David Markey wrote:
Yup unfortunately rights granted using net sam/rpc and usrmgr are saved
locally in a TDB file(account_policy), this should probably be in LDAP, i
suppose it sould be possible to rsync the tdb file.
On Wed, 5 Aug 2009 17:10:54 -0500, David Christensen
<david.christen...@viveli.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Du wrote:
David Christensen wrote:
Liutauras Adomaitis wrote:
On Tue, Aug 4, 2009 at 7:39 PM, David
Christensen<david.christen...@viveli.com><mailto:david.christen...@viveli.com>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
With samba configured for high availability using heartbeat, I am not
able to join new computers to the domain after a fail over. If I fail
back to the "main" samba instance I can join the computer to the domain.
However With samba in a fail over state and running on the backup PDC
users can still authenticate and gain access to their shares.
I have the two instances of samba configured nearly identical except for
having them pointed to the instance of ldap that is running on the
server itself (which is being replicated). Is there something else,
some tdb file etc, that needs to be shared between the two instances of
samba so a fail over appears identical to the ldap backend?
Thanks.
If you are running PDC+BDC configuration with LDAP backend with
replication, then you must have master to master replication. In case
of master - slave replication you canot write ot slave while your
muster is not accessible. Usual slave has a redirection to master for
write operations. Slave is readonly and thats why you can authenticate
to BDC, but cannot join new machines to the domain.
This may be your case
Liutauras
Liutauras,
I have ldap using master-master replication so writing to either ldap
instance is no problem. In addition I have both instances of samba
configured as PDC's (the smb.conf file is identical on both PDC's except
for two things, the ldap each talks to and the host name of the PDC
itself; not using the netbios parameter), however only one of them is
running at a time. The issue occurs when the 2nd PDC comes online.
Based on the ldap logs the query I am seeing from the 2nd PDC in a
failed over state is not the same query that the "primary" PDC does when
I add a new computer successfuly. I never see the lookup for the admin
user who has the right to add a computer, along with other missing
search strings.
Is there some SID or some other serial number etc. that the 2nd PDC is
lacking that is causing this symptom? Why would a query from a near
identical instance of samba to the same ldap DB be so different?
I had the same problem with samba 3.0.28 on rhel 4. I fixed my problem
by issuing "net rpc grant .." commands on the backup PDC. I never
understood why it behaved that way but those commands worked for me. I
thought those rights were in the LDAP database but it seemed that those
rights are stored on the individual servers somehow.
John,
Not familiar with net rpc grant, where is the invoked or added?
These commands are documented at
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkp6A20ACgkQ5B+8XEnAvquDfACfZoxcbLHuoVAbqrUQauCbPD8R
VDYAn3Tz+0TfwD+Ip2HIKtVj5bG5reMc
=25vc
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
