jintao chen wrote: > Hello, Michael Hi, and sorry for the delay...
> I deployed two nodes with ctdb for HA solution, and I used "smbpasswd > -a ctdbuser01" to create a new user in node1, it was shown correctly > in node1: > # pdbedit -L > ctdbuser01:501: > > but it was showing something wrong through node2: > # pdbedit -L > ctdbuser01:4294967295: > > # pdbedit -Lv > --------------- > Unix username: ctdbuser01 > NT username: > Account Flags: [U ] > User SID: S-1-5-21-3030760710-2492829195-736885294-1000 > pdb_get_group_sid: Failed to find Unix account for ctdbuser01 > Primary Group SID: (NULL SID) > > what can I do for this? Well, for a samba user in passdb.tdb, you still need the unix user underneath. For a normal (non-clustered) samba server you can create the unix users automatically when adding the samba user with the help of a "add user script" configured in smb.conf. I assume that in your case you either had a unix user pre-created or used a "add user script" - right? In a ctdb-cluster, the passdb.tdb is automatically synchronized in the cluster, but the unix users aren't. This is the reason why you have the proper user on one node, and and the same user does not exist (uid = -1) on the other node. Now you have three options in principle to fix that: 1. use a domain and make your samba server a member. this removes the need of maintaining local users in the cluster. This is the most common mode by far. 2. use an external user database: ldap this can definitely be done. Setup is like for a non-clustered server. 3. establish a mechanism that keeps the unix users and groups in sync on the nodes. (i.e. including uids/gids). This needs to be done on creation time. So concurrent creations on different nodes don't creat conflicts. I have never set up something like that and I have never heard of such a setup either. I hope this helps. Cheers - Michael
pgpUfTzOTAR8D.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
