+administrator
TESTDOMAIN+guest
TESTDOMAIN+krbtgt
TESTDOMAIN+testuser
TESTDOMAIN+peyton
TESTDOMAIN+eli

[root@node-01 ~]# wbinfo -g
TESTDOMAIN+domain computers
TESTDOMAIN+domain controllers
TESTDOMAIN+schema admins
TESTDOMAIN+enterprise admins
TESTDOMAIN+cert publishers
TESTDOMAIN+domain admins
TESTDOMAIN+domain users
TESTDOMAIN+domain guests
TESTDOMAIN+group policy creator owners
TESTDOMAIN+ras and ias servers
TESTDOMAIN+allowed rodc password replication group
TESTDOMAIN+denied rodc password replication group
TESTDOMAIN+read-only domain controllers
TESTDOMAIN+enterprise read-only domain controllers
TESTDOMAIN+dnsadmins
TESTDOMAIN+dnsupdateproxy

node-02 also has similar output