On Mon, 29 Dec 2003, Peter Giorgilli wrote: > Hi all! > > I'm working on a project that, funnily enough, involves clustering and > "winbindd". Specifically, we have a 2-node cluster configured in an > active-active configuration whereby both servers are running Samba, each > "exporting" different filesystems that are backed on a shared storage > subsystem such that at any given time, one node can takeover from the other. > > The problem: if I run "winbindd" on both systems independently, the > Windows-domain user accts are mapped to different UNIX uids/gids, which in turn > creates a problem when a particular share is relocated from one node to > the other because of the different file permissions. (Ideally, both nodes would see > the same "winbindd_idmap.tdb".) > > Can I effectively configure "winbindd" in a master/backup configuration such > that only one of the nodes is able to update the database, whilst the other is only > able to read the database? I thought to set the "winbind cache time" > to a value such as 1 day that would effectively relegate one of the nodes to > "backup" status. At the same time, the "backup" server would periodically "rsync" > the "winbindd_idmap.tdb" database to pickup any changes. > > Can anyone see any problems with this approach and/or suggest a better way of > going about it? > > I should also mention that I'm running on Red Hat Linux Advanced Server > release 2.1AS, using the latest "rpm" released by Red Hat which as best I can > understand is based on Samba release 2.2.7, plus select patches back-ported from > 2.2.8.
You should update to samba-3.0.0 or later. USA LDAP backend, and use: idmap backend = ldap://your-ldap-server This way both servers will have a common mapping of SIDs to UID/GIDs. Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
