I'm configuring a HA-cluster to share disks using heartbeat from http://www.linux-ha.org/ Two machines, lets call them server1 and server2 share the same disk with an ocfs2 file system. However, the two machines have separate disks for their OS installations. The two physical servers have two gigabit nics each and on those nics I place four virtual IP addresses which heartbeat makes sure is working as long at as least one server is up. Lets say the four IP addresses get host names samba1, samba2, samba3 and samba4. When both servers are up and running it looks something like this: samba1 server1, eth0:0 samba2 server1, eth1:0 samba3 server2, eth0:0 samba4 server2, eth1:0 If one server would go down, either for a planned maintenance or by accident heartbeat will rearrange the configuration to something like this: samba1 server2, eth0:1 samba2 server2, eth1:1 samba3 server2, eth0:0 samba4 server2, eth1:0 Once the failed server gets back heartbeat will again distribute the IP addresses over both servers in an active/active configuration. Smb.conf look the same on both servers and all four IP adresses are listed as interfaces on both machines. This works fine, when a server takes over IP addresses from the other server samba immediately works on those addresses without need for any restart. My problem is that the samba servers use security=domain. I have used net join to join the domain and all works fine for a while. However, after some time the servers get locked out from the domain and I don't really know why. Is it because samba use several IP addresses on the same machine and the same secrets.tdb? If so, would it work better if I used four different smb.conf, one for each IP address pointing to different secrets.tdb? Would this work with local copies of secrets.tdb on the two servers? Is it because the same IP adresses move between two different machines with different secrets.tdb? If so, would it work better if secrets.tdb would be placed on a ocfs2 file system shared between the two servers? regards Henrik
hi, for each samba instance (netbios name) we use different IP addresses and configuration files. thus we have several secret.tdb files which are also located on a cluster filesystem. this works and prevents machines from kicking off each other from the domain micha Henrik Carlqvist wrote:> I'm configuring a HA-cluster to share disks using heartbeat from > http://www.linux-ha.org/ > > Two machines, lets call them server1 and server2 share the same disk with > an ocfs2 file system. However, the two machines have separate disks for > their OS installations. The two physical servers have two gigabit nics > each and on those nics I place four virtual IP addresses which heartbeat > makes sure is working as long at as least one server is up. Lets say the > four IP addresses get host names samba1, samba2, samba3 and samba4. > > When both servers are up and running it looks something like this: > > samba1 server1, eth0:0 > samba2 server1, eth1:0 > samba3 server2, eth0:0 > samba4 server2, eth1:0 > > If one server would go down, either for a planned maintenance or by > accident heartbeat will rearrange the configuration to something like > this: > > samba1 server2, eth0:1 > samba2 server2, eth1:1 > samba3 server2, eth0:0 > samba4 server2, eth1:0 > > Once the failed server gets back heartbeat will again distribute the IP > addresses over both servers in an active/active configuration. > > Smb.conf look the same on both servers and all four IP adresses are listed > as interfaces on both machines. This works fine, when a server takes over > IP addresses from the other server samba immediately works on those > addresses without need for any restart. > > My problem is that the samba servers use security=domain. I have used net > join to join the domain and all works fine for a while. However, after > some time the servers get locked out from the domain and I don't really > know why. > > Is it because samba use several IP addresses on the same machine and the > same secrets.tdb? If so, would it work better if I used four different > smb.conf, one for each IP address pointing to different secrets.tdb? Would > this work with local copies of secrets.tdb on the two servers? > > Is it because the same IP adresses move between two different machines > with different secrets.tdb? If so, would it work better if secrets.tdb > would be placed on a ocfs2 file system shared between the two servers? > > regards Henrik-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399
> for each samba instance (netbios name) we use different IP addresses and > > configuration files. thus we have several secret.tdb files which are > also located on a cluster filesystem. this works and prevents machines > from kicking off each other from the domainThanks alot for sharing your experience! I will try such a configuration. I would also like to thank Neal who pointed me to CTDB which really seems to be the right solution to this problem. However, as there is no support for CTDB in any production ready version of Samba I will not try that now. In our case stability is even more important than avaiablity. regards Henrik -- NOTE: Dear Outlook users: Please remove me from your address books. Read this article and you know why: http://newsforge.com/article.pl?sid=03/08/21/143258