How to Prepare Samba for Sun Cluster HA for Samba
This section contains the steps to prepare Samba for use with the Sun Cluster HA for Samba data service.
Some steps require that you use Samba commands, refer to the Docs and Books section with http://www.samba.org for the relevant man pages for more information of these Samba commands.
Perform this procedure on one node of the cluster, unless a specific step indicates otherwise.
-
If a non-global zone or failover zone is being used, ensure the zone is booted.
Repeat this step on all nodes on the cluster.
# zoneadm list -v
Boot the zone if it is not running.
# zoneadm -z zonename boot
-
Create the fault monitor user
-
If winbind is being used.
Create the fault monitor user on the NT PDC or ADS server with no home directory, no user profile and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.
-
If winbind is not being used.
Repeat this step on all nodes or zones on the cluster.
-
If the global zone is being used for Samba.
# groupadd -g 1000 samba-fault-monitor-group # useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
-
If a non-global zone or failover zone is being used for Samba.
Create the fault monitor user in the zone.
# zlogin zonename groupadd -g 1000 samba-fault-monitor-group # zlogin zonename useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
-
Note –A local Samba fmuser also requires a local password. The settings in the smb.conf specify which password will be used.
-
-
If winbind is used, add winbind as a name service on all nodes with Sun Cluster
Repeat this step on all nodes or zones on the cluster.
Edit /etc/nsswitch.conf in the zones being used for Samba and add winbind to the passwd: and group: entries, for example:
# grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind
-
If winbind is used, disable the Name Service Cache Daemon on all nodes with Sun Cluster
Repeat this step on all nodes or zones on the cluster.
-
Create a cluster file system or highly available local file system
Perform this step on all nodes of the cluster.
You must create a cluster file system or highly available local file system for some Samba files. Refer to Restriction for the Location of Samba files for more information on what is meant by Samba files.
Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about how to create a cluster file system or highly available local file system.
-
Mount the cluster file system or highly available local file system
Perform this step on one node of the cluster.
-
If the global zone is being used for Samba.
# mount samba-highly-available-local-file-system
-
If a non-global zone or failover zone is being used for Samba.
Create the mount point on all zones of the cluster that are being used for Samba.
Mount the cluster file system or highly available local file system on one of the zones being used by Samba.
# zlogin zonename mkdir samba-highly-available-local-file-system # # mount -F lofs samba-highly-available-local-file-system \ > /zonepath/root/samba-highly-available-local-file-system
-
-
Create the Samba configuration directory.
Repeat this step for each Samba or winbind instance on one node of the cluster.
Create the Samba configuration directory within the samba-highly-available-local-file-system.
# mkdir -p samba-configuration-directory # cd samba-configuration-directory # mkdir -p lib logs private shares var/locks
The following deployment example has been taken from Appendix A, Deployment Example: Installing Samba packaged with Solaris 10 where /local is the highly available local file system and /local/samba/smb1 is the samba-configuration-directory.
Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks
-
Create the smb.conf file within the configuration directory.
Repeat this step for each Samba or winbind instance on one node of the cluster.
Create a smb.conf file within the configuration directory that reflects the instance.
Refer to Required parameters for the Samba smb.conf file and the smb.conf[5] man page for an explanation of the required parameters.
The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF [global] workgroup = ADS bind interfaces only = yes interfaces = SMB1/255.255.255.0 netbios name = SMB1 security = ADS realm = ADS.EXAMPLE.COM password server = ADS.EXAMPLE.COM server string = Samba (%v) domain (%h) pid directory = /local/samba/smb1/var/locks log file = /local/samba/smb1/logs/log.%m smb passwd file = /local/samba/smb1/private/smbpasswd private dir = /local/samba/smb1/private lock dir = /local/samba/smb1/var/locks winbind cache time = 30 allow trusted domains = no idmap backend = rid:ADS=100000-200000 idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No EOF
Note –If security = share is required then you must include guest only = yes within [scmondir].
-
Add the NetBIOS name entry to /etc/hosts and /etc/inet/ipnodes
Repeat this step on all nodes or zones on the cluster.
Edit /etc/hosts and /etc/inet/ipnodes in the zones being used for Samba and add the NetBIOS name entries, for example:
# egrep -e "SMB1|ADS" /etc/hosts /etc/inet/ipnodes /etc/hosts:192.168.1.132 SMB1#20 /etc/hosts:192.168.1.9 ADS.EXAMPLE.COM#20 /etc/inet/ipnodes:192.168.1.132 SMB1#20 /etc/inet/ipnodes:192.168.1.9 ADS.EXAMPLE.COM#20
Note –The name resolve order parameter in the smb.conf file will determine what naming service to use and in what order to resolve host names to IP addresses. Refer to the smb.conf[5] for more information.
The interfaces, netbios name and password server all require host name to IP address resolution.
-
If Samba will operate as an Active Directory Domain Member Server, create the Kerberos krb5.conf file.
Repeat this step on all nodes or zones on the cluster.
Create the /etc/krb5.conf file in the zones being used for Samba, that reflects the ADS realm. Refer to http://www.samba.org for complete information about installing and configuring Samba as a ADS domain member.
The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /etc/krb5.conf <<-EOF [libdefaults] default_realm = ADS.EXAMPLE.COM [realms] ADS.EXAMPLE.COM = { kdc = 192.168.1.9 admin_server = 192.168.1.9 } [domain_realm] .your.domain.name = ADS.EXAMPLE.COM your.domain.name = ADS.EXAMPLE.COM EOF Vigor5# Vigor5# rm /etc/krb5/krb5.conf Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf -
Configure the logical host
Perform this step on one node of the cluster.
The samba-logical-host should be the value you specified for the interfaces parameter when you created the smb.conf file in Step 8.
-
Test the smb.conf file
Perform this step on one node or zone of the cluster.
-
If configured as a NT Domain Member and using Samba 2.2.x join the domain
Perform this step on one node or zone of the cluster.
-
If the global zone is being used for Samba.
# samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -j domain -r PDC \ > -U Administrator-on-the-PDC
-
If a non-global zone or failover zone is being used for Samba.
# zlogin zonename samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -j domain -r PDC \ > -U Administrator-on-the-PDC
-
-
If configured as a NT Domain Member and using Samba 3.0.x join the domain
Perform this step on one node or zone of the cluster.
-
If the global zone is being used for Samba.
# samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > RPC JOIN \ > -U Administrator-on-the-PDC
-
If a non-global zone or failover zone is being used for Samba.
# zlogin zonename samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > RPC JOIN \ > -U Administrator-on-the-PDC
-
-
If configured as a Windows 2003 Domain Member Server with ADS join the domain
Perform this step on one node or zone of the cluster.
-
If the global zone is being used for Samba.
# samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > ADS JOIN \ > -U Administrator-on-the-ADS
-
If a non-global zone or failover zone is being used for Samba.
# zlogin zonename samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > ADS JOIN \ > -U Administrator-on-the-ADS
-
-
If configured as a PDC or with security = user add the fault monitor user
Perform this step on one node or zone of the cluster.
-
If the global zone is being used for Samba.
# samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -a samba-fault-monitor-user
-
If a non-global zone or failover zone is being used for Samba.
# zlogin zonename samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -a samba-fault-monitor-user
-
-
If configured with security = share
Ensure guest only = yes is coded within the [scmondir] section of your smb.conf file.
- © 2010, Oracle Corporation and/or its affiliates