On Fri, Jul 31, 2009 at 10:00 PM, David Christensen < David.Christensen at viveli.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I successfully setup heartbeat and glusterfs (instead of DRBD) to > provide an HA Samba configuration. I tested that fail over worked fine > all the existing computers were able to get to their shares and re > authenticate users. > > However I discovered that I was not able to join computers to the domain > after the configuration was setup. The netbios name was changed to > accommodate the new heartbeat VIP and the new VIP is the only address I > have samba bound to. > > When I go to add the computer to the domain, type to the domain in and > hit enter, I am presented with a login dialog box. When I enter the > admin and password and hit enter, after a few seconds I get the warning > that a controller for the domain could not be foumd. > So samba is the PDC, if not clear to me from the mail. If this is the case the netbios name of the samba - or windows prewindows 2000 - domain PDC is domainname#1B The samba - or windows prewindos 200 - domain DC - so also the BC - is domain#1C (e.g. the domain master browser in windows term ) Now, how your samba PDC/BDC registrar their name ? If you use wins in smb.conf - let me call the wins server with the ip address x.y.z.w - try to lookup the domain name nmblookup -R -U x.y.z.w domainame#1C (e similar for #1B) If not - your PDC is into the same broadcast address (e.g subnet) of your client - nmblookup domainname#1B (#1C also) In reality the client was finding domainname#1C for update the machine account onto the PDC. If the one of the preceding command fail well it is only a wins or other namespace registration problem : not a local samba problem. Or, perhaps you have not tell in more depth the different configuration on samba you have done, so it is possible i am wrong. Regard > I suspect that there is some caching going on and (maybe) winbind is > using the old info for the PDC and not the new? > > Are there any caches I could clear that may fix this? Am I on the right > track or is there somethign else I should be looking at? > > When I compare the ldap access logs with and without heartbeat, there is > a difference in the query. As I previously mentioned, without > heartbeat, adding is successful, with heartbeat it is not. I found that > the search base is different: > > With heartbeat - SRCH base="cn=groups,cn=accounts,dc=example,dc=com" > scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" > attrs="gidNumber sambaSID sambaGroupType sambaSIDList description > displayName cn objectClass" > > W/heartbeat - SRCH > > base="sambaDomainName=exampleHQ,sambaDomainName=exampleHQ,dc=example,dc=com" > scope=2 > > filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=exampleHQ))" > attrs=ALL > > When I compared the logs when executing pdbedit -Lv with both setups, > the queries are the same. > > Why would samba do a different query to the same instance of ldap when > configured with heartbeat and without heartbeat? > > The address that samba is binding to/from for access to ldap is not the > VIP provided by heartbeat. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAkpzTW4ACgkQ5B+8XEnAvqub1ACdGFBhVRaePH0fuTD0mORGIMgB > V48AnR0znBY9KD3nhYYdPtR2dQXUWxBO > =jrTm > -----END PGP SIGNATURE----- > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090802/9200c95a/attachment.html
