Installing and Configuring Sun Cluster HA for Samba

This chapter explains how to install and configure Sun Cluster HA for Samba.

This chapter contains the following sections.

• Installing and Configuring Sun Cluster HA for Samba

• Sun Cluster HA for Samba Overview

• Planning the Sun Cluster HA for Samba Installation and Configuration

• Installing and Configuring Samba

• Verifying the Installation and Configuration of Samba

• Installing the Sun Cluster HA for Samba Packages

• Registering and Configuring Sun Cluster HA for Samba

• Verifying the Sun Cluster HA for Samba Installation and Configuration

• Upgrading Sun Cluster HA for Samba

• Understanding the Sun Cluster HA for Samba Fault Monitor

• Debug Sun Cluster HA for Samba

Installing and Configuring Sun Cluster HA for Samba

Table 1 lists the tasks for installing and configuring Sun Cluster HA for Samba. Perform these tasks in the order that they are listed.

Sun Cluster HA for Samba Overview

Samba is an Open Source/Freeware suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available under the GNU General Public License and can be downloaded from http://www.samba.org. Samba is packaged with Solaris 9 as the SUNWsmbac, SUNWsmbar, SUNWsmbau, and SUNWsfman packages.

The Sun Cluster HA for Samba data service provides a mechanism for orderly startup and shutdown, fault monitoring and automatic failover of the Samba service. The following Samba components are protected by the Sun Cluster HA for Samba data service.

Planning the Sun Cluster HA for Samba Installation and Configuration

This section contains the information you need to plan your Sun Cluster HA for Samba installation and configuration.

Configuration Restrictions

This section provides a list of software and hardware configuration restrictions that apply to Sun Cluster HA for Samba only.

For restrictions that apply to all data services, see the Sun Cluster Release Notes.

Your data service configuration might not be supported if you do not observe these restrictions.

• The Sun Cluster HA for Samba data service deployment – The Sun Cluster HA for Samba data service consists of two components, Samba and Winbind. These components have the following deployment restrictions.

  • Samba component — The Samba component, that is. SMB/CIFS and NetBIOS Name Server, cannot operate as a scalable service. Therefore, you can configure the Sun Cluster HA for Samba data service for the Samba component only be run as a failover service.

  • Winbind component — The Winbind component can operate as either a failover or scalable service. Therefore, you can configure the Sun Cluster HA for Samba data service for the Winbind component to run as a failover or scalable service.

• Windows 200x with ADS (Active Directory Support) — Only Samba version 3.0.x can be used. Samba version 2.2.x does not have ADS capabilities.

• Winbind deployment – The following restrictions apply when deploying winbind.

  • Samba Version — If the winbind feature is used, then you must install Samba v2.2.4 or later.

  • Solaris Version — Solaris 9 with patch 113476–05 or later.

  • Multiple instances — Only one instance of winbind can be deployed, whether that instance is a failover or scalable service.

• Supported configurations – Currently, only the following configurations are supported with the Sun Cluster HA for Samba data service.

  • Samba in a Primary Domain Controller (PDC) configuration.

  • Samba in a Backup Domain Controller (BDC) configuration to a Samba PDC.

  • Samba as an NT 4 Domain member without winbind.

  • Samba as an NT 4 Domain Member with winbind (Refer to the restriction above with Solaris 9.)

  • Samba as an Windows 200x with ADS (Active Directory Support) member without winbind.

  • Samba as an Windows 200x with ADS (Active Directory Support) member with winbind (Refer to the restriction above with Solaris 9.)

  • Samba in a Standalone configuration

• Installing Samba onto Cluster File Systems — The following restrictions apply for all Samba delivery methods.

  • Samba component — Each Samba instance must have a unique configuration directory that reflects the Samba NetBIOS instance name. You can mount this configuration directory as either a Failover File System or Global File System.

  • Winbind component — The winbind component only as a single instance. However, Winbind still requires a configuration directory. This configuration directory is the same directory as for the Samba component in failover service and in a separated directory for a scalable service.

  ---

  Note –

  It is best practice to mount Global File Systems with the /global prefix and to mount Failover File Systems with the /local prefix.

  ---

  shows Samba installed from http://www.samba.org onto a Global File System with two Samba instances (SAMBA1 and SAMBA2) and Winbind within that Global File System. The final output shows a subset of the /etc/vfstab entries for Samba deployed using Solaris Volume Manager.

Example 1 Samba instances and Winbind with Global File Systems

# ls -l /usr/local
total 4
drwxrwxrwx   2 root     other        512 Oct  1 16:44 bin
lrwxrwxrwx   1 root     other         13 Oct 11 11:20 samba -> /global/samba
#
# ls -l /global/samba
total 18
drwxr-xr-x   2 root     other        512 Oct 11 15:00 bin
drwxr-xr-x   3 root     other        512 Oct 14 13:49 lib
drwxr-xr-x   6 root     other        512 Oct 11 15:00 man
drwxr-xr-x   2 root     other        512 Oct 14 10:05 private
drwxr-xr-x   7 root     other        512 Oct 14 13:39 SAMBA1
drwxr-xr-x   7 root     other        512 Oct 14 13:40 SAMBA2
drwxr-xr-x   6 root     other        512 Oct 11 15:01 swat
drwxr-xr-x   3 root     other        512 Oct 14 10:45 var
drwxr-xr-x   2 root     other        512 Jan 17 09:28 winbind
#
# more /etc/vfstab (Subset of the output)
/dev/md/dg_d6/dsk/d63   /dev/md/dg_d6/rdsk/d63  /global/samba
           ufs     4       yes     logging,global
#

In Example 1–1 the configuration directory for the Samba NetBIOS instance SAMBA1 is /global/samba/SAMBA1, whereas the configuration directory for the Samba NetBIOS instance SAMBA2 is /global/samba/SAMBA2. The Winbind configuration directory is /global/samba/winbind.

Example 1–2 shows Samba installed from Solaris 9 on Local File Systems and two Samba instances (SMB1 and SMB2) on Failover File Systems. The final output shows a subset of the /etc/vfstab entries for Samba deployed using Solaris Volume Manager.

Example 2 Samba instances with Failover File Systems

# ls -l /local/samba
total 4
drwxr-xr-x   2 root     other        512 Dec 19 15:51 SMB1
drwxr-xr-x   2 root     other        512 Dec 19 15:51 SMB2
#
# more /etc/vfstab (Subset of the output)
/dev/md/dg_d7/dsk/d70   /dev/md/dg_d7/rdsk/d70  /local/samba/SMB1
       ufs     3       no      logging
/dev/md/dg_d8/dsk/d80   /dev/md/dg_d8/rdsk/d80  /local/samba/SMB2
       ufs     3       no      logging
#

In example 1–2 the configuration directory for the Samba NetBIOS instance SMB1 is /local/samba/SMB1, whereas the configuration directory for the Samba NetBIOS instance SMB2 is /local/samba/SMB2.

Configuration Requirements

These requirements apply to Sun Cluster HA for Samba only. You must meet these requirements before you proceed with your Sun Cluster HA for Samba installation and configuration.

Your data service configuration might not be supported if you do not adhere to these requirements.

If you want to set up Samba as member of a Windows 200x server with ADS support, you must configure kerberos on the cluster nodes and compile Samba with both Ldap and kerberos support. Read the Samba documentation for those tasks.

Samba components and their dependencies —You can configure the Sun Cluster HA for Samba data service to protect a Samba instance and its respective components. These components, and their dependencies are described in Table 1–3.

For more detailed information about these Samba components, refer to the smbd(8), nmbd(8), winbindd(8), and smb.conf(5) man pages.

If your configuration has only a single instance of Samba with winbind, the winbind resource must be registered within the same resource group as the Samba resource and the winbind resource will use the same configuration directory as the Samba resource. The Samba resource must be start-dependent on the winbind resource. Refer to the r_properties(5) man page for information on Resource_dependencies.

If your configuration has multiple instances of Samba with winbind, the winbind resource must be a scalable resource and have a separate configuration directory, and all Samba resources must be start-dependent on the winbind scalable resource group. Refer to the rg_properties(5) man page for information on RG_dependencies. You must mount the winbind configuration directory as a Global File System.

Each Samba component has a configuration and registration file in /opt/SUNWscsmb/xxx/util, where xxx is a three—character abbreviation for the respective Samba component. These files allow you to register the Samba components with Sun Cluster.

Within these files, the appropriate dependencies have been applied.

Example 3 Samba configuration and registration file for Sun Cluster

# cd /opt/SUNWscsmb
#
# ls -l samba/util
total 6
-rwxr-xr-x   1 root     sys         1526 Dec 20 14:44 samba_config
-rwxr-xr-x   1 root     sys          736 Dec 20 14:44 samba_register
#
# ls -l winbind/util
total 4
-rwxr-xr-x   1 root     sys         1006 Dec 20 14:44 winbind_config
-rwxr-xr-x   1 root     sys          613 Dec 20 14:44 winbind_register
#
# more samba/util/samba_config
::::::::::::::
samba/util/samba_config
::::::::::::::
#
# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
# 
# This file will be sourced in by samba_register and the parameters
# listed below will be used.
#
# These parameters can be customized in (key=value) form
#
#        RS - name of the resource for the application
#        RG - name of the resource group containing RS
#   SMB_BIN - name of the Samba bin directory
#  SMB_SBIN - name of the Samba sbin directory
#              (If no sbin then specify the bin directory)
#  SMB_INST - name of the Samba configuration directory
#   SMB_LOG - name of the Samba log directory
#               for log.smbd and log.nmbd
#              (If not specified will default
#               to $SMB_INST/logs) 
#SMB_LIB_PATH - name of library paths to LD_LIBRARY_PATH
#    FMUSER - name of the Samba fault monitor user
#    FMPASS - name of the Samba fault monitor user password
#  FMDOMAIN - name of the NT-domain faultmonitor user is configured on.
#             ( This should be used if faultmonitor user is not configured
#               on the same NT-domain Samba is member to )
#        LH - name of the LogicalHostname SC resource
#    HAS_RS - name of the Samba HAStoragePlus SC resource
#
#       The following two examples illustrate sample parameters
#       for Samba packaged with Solaris 9 and Samba downloaded
#       from http://www.samba.org. 
#
#       Please be aware that /global/samba, /global/samba/SAMBA1 and
#       uid/pwd of samba are used just as examples. You will need 
#       change this if your values are different.
#
#       SUNWsmb* packaged with Solaris 9
#
#       SMB_BIN=/usr/sfw/bin
#       SMB_SBIN=/usr/sfw/sbin
#       SMB_INST=/local/samba/SMB1
#       SMB_LOG=/local/samba/SMB1/logs
#       FMUSER=samba
#       FMPASS=samba
#       FMDOMAIN=
#
#       Latest production release from http://www.samba.org
#
#       SMB_BIN=/global/samba/bin
#       SMB_SBIN=/global/samba/sbin or /global/samba/bin
#       SMB_INST=/global/samba/SAMBA1
#       SMB_LOG=/global/samba/SAMBA1/logs
#       FMUSER=samba
#       FMPASS=samba
#       FMDOMAIN=
#

RS=
RG=
SMB_BIN=
SMB_SBIN=
SMB_INST=
SMB_LOG=
SMB_LIB_PATH=/usr/lib:/usr/local/lib
FMUSER=
FMPASS=
FMDOMAIN=
LH=
HAS_RS=
::::::::::::::
# more winbind/util/winbind_config
::::::::::::::
winbind/util/winbind_config
::::::::::::::
#
#
# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# This file will be sourced in by samba_register and the parameters
# listed below will be used.
#
# These parameters can be customized in (key=value) form
#
#        RS - name of the resource for the application
#        RG - name of the resource group containing RS
#    WB_BIN - name of the Winbind bin directory
#    WB_SBIN - name of the Winbind sbin directory. Used in Samba 3.
#   WB_INST - name of the Winbind configuration directory
#    NTUSER - name of the NT fault monitor user
#WB_LIB_PATH- name of library paths to LD_LIBRARY_PATH
#WB_DISCACHE - Should winbind cache be disabled. Used in Samba 3.
#WB_SINGLEMODE - Should winbind run in single mode. Used in Samba 3.
#        LH - name of the LogicalHostname SC resource
#    HAS_RS - name of the Winbind HAStoragePlus SC resource
#
#       The following example illustrates sample parameters
#       for the latest production release of Samba downloaded
#       from http://www.samba.org.
#
#
#       Latest production release from http://www.samba.org
#
#       WB_BIN=/global/samba/bin
#       WB_SBIN=/global/samba/sbin
#       WB_INST=/global/samba/winbind
#       NTUSER=samba
#

RS=
RG=
WB_BIN=
WB_SBIN=
WB_INST=
NTUSER=
WB_LIB_PATH=/usr/lib:/usr/local/lib
WB_DISCACHE=FALSE
WB_SINGLEMODE=FALSE
LH=
HAS_RS=

If you want to set up Samba as member of a Windows 200x server with ADS support and the Samba binaries is not static linked with the Ldap and kerberos libraries, you must configure SMB_LIB_PATH parameter in /opt/SUNWscsmb/samba/utils/samba_config and WB_LIB_PATH in /opt/SUNWscsmb/winbind/utils/winbind_config to point to the directories where those libraries resides.

smb.conf file — The Sun Cluster HA for Samba data service provides a sample smb.conf file. Ensure that the following parameters are set.

The smb.conf file is probably the most important file within Samba. Refer to the smb.conf(5) man page for complete configuration information on the parameters that follow. The Samba man pages with Solaris 9 are installed only if you have installed the SUNWsfman package.

• Samba parameters in the smb.conf file for 2.2.x and for Samba 3.0.x.

  • bind interfaces only must be set to True.

  • interface must be defined to the Logical Hostname.

  • netbios name must be set to the NetBIOS name by which the Samba server is known.

  • security specifies the security mode under which the Samba instance will run.

• Winbind parameters in the smb.conf file for 2.2.x.

  • workgroup must be set to the same value as the Samba smb.conf entry.

  • password server must be set to the same value as the Samba smb.conf entry.

  • template homedir must be set to the same value as the Samba smb.conf entry.

  • template shell must be set to the same value as the Samba smb.conf entry.

  • winbind uid must be set to the same value as the Samba smb.conf entry.

  • winbind gid must be set to the same value as the Samba smb.conf entry.

  • winbind enum users must be set to the same value as the Samba smb.conf entry.

  • winbind use default domain must be set to the same value as the Samba smb.conf entry.

• Winbind parameters in the smb.conf file for 3.0.x.

  • workgroup must be set to the same value as the Samba smb.conf entry.

  • password server must be set to the same value as the Samba smb.conf entry.

  • template homedir must be set to the same value as the Samba smb.conf entry.

  • template shell must be set to the same value as the Samba smb.conf entry.

  • idmap uid must be set to the same value as the Samba smb.conf entry.

  • idmap gid must be set to the same value as the Samba smb.conf entry.

  • winbind enum users must be set to the same value as the Samba smb.conf entry.

  • winbind use default domain must be set to TRUE.

If you make additional smb.conf entries and those entries require a path variable, then you must ensure that any subsequent pathname is created within the relevant Samba or Winbind instance configuration directory.

Installing and Configuring Samba

This section contains the procedures you need to install and configure Samba.

Throughout the next sections, references will be made to certain directories for Samba or Winbind. The following list shows common pathnames for these references as shown in previous examples. Refer to Configuration Restrictions where these examples appear.

• Samba installed from http://www.samba.org on a Global File System, with Samba instances and Winbind on a Global File System (Example 1)

  • Samba-bin-directory — /global/samba/bin

  • Samba-sbin-directory — /global/samba/sbin or

    /global/samba/bin if Samba was installed with default settings.

  • Samba-configuration-directory — /global/samba/SAMBA1

  • Winbind-configuration-directory — /global/samba/winbind

• Samba installed from Solaris 9 on a Local File System, with Samba instances on a Failover File System (Example 2)

  • Samba-bin-directory — /usr/sfw/bin

  • Samba-sbin-directory — /usr/sfw/sbin

  • Samba-configuration-directory — /local/samba/SMB1

How to Install and Configure Samba

1. Determine how Samba will be deployed in Sun Cluster.

   • Determine how many Samba instances will be deployed.

   • Determine whether Winbind will be deployed.

   • Determine which Cluster File System will be used by each Samba instance and Winbind Instance, if deployed.

2. Mount the Samba Cluster File Systems .

   ---

   Note –

   If Failover File Systems will be used by the Samba instance, you must mount these manually.

   ---

3. Install Samba onto all nodes within Sun Cluster.

   It is recommended that you install Samba onto a Global File System. For a discussion of the advantages and disadvantages of installing the software on local versus cluster files systems, see “Determining the Location of the Application Binaries” of the Sun Cluster Data Services Installation and Configuration Guide.

   • Download Samba from http://www.samba.org.

     Ensure that /usr/local/samba is a Cluster File System or has a symbolic link to a Cluster File System. If you intend to use local disks for the Samba software, repeat this step on all nodes within Sun Cluster.

     Example 1–4 shows the Samba installation with winbind for 2.2.8a after it has been download, unzipped, and extracted. Read the Samba documents for building Samba 3 with ADS (Active Directory Support) support.

     # cd <samba_install_directory>/source # # ./configure --with-winbind --with-pam # # make # # make install

   • Alternatively, install Samba from the Solaris 9 CD.

     You must install the following packages onto all nodes within Sun Cluster that will run the Samba service.

     • SUNWsmbac

     • SUNWsmbar

     • SUNWsmbau

     • SUNWsfman

4. Create an entry for the fault monitor user.

   • If winbind is not being used:

     Create an entry in /etc/group on all nodes with Sun Cluster.

     # groupadd -g 1000 <fmgroup>

     Create an entry in /etc/passwd on all nodes within Sun Cluster. This user should have a locked password, no shell and no home directory.

     # useradd -u 1000 -g 1000 -s /bin/false <fmuser>

   • If winbind is being used:

     Create the fault monitor user on the NT PDC/ Windows 200x server with no home directory, no user profiles and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.

5. Create required directories for your Samba Instance(s):

   If you are deploying multiple instances of Samba, repeat this step for each Samba instance, that is each samba-configuration-directory. Create a directory for any shares, although this directory name can be a name of your choice.

   # cd <samba-configuration-directory> # # mkdir -p lib logs private shares var/locks

   ---

   Note –

   Refer back to Configuration Restrictions for a description of the <samba-configuration-directory> and to Installing and Configuring Samba for a list of common pathnames used from the examples.

   ---

   Example 1–5 shows two Samba instances named SAMBA1 and SAMBA2. Samba has been installed from http://www.samba.org and /usr/local/samba has been symbolically linked to /global/samba which is mounted as a Global File System. The samba-configuration-directory for SAMBA 1 is /global/samba/SAMBA1 and the samba-configuration-directory for SAMBA2 is /global/samba/SAMBA2.

   # ls -l /usr/local/samba lrwxrwxrwx 1 root other 13 Oct 11 11:20 /usr/local/samba -> /global/samba # # cd /global/samba # # ls -l total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # cd SAMBA1 # # mkdir -p lib logs private shares var/locks # # cd ../SAMBA2 # # mkdir -p lib logs private shares var/locks

6. Create the Samba smb.conf file according to your requirements.

   The Sun Cluster HA for Samba data service provides a sample smb.conf file for Samba.

   ---

   Note –

   If the Sun Cluster HA for Samba package (SUNWscsmb) was not installed during Sun Cluster installation, proceed to Installing the Sun Cluster HA for Samba Packages. Return back here to continue the installation and configuration of Samba.

   ---

   The contents of /opt/SUNWscsmb/samba/etc/smb.conf_sample provide a sample Samba configuration file that you can use to create your Samba instance <samba-configuration-directory>/lib/smb.conf. You must still edit that file to reflect your configuration values.

   # cp /opt/SUNWscsmb/samba/etc/smb.conf_sample \ <samba-configuration-directory>/lib/smb.conf

   If you are installing the Winbind component , then after smb.conf_sample has been copied, add the following entries into the global section of <samba-configuration-directory>/lib/smb.conf. The values shown below are the default values taken from the smb.conf[5] man page.

   winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes

   ---

   Note –

   pid directory must point to <samba-configuration-directory>/var/locks, as specified within smb.conf_sample.

   ---

7. Test the Samba smb.conf file.

   # <samba-bin-directory>/testparm \ <samba-configuration-directory>/lib/smb.conf

8. If configured as an NT Domain Member and using Samba 2.2.x , join the domain

   # <samba-bin-directory>/smbpasswd \ -c <samba-configuration-directory>/lib/smb.conf \ -j <DOMAIN> -r <PDC >\ -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # smbpasswd: Joined domain <DOMAIN>

9. If configured as an NT Domain Member and using Samba 3.0.x , join the domain

   # <samba-bin-directory>/net \ -s <samba-configuration-directory>/lib/smb.conf \ RPC JOIN -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # Joined domain <DOMAIN>

10. If configured as an Windows 200x Domain Member with ADS support, join the domain

    # <samba-bin-directory>/net \ -s <samba-configuration-directory>/lib/smb.conf \ ADS JOIN \ -U <Administrator on the Windows 200x Domain>

    If successful, you will receive the following message.

    # Joined <NETBIOS> to realm <REALM>

11. If configured as an PDC or with security = user, add the fault monitor user

    # <samba-bin-directory>/smbpasswd \ -c <samba-configuration-directory>/lib/smb.conf \ -a <fmuser>

    ---

    Note –

    With Samba v2.2.2, packaged with Solaris 9, the smbpasswd program will not recognize the -c parameter and will look for the smb.conf file in /etc/sfw. To workaround this, create a symbolic link from /etc/sfw/smb.conf to <samba-configuration-directory>/lib/smb.conf. If multiple Samba instances are being deployed, you will need to delete the symbolic link and repeat the process for each Samba instance.

    If patch 114684–01 or later is installed then smbpasswd will reconize the -c parameter.

    If Samba 3.0.x is being used, you can use pdbedit to add users to other password backends. Read the Samba documents for the usage of pdbedit and other password backends

    ---

12. Create required directories for your Winbind Instance.

    The remaining steps are required only if the Winbind component. Otherwise, you can skip the remaining steps and proceed to Verifying the Installation and Configuration of Samba.

    If you are deploying Winbind, create the following directories and symbolic link within the winbind-configuration-directory.

    # cd <winbind-configuration-directory> # # mkdir -p lib locks private var # mkdir -p /var/winbind/pid # ln -s /var/winbind/pid var/locks

    ---

    Note –

    Refer to Configuration Restrictions for a description of the <winbind-configuration-directory> and to Installing and Configuring Samba for a list of common pathnames used from the examples.

    ---

    Example 1–6 shows the Winbind instance. Samba has been installed from http://www.samba.org, and /usr/local/samba has been symbolically linked to /global/samba, which is mounted as a Global File System. The winbind-configuration-directory for Winbind is /global/samba/winbind.

    # ls -l /usr/local/samba lrwxrwxrwx 1 root other 13 Oct 11 11:20 /usr/local/samba -> /global/samba # # cd /global/samba # # ls -l total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # cd winbind # # mkdir -p lib locks private var # mkdir -p /var/winbind/pid # ln -s /var/winbind/pid var/locks

13. Create the Winbind smb.conf file according to your requirements.

    The Sun Cluster HA for Samba data service provides a sample smb.conf file for Winbind.

    ---

    Note –

    If the Sun Cluster HA for Samba package (SUNWscsmb) was not installed during your Sun Cluster installation, proceed to Installing the Sun Cluster HA for Samba Packages. Return here to continue the Installation and Configuration of Samba.

    If the winbind resource will not run as a scalable resource, you can use the same configuration directory as Samba and update the smb.conf file with winbind parameters.

    ---

    The contents of /opt/SUNWscsmb/winbind/etc/smb.conf_sample provide a sample Winbind configuration file that you can use to create your Winbind instance <winbind-configuration-directory>/lib/smb.conf. You must edit that file to reflect your configuration values. In addition, you need to add the following entry to the [global] section within the smb.conf file.

    # cp /opt/SUNWscsmb/winbind/etc/smb.conf_sample \ <winbind-configuration-directory>/lib/smb.conf

    After smb.conf_sample has been copied, add the following entries into the [global] section of <winbind-configuration-directory>/lib/smb.conf.

    smb passwd file = <winbind-configuration-directory>/private lock directory = <winbind-configuration-directory>/locks pid directory = <winbind-configuration-directory>/var/locks

    ---

    Note –

    If the Winbind component will operate as a scalable service, then you must mount the Winbind configuration directory as a Global File System. See the winbindd(8) man page for a discussion on Name and ID Resolution being stored in a database under the lock directory.

    pid directory must point to configuration directory /var/locks. In addition, ensure that configuration directory /var/locks is a symbolic link to a local file system ie /var/winbind/pid.

    ---

14. Add winbind as a name service to /etc/nsswitch.conf for passwd and group on all nodes that will run the Sun Cluster HA for Samba data service.

    # grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind

15. Copy and create some symbolic links.

    You must setup some files and symbolic links for winbind on all nodes that will run the Sun Cluster HA for Samba data service.

    # cd <samba-install-directory> # # cp source/nsswitch/libnss_winbind.so /usr/lib # # ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 # # ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1

16. On one node start winbind.

    ---

    Note –

    Depending on how Samba was installed, the winbind program may be located within the <samba-bin-directory> or <samba-sbin-directory>.

    ---

    # <samba-[s]bin-directory>/winbindd -s <winbind-configuration-directory>/lib/smb.conf

17. Populate the winbind database.

    # getent passwd # getent group

18. Shutdown winbindd.

    # pkill -TERM winbindd

Verifying the Installation and Configuration of Samba

This section contains the procedure you need to verify the installation and configuration.

How to Verify the Installation and Configuration of Samba

This procedure does not verify that your application is highly available because you have not yet installed your data service.

Before verifying the Installation and Configuration of Samba, ensure that the Logical Hostname for the Samba is available. To do this, complete steps 4, 6, and 7 in How to Register and Configure Sun Cluster HA for Samba as a Failover Service.

Steps

1. Test the smb.conf file.

   1. Test the Samba smb.conf file.

      # <samba-bin-directory>/testparm \ <samba-configuration-directory>/lib/smb.conf

   2. Test the Winbind smb.conf file (if required).

      # <samba-bin-directory>/testparm \ <winbind-configuration-directory>/lib/smb.conf

2. If configured as an NT Domain Member, join the domain.

   # <samba-bin-directory>/smbpasswd \ -c <samba-config-directory>/lib/smb.conf \ -j <DOMAIN> -r <PDC > \ -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # smbpasswd: Joined domain <DOMAIN>

   # <samba-bin-directory>/net \ -s <samba-config-directory>/lib/smb.conf \ \ -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # Joined domain <DOMAIN>

3. If configured as an member of a Windows 200x with ADS , join the realm.

   # <samba-bin-directory>/net \ -s <samba-config-directory>/lib/smb.conf \ \ -U <Administrator on the PDC>

   If successful, you will receive the following message.

   # Joined <NETBIOS> to realm <REALM>

4. Start the Samba daemons.

   ---

   Note –

   Depending on how Samba was installed, the smbd and nmbd programs may be located within the <samba-bin-directory> or <samba-sbin-directory>.

   ---

   # <samba-[s]bin-directory>/smbd -s <samba-config-directory>/lib/smb.conf -D # <samba-[s]bin-directory>/nmbd -s <samba-config-directory>/lib/smb.conf -D

5. Connect to Samba.

   # <samba-bin-directory>/smbclient -N -L <NetBIOS-name> # <samba-bin-directory>/smbclient '\\<NetBIOS-name>\scmondir' \ -U <fmuser> -c 'pwd;exit'

   ---

   Note –

   Single quotes are required on the last command.

   ---

6. Start the Winbind daemon (if required).

   ---

   Note –

   Depending on how Samba was installed, the winbind program may be located within the <samba-bin-directory> or <samba-sbin-directory>.

   ---

   # <samba-[s]bin-directory>/winbindd -s <winbind-configuration-directory>/lib/smb.conf &

7. Connect to Winbind (if required).

   # getent passwd # getent group

8. Stop the Samba daemons and winbindd (if required).

   # pkill -TERM smbd # pkill -TERM nmbd # pkill -TERM winbindd

Installing the Sun Cluster HA for Samba Packages

If you did not install the Sun Cluster HA for Samba packages during your Sun Cluster installation, perform this procedure to install the packages. Perform this procedure on each cluster node where you are installing the Sun Cluster HA for Samba packages. To complete this procedure, you need the Sun Cluster Agents CD-ROM.

If you are installing more than one data service simultaneously, perform the procedure in Installing the Software in Sun Cluster Software Installation Guide for Solaris OS.

Install the Sun Cluster HA for Samba packages by using one of the following installation tools:

• Web Start program

• scinstall utility

If you are using Solaris 10, install these packages only in the global zone. To ensure that these packages are not propagated to any local zones that are created after you install the packages, use the scinstall utility to install these packages. Do not use the Web Start program.

How to Install the Sun Cluster HA for Samba Packages Using the Web Start Program

You can run the Web Start program with a command-line interface (CLI) or with a graphical user interface (GUI). The content and sequence of instructions in the CLI and the GUI are similar. For more information about the Web Start program, see the installer(1M) man page.

Steps

1. On the cluster node where you are installing the Sun Cluster HA for Samba packages, become superuser.

2. (Optional) If you intend to run the Web Start program with a GUI, ensure that your DISPLAY environment variable is set.

3. Insert the Sun Cluster Agents CD-ROM into the CD-ROM drive.

   If the Volume Management daemon vold(1M) is running and configured to manage CD-ROM devices, it automatically mounts the CD-ROM on the /cdrom/cdrom0 directory.

4. Change to the Sun Cluster HA for Samba component directory of the CD-ROM.

   The Web Start program for the Sun Cluster HA for Samba data service resides in this directory.

   # cd /cdrom/cdrom0/components/SunCluster_HA_Samba_3.1

5. Start the Web Start program.

   # ./installer

6. When you are prompted, select the type of installation.

   • To install only the C locale, select Typical.

   • To install other locales, select Custom.

7. Follow the instructions on the screen to install the Sun Cluster HA for Samba packages on the node.

   After the installation is finished, the Web Start program provides an installation summary. This summary enables you to view logs that the Web Start program created during the installation. These logs are located in the /var/sadm/install/logs directory.

8. Exit the Web Start program.

9. Remove the Sun Cluster Agents CD-ROM from the CD-ROM drive.

   1. To ensure that the CD-ROM is not being used, change to a directory that does not reside on the CD-ROM.

   2. Eject the CD-ROM.

      # eject cdrom

How to Install the Sun Cluster HA for Samba Packages using the scinstall Utility

Use this procedure to install the Sun Cluster HA for Samba packages by using the scinstall utility. You need the Sun Cluster Agents CD-ROM to perform this procedure. This procedure assumes that you did not install the data service packages during your initial Sun Cluster installation.

If you installed the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, proceed to Registering and Configuring Sun Cluster HA for Samba.

Otherwise, use this procedure to install the Sun Cluster HA for Samba packages. Perform this procedure on all nodes that can run Sun Cluster HA for Samba data service.

Steps

1. Load the Sun Cluster Agents CD-ROM into the CD-ROM drive.

2. Run the scinstall utility with no options.

   This step starts the scinstall utility in interactive mode.

3. Choose the menu option, Add Support for New Data Service to This Cluster Node.

   The scinstall utility prompts you for additional information.

4. Provide the path to the Sun Cluster Agents CD-ROM.

   The utility refers to the CD as the “data services cd.”

5. Specify the data service to install.

   The scinstall utility lists the data service that you selected and asks you to confirm your choice.

6. Exit the scinstall utility.

7. Unload the CD from the drive.

Registering and Configuring Sun Cluster HA for Samba

This section contains the procedures you need to configure Sun Cluster HA for Samba.

How to Register and Configure Sun Cluster HA for Samba as a Failover Service

This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.

If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages using the scinstall Utility.

Steps

1. Become superuser on one of the nodes in the cluster that will host Samba.

2. Register the SUNW.gds resource type.

   # scrgadm -a -t SUNW.gds

3. Register the SUNW.HAStoragePlus resource type.

   # scrgadm -a -t SUNW.HAStoragePlus

4. Create a failover resource group.

   # scrgadm -a -g Samba-failover-resource-group

5. Create a resource for the Samba Disk Storage.

   # scrgadm -a -j Samba-has-resource \ -g Samba-failover-resource-group \ -t SUNW.HAStoragePlus \ -x FilesystemMountPoints=Samba- instance-mount-points

6. Create a resource for the Samba Logical Hostname.

   # scrgadm -a -L -j Samba-lh-resource \ -g Samba-failover-resource-group \ -l Samba-logical-hostname

7. Enable the failover resource group that now includes the Samba Disk Storage and Logical Hostname resources.

   # scswitch -Z -g Samba-failover-resource-group

8. Create and register Winbind as a failover data service (if required).

   # cd /opt/SUNWscsmb/winbind/util

   Edit the winbind_config file and follow the comments within that file:

   # These parameters can be customized in (key=value) form # # RS - name of the resource for the application # RG - name of the resource group containing RS # WB_BIN - name of the Winbind bin directory # WB_SBIN - name of the Winbind sbin directory. Used in Samba 3. # WB_INST - name of the Winbind configuration directory # NTUSER - name of the NT fault monitor user #WB_LIB_PATH- name of library paths to LD_LIBRARY_PATH #WB_DISCACHE - Should winbind cache be disabled. Used in Samba 3. #WB_SINGLEMODE - Should winbind run in single mode. Used in Samba 3. # LH - name of the LogicalHostname SC resource # HAS_RS - name of the Winbind HAStoragePlus SC resource

   The following is an example for a Winbind instance with Samba installed from http://www.samba.org.

   RS=wb-res RG=smb-failover-rg WB_BIN=/global/samba/bin WB_INST=/global/samba/SAMBA1 NTUSER=samba WB_LIB_PATH=/usr/lib:/usr/local/lib WB_DISCACHE=FALSE WB_SINGLEMODE=FALSE LH=smb-lh-res HAS_RS=wb-has-res

   After editing winbind_config, you must register the resource.

   # ./winbind_register

9. Enable the Winbind resource (if the previous step was done).

   # scstat # scswitch -e -j Winbind-resource

10. Create and register Samba as a failover data service.

    # cd /opt/SUNWscsmb/samba/util

    Edit the samba_config file and follow the comments within that file:.

    # These parameters can be customized in (key=value) form # # RS - name of the resource for the application # RG - name of the resource group containing RS # SMB_BIN - name of the Samba bin directory # SMB_SBIN - name of the Samba sbin directory # (If no sbin then specify the bin directory) # SMB_INST - name of the Samba configuration directory # SMB_LOG - name of the Samba log directory # for log.smbd and log.nmbd # (If not specified will default # to $SMB_INST/logs) #SMB_LIB_PATH - name of library paths to LD_LIBRARY_PATH # FMUSER - name of the Samba fault monitor user # FMPASS - name of the Samba fault monitor user password # FMDOMAIN - name of the NT-domain faultmonitor user is configured on. # ( This should be used if faultmonitor user is not configured # on the same NT-domain Samba is member to ) # LH - name of the LogicalHostname SC resource # HAS_RS - name of the Samba HAStoragePlus SC resource

    The following is an example for Samba instance SAMBA1 with Samba installed from http://www.samba.org.

    RS=smb-res RG=smb-failover-rg SMB_BIN=/global/samba/bin SMB_SBIN=/global/samba/sbin or /global/samba/bin SMB_INST=/global/samba/SAMBA1 SMB_LOG=/global/samba/SAMBA1/logs SMB_LIB_PATH=/usr/lib:/usr/local/lib FMUSER=samba FMPASS=samba FMDOMAIN= LH=smb-lh-res HAS_RS=smb-has-res or HAS_RS=smb-has-res,wb-res if failover winbind is being used

    The following is an example for Samba instance SMB1 with Samba installed from Solaris 9.

    RS=smb-res RG=smb-failover-rg SMB_BIN=/usr/sfw/bin SMB_SBIN=/usr/sfw/sbin SMB_INST=/local/samba/SMB1 SMB_LOG=/local/samba/SMB1/logs FMUSER=samba FMPASS=samba LH=smb-lh-res HAS_RS=smb-has-res

    After editing samba_config, you must register the resource.

    # ./samba_register

11. Enable each Samba resource.

    Repeat this step for each Samba instance, if multiple instances were created.

    # scstat # scswitch -e -j Samba-resource

How to Register and Configure Sun Cluster HA for Samba as a Failover Service with Winbind as a Scalable Service

This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.

If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages using the scinstall Utility.

Steps

1. Become superuser on one of the nodes in the cluster that will host Samba.

2. Register the SUNW.gds resource type.

   # scrgadm -a -t SUNW.gds

3. Register the SUNW.HAStoragePlus resource type.

   # scrgadm -a -t SUNW.HAStoragePlus

4. Create a failover resource group for the shared network address.

   # scrgadm -a -g Winbind-failover-resource-group

5. Create a resource for the Winbind Logical Hostname.

   # scrgadm -a -S -j Winbind-lh-resource \ -g Winbind-failover-resource-group \ -l Winbind-logical-hostname

6. Create a scalable resource group for the scalable winbind resource.

   # scrgadm -a -g Winbind-scalable-resource-group \ -y Maximum_primaries=<number of nodes with Sun Cluster> \ -y Desired_primaries=<number of nodes with Sun Cluster> \ -y RG_dependencies=Winbind-failover-resource-group

7. Create a resource for the Winbind Disk Storage.

   # scrgadm -a -j Winbind-has-resource \ -g Winbind-scalable-resource-group \ -t SUNW.HAStoragePlus \ -x FilesystemMountPoints=Winbind-instance-mount-point \ -x AffinityOn=FALSE

8. Enable the failover and scalable resource group that now includes the Winbind Disk Storage and Logical Hostname resources.

   # scswitch -Z -g Winbind-failover-resource-group # scswitch -Z -g Winbind-scalable-resource-group

9. Create and register Samba as a failover data service.

   Follow Steps 4, 5, 6, 7, 10, and 11 in How to Register and Configure Sun Cluster HA for Samba as a Failover Service to create a failover Samba service. You then complete this last step to ensure that the Failover Samba Resource Group is start-dependent on the Scalable Winbind Resource Group.

   # scrgadm -c -g Samba-failover-resource-group \ -y RG_dependencies=Winbind-sclable-resource-group

10. Create and register winbind as a scalable data service.

    # cd /opt/SUNWscsmb/winbind/util

    Edit the winbind_config file and follow the comments within that file:.

    # These parameters can be customized in (key=value) form # # RS - name of the resource for the application # RG - name of the resource group containing RS # WB_BIN - name of the Winbind bin directory # WB_SBIN - name of the Winbind sbin directory. Used in Samba 3. # WB_INST - name of the Winbind configuration directory # NTUSER - name of the NT fault monitor user #WB_LIB_PATH- name of library paths to LD_LIBRARY_PATH #WB_DISCACHE - Should winbind cache be disabled. Used in Samba 3. #WB_SINGLEMODE - Should winbind run in single mode. Used in Samba 3. # LH - name of the LogicalHostname SC resource # HAS_RS - name of the Winbind HAStoragePlus SC resource

    The following is an example for a Winbind instance with Samba installed from http://www.samba.org.

    RS=wb-res RG=wb-scalable-rg WB_BIN=/global/samba/bin WB_INST=/global/samba/winbind NTUSER=samba WB_LIB_PATH=/usr/lib:/usr/local/lib WB_DISCACHE=FALSE WB_SINGLEMODE=FALSE LH=wmb-lh-res HAS_RS=wb-has-res

    After editing winbind_config, you must register the resource.

    # ./winbind_register

11. Enable the Winbind resource.

    # scstat # scswitch -e -j Winbind-resource

Verifying the Sun Cluster HA for Samba Installation and Configuration

This section contains the procedure you need to verify that you installed and configured your data service correctly.

How to Verify the Sun Cluster HA for Samba Installation and Configuration

Steps

1. Become superuser on one of the nodes in the cluster that will host Samba.

2. Ensure all the Samba resources are online with scstat.

   # scstat

   For each Samba resource that is not online, use the scswitch command as follows.

   # scswitch -e -j Samba- resouce

3. Run the scswitch command to switch the Samba resource group to another cluster node, such as node2.

   # scswitch -z -g Samba-failover-resource-group -h node2

Upgrading Sun Cluster HA for Samba

As a result of bug fixes, the configuration of Sun Cluster HA for Samba has changed. If you are running Sun Cluster HA for Samba, you must remove and reregister the resources for the following components of Sun Cluster HA for Samba.

• Samba component

• Winbind component

How to Upgrade Sun Cluster HA for Samba

Perform this task for each Samba resource that you must remove and reregister.

Steps

1. Save the resource definitions.

   # scrgadm -pvv -j resource > file1

2. Disable the resource.

   # scswitch -n -j resource

3. Remove the resource.

   # scrgadm -r -j resource

4. Configure and register the resource.

   1. Go to the directory that contains the configuration file and the registration file for the resource.

      # cd /opt/SUNWscsmb/prefixutil

   2. Edit the configuration file for the resource.

      vi prefix_config

   3. Run the registration file for the resource.

      # ./prefix_register

   prefix denotes the component to which the file applies, as follows:

   • samba denotes the Samba component.

   • winbind denotes the Winbind component.

5. Save the resource definitions.

   # scrgadm -pvv -j resource > file2

6. Compare the updated definitions to the definitions that you saved before you updated the resource.

   Comparing these definitions enables you to determine if any existing extension properties have changed, for example, time-out values.

   # diff file1 file2

7. Amend any resource properties that were reset.

   # scrgadm -c -j resource -x|y resource

8. Bring online the resource.

   # scswitch -e -j resource

Understanding the Sun Cluster HA for Samba Fault Monitor

This section describes the Sun Cluster HA for Samba fault monitor's probing algorithm or functionality, states the conditions, messages, and recovery actions associated with unsuccessful probing.

For conceptual information on fault monitors, see the Sun Cluster Concepts Guide.

Resource Properties

The Sun Cluster HA for Samba fault monitor uses the same resource properties as resource type SUNW.gds. Refer to the SUNW.gds(5) man page for a complete list of resource properties used.

Probing Algorithm and Functionality

• Probing steps for Samba.

  • Sleeps for Thorough_probe_interval.

  • Tries to connect to the Samba instance fault monitor share (scmondir), using smbclient, as user <fmuser>. If this fails, then the probe will restart the Samba resource.

  • The smbclient uses the NetBIOS name of the Samba server to verify that the NetBIOS name server works. If this fails, then the probe will restart the Samba resource.

  • If all Samba processes have died, pmf will interrupt the probe to immediately restart the Samba resource.

  • If the Samba resource is repeatedly restarted and exhausts the Retry_count within the Retry_interval, then a failover is initiated for the Resource Group onto another node.

• Probeing steps for Winbind.

  • Sleeps for Thorough_probe_interval.

  • Retrieves the defined <ntuser> by using getent passwd <ntuser>. If this fails, then the probe will restart the Winbind resource.

  • If the Winbind resource is repeatedly restarted and exhausts the Retry_count within the Retry_interval, then a failover is initiated for the Resource Group onto another node.

  ---

  Note –

  If nscd is on (default) and the defined <ntuser> is cached by the nscd daemon, then getent will return a success until the user has been removed from the cache, even if winbind itself isn't working.

  ---

Debug Sun Cluster HA for Samba

How to turn on debug for Sun Cluster HA for Samba

Sun Cluster HA for Samba can be used by multiple Samba instances. However, it is possible to turn debug on for all Samba instances or a particular Samba instance.

Each Samba component has a DEBUG file under /opt/SUNWscsmb/xxx/etc, where xxx is a three-character abbreviation for the respective Samba component.

These files allow you to turn on debug for all Samba instances or for a specific Samba instance on a particular node with Sun Cluster. If you require debug to be turned on for Sun Cluster HA for Samba across the whole Sun Cluster, repeat this step on all nodes within Sun Cluster.

Steps

1. Edit /etc/syslog.conf and change daemon.notice to daemon.debug.

   # grep daemon /etc/syslog.conf *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator #

   Change the daemon.notice to daemon.debug and restart syslogd. Note that the output below, from grep daemon /etc/syslog.conf, shows that daemon.debug has been set.

   # grep daemon /etc/syslog.conf *.err;kern.debug;daemon.debug;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator # # pkill -1 syslogd #

2. Edit /opt/SUNWscsmb/samba/etc/config.

   Perform this step for the Samba component (smb), and repeat for the optional Winbind components that requires debug output, on each node of Sun Cluster as required.

   Edit /opt/SUNWscsmb/samba/etc/config and change DEBUG= to DEBUG=ALL or DEBUG=resource.

   # cat /opt/SUNWscsmb/samba/etc/config # # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # Usage: # DEBUG=<RESOURCE_NAME> or ALL # DEBUG=ALL #

   ---

   Note –

   To turn off debug, reverse the steps above.

   ---