-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Christensen wrote: > I successfully setup heartbeat and glusterfs (instead of DRBD) to > provide an HA Samba configuration. I tested that fail over worked fine > all the existing computers were able to get to their shares and re > authenticate users. > > However I discovered that I was not able to join computers to the domain > after the configuration was setup. The netbios name was changed to > accommodate the new heartbeat VIP and the new VIP is the only address I > have samba bound to. > > When I go to add the computer to the domain, type to the domain in and > hit enter, I am presented with a login dialog box. When I enter the > admin and password and hit enter, after a few seconds I get the warning > that a controller for the domain could not be foumd. > > I suspect that there is some caching going on and (maybe) winbind is > using the old info for the PDC and not the new? > > Are there any caches I could clear that may fix this? Am I on the right > track or is there somethign else I should be looking at?
Update When I compare the ldap access logs with and without heartbeat, there is a difference in the query. As I previouslt mentioned, without heartbeat, adding is successful, with heartbeat it is not. The search base is different: With heartbeat - SRCH base="cn=groups,cn=accounts,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" W/heartbeat - SRCH base="sambaDomainName=exampleHQ,sambaDomainName=exampleHQ,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=exampleHQ))" attrs=ALL When I compared the logs when executing pdbedit -Lv with both setups, the queries are the same. Why would samba do a different query to the same instance of ldap when configured with heartbeat and without heartbeat? The address that samba is binding to/from for access to ldap is not the VIP provided by heartbeat. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpzTHMACgkQ5B+8XEnAvqscLQCggCw0jWgYI1p9p6JYdxJpOJTg k0wAn0iA3J9zU/VD92vctfs6SwvDLNE3 =2Z7C -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
