Carlos Alberto Panozzo Cunha
2025-Jan-23 11:50 UTC
[Samba] Error in domain or kerberos after configuring CTDB
Hello!
I have two Samba servers (domain members) in cluster format to provide file
shares, as follows:
GlusterFS for data replication
Heartbeat for HA
Everything works fine... however I made a recent improvement (I think)
which was the addition of CTDB for replication of Samba connections, just
that, and nothing more.
It worked and works but after that both nodes of the cluster started to
lose the trust relationship with the domain and other errors with Kerberos
(I believe), it may not be the problem but it worked without these errors
for over years and soon after adding CTDB this started....
Here is more information:
Samba version: Version 4.19.5-Ubuntu
OS Version: Ubuntu 24.04.1 LTS
========================
smb.conf
[global]
workgroup = XXXXXXDC
realm = INTERNO.XXXXXXX.SRV.BR
password server = 172.16.1.101, 172.16.1.102, *
username map = /etc/samba/user.map
kerberos method = system keytab
security = ADS
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config XXXXXXDC : backend = rid
idmap config XXXXXXDC : range = 10000-999999
allow trusted domains = yes
winbind use default domain = yes
winbind refresh tickets = Yes
winbind offline logon = yes
winbind cache time = 600
winbind reconnect delay = 3
## ADD LINE TO CTDB
clustering = yes
private dir = /mnt/DADOS-GLUSTERFS/CTBD/
template shell = /bin/bash
template homedir = /home/%U
map to guest = bad user
guest ok = yes
map acl inherit = yes
store dos attributes = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
### TUNNING(many to small files) ###
server multi channel support = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
SO_SNDBUF=131072
aio read size = 1
aio write size = 1
min receivefile size = 16384
use sendfile = yes
read raw = yes
write raw = yes
getwd cache = yes
large readwrite = yes
kernel oplocks = yes
### TUNNING ###
include = /etc/samba/compartilhamentos.conf
=======
/etc/krb5.conf
[libdefaults]
default_realm = INTERNO.XXXXXXX.SRV.BR
dns_lookup_realm = false
dns_lookup_kdc = true
=======
cat ctdb.conf
# See ctdb.conf(5) for documentation
#
# See ctdb-script.options(5) for documentation about event script
# options
[logging]
# Enable logging to syslog
location = syslog
# Default log level
log level = NOTICE
[cluster]
# Shared cluster lock file to avoid split brain. Daemon
# default is no cluster lock. Do NOT run CTDB without a
# cluster lock file unless you know exactly what you are
# doing.
#
# Please see the CLUSTER LOCK section in ctdb(7) for more
# details.
#
# cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED
lockdir = /mnt/DADOS-GLUSTERFS/CTBD/
disable_ip_takeover = yes
only_locks = yes
=======
Erros in Syslog
2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]: krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR
2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +>
2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd:
action 'action-3-builtin:omfile' (module 'builtin:omfile')
message lost,
could not be processed. Check for additional error messages before this
one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ]
2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: )
(krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/
INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/
dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO.
=======To resolve this, rejoin Samba to the domain and it works for another day
or
two, until the problems start again...
Any ideas on how to fix this?
I'm thinking about removing CTDB but wanted to try to fix it first...
Regards;
Carlos Alberto Panozzo Cunha
2025-Jan-23 17:18 UTC
[Samba] Error in domain or kerberos after configuring CTDB
Hi More information.. Another thing that indicates to me is CTDB and that several other Linux Domonio (not the same version of Samba) and Windows also do not present this problem (not with this frequency of 24 to 48 hours). Regards; Em qui., 23 de jan. de 2025 ?s 08:50, Carlos Alberto Panozzo Cunha < carlos.hollow at gmail.com> escreveu:> Hello! > > I have two Samba servers (domain members) in cluster format to provide > file shares, as follows: > > GlusterFS for data replication > Heartbeat for HA > > Everything works fine... however I made a recent improvement (I think) > which was the addition of CTDB for replication of Samba connections, just > that, and nothing more. > It worked and works but after that both nodes of the cluster started to > lose the trust relationship with the domain and other errors with Kerberos > (I believe), it may not be the problem but it worked without these errors > for over years and soon after adding CTDB this started.... > > Here is more information: > > Samba version: Version 4.19.5-Ubuntu > OS Version: Ubuntu 24.04.1 LTS > > ========================> > smb.conf > > [global] > workgroup = XXXXXXDC > realm = INTERNO.XXXXXXX.SRV.BR > password server = 172.16.1.101, 172.16.1.102, * > username map = /etc/samba/user.map > kerberos method = system keytab > security = ADS > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config XXXXXXDC : backend = rid > idmap config XXXXXXDC : range = 10000-999999 > > allow trusted domains = yes > winbind use default domain = yes > winbind refresh tickets = Yes > winbind offline logon = yes > winbind cache time = 600 > winbind reconnect delay = 3 > > ## ADD LINE TO CTDB > clustering = yes > private dir = /mnt/DADOS-GLUSTERFS/CTBD/ > > template shell = /bin/bash > template homedir = /home/%U > map to guest = bad user > guest ok = yes > map acl inherit = yes > store dos attributes = yes > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > ### TUNNING(many to small files) ### > > server multi channel support = yes > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 > SO_SNDBUF=131072 > aio read size = 1 > aio write size = 1 > > min receivefile size = 16384 > use sendfile = yes > read raw = yes > write raw = yes > getwd cache = yes > large readwrite = yes > kernel oplocks = yes > > > ### TUNNING ### > > include = /etc/samba/compartilhamentos.conf > > =======> > > /etc/krb5.conf > > [libdefaults] > default_realm = INTERNO.XXXXXXX.SRV.BR > dns_lookup_realm = false > dns_lookup_kdc = true > > =======> > cat ctdb.conf > # See ctdb.conf(5) for documentation > # > # See ctdb-script.options(5) for documentation about event script > # options > > [logging] > # Enable logging to syslog > location = syslog > > # Default log level > log level = NOTICE > > [cluster] > # Shared cluster lock file to avoid split brain. Daemon > # default is no cluster lock. Do NOT run CTDB without a > # cluster lock file unless you know exactly what you are > # doing. > # > # Please see the CLUSTER LOCK section in ctdb(7) for more > # details. > # > # cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED > lockdir = /mnt/DADOS-GLUSTERFS/CTBD/ > disable_ip_takeover = yes > only_locks = yes > > =======> > Erros in Syslog > > 2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]: > krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR > 2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +> > 2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd: > action 'action-3-builtin:omfile' (module 'builtin:omfile') message lost, > could not be processed. Check for additional error messages before this > one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ] > 2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: ) > (krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO. > > > =======> To resolve this, rejoin Samba to the domain and it works for another day > or two, until the problems start again... > > Any ideas on how to fix this? > I'm thinking about removing CTDB but wanted to try to fix it first... > > Regards; >
Stefan Kania
2025-Jan-27 20:31 UTC
[Samba] Error in domain or kerberos after configuring CTDB
As I see in your configuration you use smb.conf on the CTDB-Server. You should use the registry, because that's the way the configuration will replicate the configuration. CTDB stands for clustered trivial databases. The registry is a tdb-database. There are a lot more wrong configurations in your config. Take a look at my tutorial from sambaxp 2020 https://www.kania-online.de/wp-content/uploads/2020/05/ctdb-gluster.zip Am 23.01.25 um 12:50 schrieb Carlos Alberto Panozzo Cunha via samba:> Hello! > > I have two Samba servers (domain members) in cluster format to provide file > shares, as follows: > > GlusterFS for data replication > Heartbeat for HA > > Everything works fine... however I made a recent improvement (I think) > which was the addition of CTDB for replication of Samba connections, just > that, and nothing more. > It worked and works but after that both nodes of the cluster started to > lose the trust relationship with the domain and other errors with Kerberos > (I believe), it may not be the problem but it worked without these errors > for over years and soon after adding CTDB this started.... > > Here is more information: > > Samba version: Version 4.19.5-Ubuntu > OS Version: Ubuntu 24.04.1 LTS > > ========================> > smb.conf > > [global] > workgroup = XXXXXXDC > realm = INTERNO.XXXXXXX.SRV.BR > password server = 172.16.1.101, 172.16.1.102, * > username map = /etc/samba/user.map > kerberos method = system keytab > security = ADS > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config XXXXXXDC : backend = rid > idmap config XXXXXXDC : range = 10000-999999 > > allow trusted domains = yes > winbind use default domain = yes > winbind refresh tickets = Yes > winbind offline logon = yes > winbind cache time = 600 > winbind reconnect delay = 3 > > ## ADD LINE TO CTDB > clustering = yes > private dir = /mnt/DADOS-GLUSTERFS/CTBD/ > > template shell = /bin/bash > template homedir = /home/%U > map to guest = bad user > guest ok = yes > map acl inherit = yes > store dos attributes = yes > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > ### TUNNING(many to small files) ### > > server multi channel support = yes > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 > SO_SNDBUF=131072 > aio read size = 1 > aio write size = 1 > > min receivefile size = 16384 > use sendfile = yes > read raw = yes > write raw = yes > getwd cache = yes > large readwrite = yes > kernel oplocks = yes > > > ### TUNNING ### > > include = /etc/samba/compartilhamentos.conf > > =======> > > /etc/krb5.conf > > [libdefaults] > default_realm = INTERNO.XXXXXXX.SRV.BR > dns_lookup_realm = false > dns_lookup_kdc = true > > =======> > cat ctdb.conf > # See ctdb.conf(5) for documentation > # > # See ctdb-script.options(5) for documentation about event script > # options > > [logging] > # Enable logging to syslog > location = syslog > > # Default log level > log level = NOTICE > > [cluster] > # Shared cluster lock file to avoid split brain. Daemon > # default is no cluster lock. Do NOT run CTDB without a > # cluster lock file unless you know exactly what you are > # doing. > # > # Please see the CLUSTER LOCK section in ctdb(7) for more > # details. > # > # cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED > lockdir = /mnt/DADOS-GLUSTERFS/CTBD/ > disable_ip_takeover = yes > only_locks = yes > > =======> > Erros in Syslog > > 2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]: krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR > 2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +> > 2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd: > action 'action-3-builtin:omfile' (module 'builtin:omfile') message lost, > could not be processed. Check for additional error messages before this > one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ] > 2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: ) > (krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO. > > > =======> To resolve this, rejoin Samba to the domain and it works for another day or > two, until the problems start again... > > Any ideas on how to fix this? > I'm thinking about removing CTDB but wanted to try to fix it first... > > Regards;
Ralph Boehme
2025-Jan-27 20:41 UTC
[Samba] Error in domain or kerberos after configuring CTDB
On 1/23/25 12:50 PM, Carlos Alberto Panozzo Cunha via samba wrote:> private dir = /mnt/DADOS-GLUSTERFS/CTBD/coincidentally spotted this: this is very wrong, this puts some of Samba's databases onto the cluster filesystem. This is not how it works, ctdb itself takes care of clustering the databases. -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/