Tim, Thank you very much for this, I will check out the manpage and wiki page.
Kind regards, Caspar Smit 2011/2/28 Tim Serong <[email protected]> > On 2/28/2011 at 09:21 PM, Caspar Smit <[email protected]> wrote: > > Hi, > > > > I have two machines in a cluster and want to create a high available > samba > > share that connects to active directory for user information. The storage > is > > DRBD and the filesystem is XFS. > > > > I'm using pacemaker as cluster software and using the lsb:samba init > script. > > > > I connected both machines to my Windows AD server and tested this using > > winbind. > > > > winbind -u gives me all AD users which seems fine. This works on both > > machines so everything looks ok. > > > > When I connect from a windows client to the samba share I don't need to > > enter credentials so that looks fine too. When I start to put some files > on > > the share the correct credentials are used when I check with "ls -al" on > the > > mountpoint in linux. So far so good. > > > > BUT when I do a failover to the other node the share is up but suddenly I > > cannot connect from the windows client anymore without entering > credentials > > and when I check with "ls -al" on the mountpoint on the other machine it > > maps the existing files (which I put there when the share was running on > the > > other node) suddenly with whole different UID's. > > > > Where is the mapping of UID's taking place and how can I fix this? Both > > systems lookup their user information from the same AD server, how can > they > > still lookup different UID's when looking at the same server and files? > > Because by default Samba hands out UIDs on a first come first served basis. > You need to configure a different UID mapping scheme. Have a look at > "idmap > config" and "idmap backend" in the smb.conf manpage. RID might be the > easiest thing to set up (where Samba generates UIDs based on Windows SIDs). > Configuring UNIX UIDs in some LDAP backend, or directly in AD via (RFC2307 > or Services For UNIX or whatever it's called these days) might be "better" > (you get to decide what the UIDs actually are, and this'll apparently work > with multiple AD domains/trusted domains). > > HTH, > > Tim > > > -- > Tim Serong <[email protected]> > Senior Clustering Engineer, OPS Engineering, Novell Inc. > > > > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
