Re: [Samba] CTDB and PDC Role
2010/11/2 Volker Lendecke : > On Tue, Nov 02, 2010 at 06:48:38PM +, Alex Crow wrote: >> I asked a question like this ages ago: >> >> If you had a shared filesystem between the PDC and BDC(s) then >> surely you wouldn't need to migrate your BDC to a PDC automatically, >> you could do it at your leisure. > > Well, depending on your passdb backend this might or might > not work. I would not count on file system failover to get > the passdb.tdb right in all cases. Probably I am too > paranoid here, as we're using proper tdb transactions these > days, but between a CPU and a disk spindle in a SAN setup > too much can go wrong for my taste. > > The main difference between a PDC and a BDC in a Samba setup > is the "domain master = yes/no". It is really just a matter > of setting that to yes and a restart of smbd and nmbd to > promote a BDC to a PDC. > >> For your logon scripts and profiles in your LDAP you'd just point to >> a virtual IP/hostname of the PDC/BDC cluster. >> >> Volker, would this work? > > Details pending, the general idea sounds okay. But please be > aware that in HA setups so much can go wrong that it's not > funny anymore. The devil is really in the details. > > Volker So, what's the recommended approach in general using Samba3?. Having a multimaster LDAP directory helps to accept any password modification while the PDC is down, what about fileserving?, using another IP for that service and moving it with the FS from one node to another would work (am I right?). If the missing WINS service breaks the network, would a single samba instance moved as a resource between nodes be better that a PDC/BDC pair? Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
Well, depending on your passdb backend this might or might not work. I would not count on file system failover to get the passdb.tdb right in all cases. Probably I am too paranoid here, as we're using proper tdb transactions these days, but between a CPU and a disk spindle in a SAN setup too much can go wrong for my taste. Understood - but given my other bug reports and postings here I find that even without clustering there have been changes I cannot get to grips with (and as per my usual story it's to do with Winbind and trusted domain - if you could cast an eye on these I would be most grateful. Level 10 logs from my test domain will be supplied if required. The main difference between a PDC and a BDC in a Samba setup is the "domain master = yes/no". It is really just a matter of setting that to yes and a restart of smbd and nmbd to promote a BDC to a PDC. For your logon scripts and profiles in your LDAP you'd just point to a virtual IP/hostname of the PDC/BDC cluster. Volker, would this work? Details pending, the general idea sounds okay. But please be aware that in HA setups so much can go wrong that it's not funny anymore. The devil is really in the details. Well, to add to the pile, I've tested by on a domain member client machine (on a different subnet to the PDC and one BDC, but the same subnet as another BDC) by editing windows/system32/drivers/etc/hosts to point to invalid IPs for the non-local PDC and BDC. I could log on via rdesktop but not via UltraVNC using Windows auth, and after logging on via RDP in the permissions dialog for local files, domain users were not enumerated (SIDs only displayed). Is this a WINS problem? If so, I think that it should be stated (unless it is already) in the documentation that if your PDC fails you *must* configure one of your BDCs as a WINS server. Cheers Alex (3.4.9 on all DCs and member servers) Volker -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. "Transact" is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 1200 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
On Tue, Nov 02, 2010 at 06:48:38PM +, Alex Crow wrote: > I asked a question like this ages ago: > > If you had a shared filesystem between the PDC and BDC(s) then > surely you wouldn't need to migrate your BDC to a PDC automatically, > you could do it at your leisure. Well, depending on your passdb backend this might or might not work. I would not count on file system failover to get the passdb.tdb right in all cases. Probably I am too paranoid here, as we're using proper tdb transactions these days, but between a CPU and a disk spindle in a SAN setup too much can go wrong for my taste. The main difference between a PDC and a BDC in a Samba setup is the "domain master = yes/no". It is really just a matter of setting that to yes and a restart of smbd and nmbd to promote a BDC to a PDC. > For your logon scripts and profiles in your LDAP you'd just point to > a virtual IP/hostname of the PDC/BDC cluster. > > Volker, would this work? Details pending, the general idea sounds okay. But please be aware that in HA setups so much can go wrong that it's not funny anymore. The devil is really in the details. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
On 02/11/10 08:01, Volker Lendecke wrote: On Tue, Nov 02, 2010 at 08:14:43AM +0100, Daniel Müller wrote: I just did the same questions months ago with no answer!? Now I am curious to here if this is working for now. In the past ctdb only worked for me only for file serving. Well, and to a certain extent this is still true. ctdb has no provisions to migrate the PDC role when the PDC node fails. It would mean to restart nmbd, but in a typical clustered file server nmbd is a bit difficult to set up anyway. Most clusters I've set up so far don't have nmbd at all. So I'd recommend to split the DC roles and the HA-fileserver cluster using ctdb. You don't need the complexity of ctdb for your DCs anyway, PDC/BDC is highly available implicitly. Volker I asked a question like this ages ago: If you had a shared filesystem between the PDC and BDC(s) then surely you wouldn't need to migrate your BDC to a PDC automatically, you could do it at your leisure. The only thing is the WINS server, which you could either provide on a very reliable box or one with conventional failover (no CTDB) as you won't be serving files or logons from this machine; alternatively use smb4wins. For your logon scripts and profiles in your LDAP you'd just point to a virtual IP/hostname of the PDC/BDC cluster. Volker, would this work? Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. "Transact" is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 1200 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
2010/11/2 Volker Lendecke : > On Tue, Nov 02, 2010 at 08:14:43AM +0100, Daniel Müller wrote: >> I just did the same questions months ago with no answer!? >> Now I am curious to here if this is working for now. In the past ctdb only >> worked for me only for file serving. > > Well, and to a certain extent this is still true. ctdb has > no provisions to migrate the PDC role when the PDC node > fails. It would mean to restart nmbd, but in a typical > clustered file server nmbd is a bit difficult to set up > anyway. Most clusters I've set up so far don't have nmbd at > all. > > So I'd recommend to split the DC roles and the HA-fileserver > cluster using ctdb. You don't need the complexity of ctdb > for your DCs anyway, PDC/BDC is highly available implicitly. > > Volker > Well, I need a PDC/BDC pair and a HA fileservice. Right now we are looking to install two new servers, with the resources this will use it makes no sense to buy/build 4 servers We're going to use OpenAIS+Pacemaker anyway to be able to use OCFS2. The thing is, I'm not sure how the PDC/BDC role integrates in a CTDB fileserver cluster as all the nodes use the same NETBIOS name. Should I go with a Active/Standby figure outside Samba, that is, a DRBD FS mounts in one node at a time; and a regular BDC/PDC pair? Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
On Tue, Nov 02, 2010 at 09:13:59AM +0100, Daniel Müller wrote: > As far as I tried a pdc/bdc with ladp backend (Master/Slave). I always need > to point from both pdc and bdc to one wins. > So my pdc is exactly the wins and the bdc points to wins server=pdc. So if > the pdc fails there is no wins anymore. And in my case more than half of the > users could not authenticate anymore. So I never succeeded to have a 100% > failover. > If this have changed I would be happy to know. Well, there's the samba4wins (google for it) project that gives you a replicating wins server. Why are you not using that? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
As far as I tried a pdc/bdc with ladp backend (Master/Slave). I always need to point from both pdc and bdc to one wins. So my pdc is exactly the wins and the bdc points to wins server=pdc. So if the pdc fails there is no wins anymore. And in my case more than half of the users could not authenticate anymore. So I never succeeded to have a 100% failover. If this have changed I would be happy to know. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Volker Lendecke [mailto:volker.lende...@sernet.de] Gesendet: Dienstag, 2. November 2010 09:01 An: Daniel Müller Cc: 'Ciro Iriarte'; samba@lists.samba.org Betreff: Re: [Samba] CTDB and PDC Role On Tue, Nov 02, 2010 at 08:14:43AM +0100, Daniel Müller wrote: > I just did the same questions months ago with no answer!? > Now I am curious to here if this is working for now. In the past ctdb only > worked for me only for file serving. Well, and to a certain extent this is still true. ctdb has no provisions to migrate the PDC role when the PDC node fails. It would mean to restart nmbd, but in a typical clustered file server nmbd is a bit difficult to set up anyway. Most clusters I've set up so far don't have nmbd at all. So I'd recommend to split the DC roles and the HA-fileserver cluster using ctdb. You don't need the complexity of ctdb for your DCs anyway, PDC/BDC is highly available implicitly. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
On Tue, Nov 02, 2010 at 08:14:43AM +0100, Daniel Müller wrote: > I just did the same questions months ago with no answer!? > Now I am curious to here if this is working for now. In the past ctdb only > worked for me only for file serving. Well, and to a certain extent this is still true. ctdb has no provisions to migrate the PDC role when the PDC node fails. It would mean to restart nmbd, but in a typical clustered file server nmbd is a bit difficult to set up anyway. Most clusters I've set up so far don't have nmbd at all. So I'd recommend to split the DC roles and the HA-fileserver cluster using ctdb. You don't need the complexity of ctdb for your DCs anyway, PDC/BDC is highly available implicitly. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CTDB and PDC Role
I just did the same questions months ago with no answer!? Now I am curious to here if this is working for now. In the past ctdb only worked for me only for file serving. With samba4 you can create the same on the fly. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Ciro Iriarte Gesendet: Dienstag, 2. November 2010 03:59 An: samba@lists.samba.org Betreff: [Samba] CTDB and PDC Role Hi, I'm looking to install a new 2-node Samba3 cluster. The cluster will be responsible for Domain Management and file/printer serving. How does the PDC/BDC roles work with CTDB enabled?, does the cluster appear as just one machine (and PDC)?. In the past I've configured PDC/BDC pairs with OpenLDAP as backend and DRBD for active/passive file serving. Now it sounds nice to have active/active nodes. The best configuration example of a CTDB cluster I've seen uses an external AD DC for authentication, that's why I doubt about this feature mixed with CTDB. Ref: http://sambaxp.org/files/SambaXP2010-DATA/Rolf_Schmidt.pdf Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CTDB and PDC Role
Hi, I'm looking to install a new 2-node Samba3 cluster. The cluster will be responsible for Domain Management and file/printer serving. How does the PDC/BDC roles work with CTDB enabled?, does the cluster appear as just one machine (and PDC)?. In the past I've configured PDC/BDC pairs with OpenLDAP as backend and DRBD for active/passive file serving. Now it sounds nice to have active/active nodes. The best configuration example of a CTDB cluster I've seen uses an external AD DC for authentication, that's why I doubt about this feature mixed with CTDB. Ref: http://sambaxp.org/files/SambaXP2010-DATA/Rolf_Schmidt.pdf Regards, -- Ciro Iriarte http://cyruspy.wordpress.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
