jintao chen wrote:> Hello, Michael
Hi, and sorry for the delay...
> I deployed two nodes with ctdb for HA solution, and I used "smbpasswd
> -a ctdbuser01" to create a new user in node1, it was shown correctly
> in node1:
> # pdbedit -L
> ctdbuser01:501:
>
> but it was showing something wrong through node2:
> # pdbedit -L
> ctdbuser01:4294967295:
>
> # pdbedit -Lv
> ---------------
> Unix username: ctdbuser01
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-3030760710-2492829195-736885294-1000
> pdb_get_group_sid: Failed to find Unix account for ctdbuser01
> Primary Group SID: (NULL SID)
>
> what can I do for this?
Well, for a samba user in passdb.tdb, you still need the unix
user underneath. For a normal (non-clustered) samba server you
can create the unix users automatically when adding the samba
user with the help of a "add user script" configured in smb.conf.
I assume that in your case you either had a unix user pre-created
or used a "add user script" - right?
In a ctdb-cluster, the passdb.tdb is automatically synchronized
in the cluster, but the unix users aren't. This is the reason
why you have the proper user on one node, and and the same user
does not exist (uid = -1) on the other node.
Now you have three options in principle to fix that:
1. use a domain and make your samba server a member.
this removes the need of maintaining local users in the
cluster.
This is the most common mode by far.
2. use an external user database: ldap
this can definitely be done. Setup is like for a
non-clustered server.
3. establish a mechanism that keeps the unix users and
groups in sync on the nodes. (i.e. including uids/gids).
This needs to be done on creation time. So concurrent
creations on different nodes don't creat conflicts.
I have never set up something like that and I have never
heard of such a setup either.
I hope this helps.
Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20120319/6731aec7/attachment.pgp>