Carlos Alberto Panozzo Cunha
2025-Jan-23 11:50 UTC
[Samba] Error in domain or kerberos after configuring CTDB
Hello! I have two Samba servers (domain members) in cluster format to provide file shares, as follows: GlusterFS for data replication Heartbeat for HA Everything works fine... however I made a recent improvement (I think) which was the addition of CTDB for replication of Samba connections, just that, and nothing more. It worked and works but after that both nodes of the cluster started to lose the trust relationship with the domain and other errors with Kerberos (I believe), it may not be the problem but it worked without these errors for over years and soon after adding CTDB this started.... Here is more information: Samba version: Version 4.19.5-Ubuntu OS Version: Ubuntu 24.04.1 LTS ======================== smb.conf [global] workgroup = XXXXXXDC realm = INTERNO.XXXXXXX.SRV.BR password server = 172.16.1.101, 172.16.1.102, * username map = /etc/samba/user.map kerberos method = system keytab security = ADS idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config XXXXXXDC : backend = rid idmap config XXXXXXDC : range = 10000-999999 allow trusted domains = yes winbind use default domain = yes winbind refresh tickets = Yes winbind offline logon = yes winbind cache time = 600 winbind reconnect delay = 3 ## ADD LINE TO CTDB clustering = yes private dir = /mnt/DADOS-GLUSTERFS/CTBD/ template shell = /bin/bash template homedir = /home/%U map to guest = bad user guest ok = yes map acl inherit = yes store dos attributes = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes ### TUNNING(many to small files) ### server multi channel support = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 aio read size = 1 aio write size = 1 min receivefile size = 16384 use sendfile = yes read raw = yes write raw = yes getwd cache = yes large readwrite = yes kernel oplocks = yes ### TUNNING ### include = /etc/samba/compartilhamentos.conf ======= /etc/krb5.conf [libdefaults] default_realm = INTERNO.XXXXXXX.SRV.BR dns_lookup_realm = false dns_lookup_kdc = true ======= cat ctdb.conf # See ctdb.conf(5) for documentation # # See ctdb-script.options(5) for documentation about event script # options [logging] # Enable logging to syslog location = syslog # Default log level log level = NOTICE [cluster] # Shared cluster lock file to avoid split brain. Daemon # default is no cluster lock. Do NOT run CTDB without a # cluster lock file unless you know exactly what you are # doing. # # Please see the CLUSTER LOCK section in ctdb(7) for more # details. # # cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED lockdir = /mnt/DADOS-GLUSTERFS/CTBD/ disable_ip_takeover = yes only_locks = yes ======= Erros in Syslog 2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]: krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR 2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +> 2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd: action 'action-3-builtin:omfile' (module 'builtin:omfile') message lost, could not be processed. Check for additional error messages before this one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ] 2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: ) (krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO. =======To resolve this, rejoin Samba to the domain and it works for another day or two, until the problems start again... Any ideas on how to fix this? I'm thinking about removing CTDB but wanted to try to fix it first... Regards;
Carlos Alberto Panozzo Cunha
2025-Jan-23 17:18 UTC
[Samba] Error in domain or kerberos after configuring CTDB
Hi More information.. Another thing that indicates to me is CTDB and that several other Linux Domonio (not the same version of Samba) and Windows also do not present this problem (not with this frequency of 24 to 48 hours). Regards; Em qui., 23 de jan. de 2025 ?s 08:50, Carlos Alberto Panozzo Cunha < carlos.hollow at gmail.com> escreveu:> Hello! > > I have two Samba servers (domain members) in cluster format to provide > file shares, as follows: > > GlusterFS for data replication > Heartbeat for HA > > Everything works fine... however I made a recent improvement (I think) > which was the addition of CTDB for replication of Samba connections, just > that, and nothing more. > It worked and works but after that both nodes of the cluster started to > lose the trust relationship with the domain and other errors with Kerberos > (I believe), it may not be the problem but it worked without these errors > for over years and soon after adding CTDB this started.... > > Here is more information: > > Samba version: Version 4.19.5-Ubuntu > OS Version: Ubuntu 24.04.1 LTS > > ========================> > smb.conf > > [global] > workgroup = XXXXXXDC > realm = INTERNO.XXXXXXX.SRV.BR > password server = 172.16.1.101, 172.16.1.102, * > username map = /etc/samba/user.map > kerberos method = system keytab > security = ADS > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config XXXXXXDC : backend = rid > idmap config XXXXXXDC : range = 10000-999999 > > allow trusted domains = yes > winbind use default domain = yes > winbind refresh tickets = Yes > winbind offline logon = yes > winbind cache time = 600 > winbind reconnect delay = 3 > > ## ADD LINE TO CTDB > clustering = yes > private dir = /mnt/DADOS-GLUSTERFS/CTBD/ > > template shell = /bin/bash > template homedir = /home/%U > map to guest = bad user > guest ok = yes > map acl inherit = yes > store dos attributes = yes > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > ### TUNNING(many to small files) ### > > server multi channel support = yes > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 > SO_SNDBUF=131072 > aio read size = 1 > aio write size = 1 > > min receivefile size = 16384 > use sendfile = yes > read raw = yes > write raw = yes > getwd cache = yes > large readwrite = yes > kernel oplocks = yes > > > ### TUNNING ### > > include = /etc/samba/compartilhamentos.conf > > =======> > > /etc/krb5.conf > > [libdefaults] > default_realm = INTERNO.XXXXXXX.SRV.BR > dns_lookup_realm = false > dns_lookup_kdc = true > > =======> > cat ctdb.conf > # See ctdb.conf(5) for documentation > # > # See ctdb-script.options(5) for documentation about event script > # options > > [logging] > # Enable logging to syslog > location = syslog > > # Default log level > log level = NOTICE > > [cluster] > # Shared cluster lock file to avoid split brain. Daemon > # default is no cluster lock. Do NOT run CTDB without a > # cluster lock file unless you know exactly what you are > # doing. > # > # Please see the CLUSTER LOCK section in ctdb(7) for more > # details. > # > # cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED > lockdir = /mnt/DADOS-GLUSTERFS/CTBD/ > disable_ip_takeover = yes > only_locks = yes > > =======> > Erros in Syslog > > 2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]: > krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR > 2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +> > 2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd: > action 'action-3-builtin:omfile' (module 'builtin:omfile') message lost, > could not be processed. Check for additional error messages before this > one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ] > 2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: ) > (krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO. > > > =======> To resolve this, rejoin Samba to the domain and it works for another day > or two, until the problems start again... > > Any ideas on how to fix this? > I'm thinking about removing CTDB but wanted to try to fix it first... > > Regards; >
Stefan Kania
2025-Jan-27 20:31 UTC
[Samba] Error in domain or kerberos after configuring CTDB
As I see in your configuration you use smb.conf on the CTDB-Server. You should use the registry, because that's the way the configuration will replicate the configuration. CTDB stands for clustered trivial databases. The registry is a tdb-database. There are a lot more wrong configurations in your config. Take a look at my tutorial from sambaxp 2020 https://www.kania-online.de/wp-content/uploads/2020/05/ctdb-gluster.zip Am 23.01.25 um 12:50 schrieb Carlos Alberto Panozzo Cunha via samba:> Hello! > > I have two Samba servers (domain members) in cluster format to provide file > shares, as follows: > > GlusterFS for data replication > Heartbeat for HA > > Everything works fine... however I made a recent improvement (I think) > which was the addition of CTDB for replication of Samba connections, just > that, and nothing more. > It worked and works but after that both nodes of the cluster started to > lose the trust relationship with the domain and other errors with Kerberos > (I believe), it may not be the problem but it worked without these errors > for over years and soon after adding CTDB this started.... > > Here is more information: > > Samba version: Version 4.19.5-Ubuntu > OS Version: Ubuntu 24.04.1 LTS > > ========================> > smb.conf > > [global] > workgroup = XXXXXXDC > realm = INTERNO.XXXXXXX.SRV.BR > password server = 172.16.1.101, 172.16.1.102, * > username map = /etc/samba/user.map > kerberos method = system keytab > security = ADS > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config XXXXXXDC : backend = rid > idmap config XXXXXXDC : range = 10000-999999 > > allow trusted domains = yes > winbind use default domain = yes > winbind refresh tickets = Yes > winbind offline logon = yes > winbind cache time = 600 > winbind reconnect delay = 3 > > ## ADD LINE TO CTDB > clustering = yes > private dir = /mnt/DADOS-GLUSTERFS/CTBD/ > > template shell = /bin/bash > template homedir = /home/%U > map to guest = bad user > guest ok = yes > map acl inherit = yes > store dos attributes = yes > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > ### TUNNING(many to small files) ### > > server multi channel support = yes > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 > SO_SNDBUF=131072 > aio read size = 1 > aio write size = 1 > > min receivefile size = 16384 > use sendfile = yes > read raw = yes > write raw = yes > getwd cache = yes > large readwrite = yes > kernel oplocks = yes > > > ### TUNNING ### > > include = /etc/samba/compartilhamentos.conf > > =======> > > /etc/krb5.conf > > [libdefaults] > default_realm = INTERNO.XXXXXXX.SRV.BR > dns_lookup_realm = false > dns_lookup_kdc = true > > =======> > cat ctdb.conf > # See ctdb.conf(5) for documentation > # > # See ctdb-script.options(5) for documentation about event script > # options > > [logging] > # Enable logging to syslog > location = syslog > > # Default log level > log level = NOTICE > > [cluster] > # Shared cluster lock file to avoid split brain. Daemon > # default is no cluster lock. Do NOT run CTDB without a > # cluster lock file unless you know exactly what you are > # doing. > # > # Please see the CLUSTER LOCK section in ctdb(7) for more > # details. > # > # cluster lock = !/bin/false CLUSTER LOCK NOT CONFIGURED > lockdir = /mnt/DADOS-GLUSTERFS/CTBD/ > disable_ip_takeover = yes > only_locks = yes > > =======> > Erros in Syslog > > 2025-01-22T14:22:45.120599-03:00 samba-cluster2 winbindd[1755688]: krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR > 2025-01-22T14:22:45.120616-03:00 samba-cluster2 winbindd[1755688]: +> > 2025-01-22T14:22:45.120633-03:00 samba-cluster2 rsyslogd[849]: rsyslogd: > action 'action-3-builtin:omfile' (module 'builtin:omfile') message lost, > could not be processed. Check for additional error messages before this > one. [v8.2312.0 try https://www.rsyslog.com/e/2027 ] > 2025-01-22T14:22:45.120650-03:00 samba-cluster2 winbindd[1755688]: ) > (krbtgt/INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/ > INTERNO.XXXXXX.SRV.BR at INTERNO.XXXXXX.SRV.BR) (cifs/ > dc-samba-01.interno.xxxxxx.srv.br at INTERNO.XXXXXX.SRV.BR) (krbtgt/INTERNO. > > > =======> To resolve this, rejoin Samba to the domain and it works for another day or > two, until the problems start again... > > Any ideas on how to fix this? > I'm thinking about removing CTDB but wanted to try to fix it first... > > Regards;
Ralph Boehme
2025-Jan-27 20:41 UTC
[Samba] Error in domain or kerberos after configuring CTDB
On 1/23/25 12:50 PM, Carlos Alberto Panozzo Cunha via samba wrote:> private dir = /mnt/DADOS-GLUSTERFS/CTBD/coincidentally spotted this: this is very wrong, this puts some of Samba's databases onto the cluster filesystem. This is not how it works, ctdb itself takes care of clustering the databases. -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/