On Fri, 2012-01-20 at 16:38 +1000, Peter Tan wrote: > I have set up a 2 node linux cluster and wish to share a ocfs2 mount on san > storage. I have configured ctdb, samba and Kerberos and am able to map the > share on my windows workstation when I hit the ip of each of the two nodes. > > I am able to mount this share via nfs on other linux servers ok. > > However it does not appear to be authenticating when I try to map to the DNS > hostname that has been set up to round robins across the two ip's - I keep > getting prompted for a login and password and I get the following in > /var/log/messages: "krb5_rd_req failed (Key table entry not found)" > > Node 1: 10.101.4.16 > Node 2: 10.101.4.17 > DNS A Name: clusterpub 10.101.4.16 > DNS A Name: clusterpub 10.101.4.17 > > I have set the "netbios name = clusterpub" in smb.conf on both nodes > > Interestingly, I am able to successfully connect to the "clusterpub" share > from one of the nodes via smbclient. > > # smbclient //clusterpub/archive -U <user> > Enter <user> password: > Domain=[COUNCIL] OS=[Unix] Server=[Samba 3.5.4-0.83.el5] > smb: \> dir > . D 0 Fri Jan 20 14:28:01 2012 > .. D 0 Wed Jan 18 13:56:46 2012 > hello-from-samba 0 Fri Jan 20 14:28:01 2012 > > 64000 blocks of size 16777216. 63805 blocks available > smb: \> > > What am I missing?
You have 2 ways to solve this issue. My preferred one is to join the cluster to the domain with the public name (clusterpub) in your case, and share the keytab between the 2 nodes. They are logically a single server and need to share the same credentials. Another way I like a lot less is to make sure you have PTR records set up so that they point to the respective private names, and join each node with these names. I like this less because it relies on reverse address resolution and kinda breaks the fact you are trying to present a single service to the clients. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[email protected]> Principal Software Engineer at Red Hat, Inc. <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
