This section contains the information you need to plan your Sun Cluster HA for Samba installation and configuration.
This section provides a list of software and hardware configuration restrictions that apply to Sun Cluster HA for Samba only.
For restrictions that apply to all data services, see the Sun Cluster Release Notes.
Your data service configuration might not be supported if you do not observe these restrictions.
The Sun Cluster HA for Samba data service deployment – The Sun Cluster HA for Samba data service consists of two components, Samba and Winbind. These components have the following deployment restrictions.
Samba component — The Samba component, that is. SMB/CIFS and NetBIOS Name Server, cannot operate as a scalable service. Therefore, you can configure the Sun Cluster HA for Samba data service for the Samba component only be run as a failover service.
Winbind component — The Winbind component can operate as either a failover or scalable service. Therefore, you can configure the Sun Cluster HA for Samba data service for the Winbind component to run as a failover or scalable service.
Windows 200x with ADS (Active Directory Support) — Only Samba version 3.0.x can be used. Samba version 2.2.x don't have ADS capabillities.
Winbind deployment – The following restrictions apply when deploying winbind.
Samba Version — If the winbind feature is used, then you must install Samba v2.2.4 or later.
Solaris Version — Solaris 9 with patch 113476–05 or later.
Multiple instances — Only one instance of winbind can be deployed, whether that instance is a failover or scalable service.
Supported configurations – Currently, only the following configurations are supported with the Sun Cluster HA for Samba data service.
Samba in a Primary Domain Controller (PDC) configuration.
Samba in a Backup Domain Controller (BDC) configuration to a Samba PDC.
Samba as an NT 4 Domain member without winbind.
Samba as an NT 4 Domain Member with winbind (Refer to the restriction above with Solaris 9.)
Samba as an Windows 200x with ADS (Active Directory Support) member without winbind.
Samba as an Windows 200x with ADS (Active Directory Support) member with winbind (Refer to the restriction above with Solaris 9.)
Samba in a Standalone configuration
Installing Samba onto Cluster File Systems — The following restrictions apply for all Samba delivery methods.
Samba component — Each Samba instance must have a unique configuration directory that reflects the Samba NetBIOS instance name. You can mount this configuration directory as either a Failover File System or Global File System.
Winbind component — The winbind component only as a single instance. However, Winbind still requires a configuration directory. This configuration directory is the same directory as for the Samba component in failover service and in a separated directory for a scalable service.
It is best practice to mount Global File Systems with the /global prefix and to mount Failover File Systems with the /local prefix.
shows Samba installed from http://www.samba.org onto a Global File System with two Samba instances (SAMBA1 and SAMBA2) and Winbind within that Global File System. The final output shows a subset of the /etc/vfstab entries for Samba deployed using Solaris Volume Manager.
# ls -l /usr/local total 4 drwxrwxrwx 2 root other 512 Oct 1 16:44 bin lrwxrwxrwx 1 root other 13 Oct 11 11:20 samba -> /global/samba # # ls -l /global/samba total 18 drwxr-xr-x 2 root other 512 Oct 11 15:00 bin drwxr-xr-x 3 root other 512 Oct 14 13:49 lib drwxr-xr-x 6 root other 512 Oct 11 15:00 man drwxr-xr-x 2 root other 512 Oct 14 10:05 private drwxr-xr-x 7 root other 512 Oct 14 13:39 SAMBA1 drwxr-xr-x 7 root other 512 Oct 14 13:40 SAMBA2 drwxr-xr-x 6 root other 512 Oct 11 15:01 swat drwxr-xr-x 3 root other 512 Oct 14 10:45 var drwxr-xr-x 2 root other 512 Jan 17 09:28 winbind # # more /etc/vfstab (Subset of the output) /dev/md/dg_d6/dsk/d63 /dev/md/dg_d6/rdsk/d63 /global/samba ufs 4 yes logging,global # |
In Exampel 1–1 the configuration directory for the Samba NetBIOS instance SAMBA1 is /global/samba/SAMBA1, whereas the configuration directory for the Samba NetBIOS instance SAMBA2 is /global/samba/SAMBA2. The Winbind configuration directory is /global/samba/winbind.
Example 1–2 shows Samba installed from Solaris 9 on Local File Systems and two Samba instances (SMB1 and SMB2) on Failover File Systems. The final output shows a subset of the /etc/vfstab entries for Samba deployed using Solaris Volume Manager.
# ls -l /local/samba total 4 drwxr-xr-x 2 root other 512 Dec 19 15:51 SMB1 drwxr-xr-x 2 root other 512 Dec 19 15:51 SMB2 # # more /etc/vfstab (Subset of the output) /dev/md/dg_d7/dsk/d70 /dev/md/dg_d7/rdsk/d70 /local/samba/SMB1 ufs 3 no logging /dev/md/dg_d8/dsk/d80 /dev/md/dg_d8/rdsk/d80 /local/samba/SMB2 ufs 3 no logging # |
In example 1–2 the configuration directory for the Samba NetBIOS instance SMB1 is /local/samba/SMB1, whereas the configuration directory for the Samba NetBIOS instance SMB2 is /local/samba/SMB2.
These requirements apply to Sun Cluster HA for Samba only. You must meet these requirements before you proceed with your Sun Cluster HA for Samba installation and configuration.
Your data service configuration might not be supported if you do not adhere to these requirements.
If you want to set up Samba as member of a Windows 200x server with ADS support, you must configure kerberos on the cluster nodes and compile Samba with both Ldap and kerberos support. Read the Samba documentation for those tasks.
Samba components and their dependencies —You can configure the Sun Cluster HA for Samba data service to protect a Samba instance and its respective components. These components, and their dependencies are described in Table 1–3.
Table 1–3 Samba components and their dependencies (via -> symbol)
Componet |
Description |
---|---|
Samba (Mandatory) |
-> Winbind resource, if winbind and a single Samba instance is deployed. See below for more information. -> Winbind resource group, if winbind and multiple Samba instances are deployed. See below for more information. -> SUNW.HAStoragePlus resource The SUNW.HAStoragePlus resource manages the Samba File System Mount points and ensures that Samba is not started until these are mounted. |
Winbind(Optional) |
-> SUNW.HAStoragePlus resource The SUNW.HAStoragePlus resource manages the Winbind File System Mount points and ensures that Winbind is not started until these are mounted. |
For more detailed information about these Samba components, refer to the smbd(8), nmbd(8), winbindd(8), and smb.conf(5) man pages.
If your configuration has only a single instance of Samba with winbind, the winbind resource must be registered within the same resource group as the Samba resource and the winbind resource will use the same configuration directory as the Samba resource. The Samba resource must be start-dependent on the winbind resource. Refer to the r_properties(5) man page for information on Resource_dependencies.
If your configuration has multiple instances of Samba with winbind, the winbind resource must be a scalable resource and have a separate configuration directory, and all Samba resources must be start-dependent on the winbind scalable resource group. Refer to the rg_properties(5) man page for information on RG_dependencies. You must mount the winbind configuration directory as a Global File System.
Each Samba component has a configuration and registration file in /opt/SUNWscsmb/xxx/util, where xxx is a three—character abbreviation for the respective Samba component. These files allow you to register the Samba components with Sun Cluster.
Within these files, the appropriate dependencies have been applied.
# cd /opt/SUNWscsmb # # ls -l samba/util total 6 -rwxr-xr-x 1 root sys 1526 Dec 20 14:44 samba_config -rwxr-xr-x 1 root sys 736 Dec 20 14:44 samba_register # # ls -l winbind/util total 4 -rwxr-xr-x 1 root sys 1006 Dec 20 14:44 winbind_config -rwxr-xr-x 1 root sys 613 Dec 20 14:44 winbind_register # # more samba/util/samba_config :::::::::::::: samba/util/samba_config :::::::::::::: # # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # This file will be sourced in by samba_register and the parameters # listed below will be used. # # These parameters can be customized in (key=value) form # # RS - name of the resource for the application # RG - name of the resource group containing RS # SMB_BIN - name of the Samba bin directory # SMB_SBIN - name of the Samba sbin directory # (If no sbin then specify the bin directory) # SMB_INST - name of the Samba configuration directory # SMB_LOG - name of the Samba log directory # for log.smbd and log.nmbd # (If not specified will default # to $SMB_INST/logs) #SMB_LIB_PATH - name of library paths to LD_LIBRARY_PATH # FMUSER - name of the Samba fault monitor user # FMPASS - name of the Samba fault monitor user password # FMDOMAIN - name of the NT-domain faultmonitor user is configured on. # ( This should be used if faultmonitor user is not configured # on the same NT-domain Samba is member to ) # LH - name of the LogicalHostname SC resource # HAS_RS - name of the Samba HAStoragePlus SC resource # # The following two examples illustrate sample parameters # for Samba packaged with Solaris 9 and Samba downloaded # from http://www.samba.org. # # Please be aware that /global/samba, /global/samba/SAMBA1 and # uid/pwd of samba are used just as examples. You will need # change this if your values are different. # # SUNWsmb* packaged with Solaris 9 # # SMB_BIN=/usr/sfw/bin # SMB_SBIN=/usr/sfw/sbin # SMB_INST=/local/samba/SMB1 # SMB_LOG=/local/samba/SMB1/logs # FMUSER=samba # FMPASS=samba # FMDOMAIN= # # Latest production release from http://www.samba.org # # SMB_BIN=/global/samba/bin # SMB_SBIN=/global/samba/sbin or /global/samba/bin # SMB_INST=/global/samba/SAMBA1 # SMB_LOG=/global/samba/SAMBA1/logs # FMUSER=samba # FMPASS=samba # FMDOMAIN= # RS= RG= SMB_BIN= SMB_SBIN= SMB_INST= SMB_LOG= SMB_LIB_PATH=/usr/lib:/usr/local/lib FMUSER= FMPASS= FMDOMAIN= LH= HAS_RS= :::::::::::::: # more winbind/util/winbind_config :::::::::::::: winbind/util/winbind_config :::::::::::::: # # # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # This file will be sourced in by samba_register and the parameters # listed below will be used. # # These parameters can be customized in (key=value) form # # RS - name of the resource for the application # RG - name of the resource group containing RS # WB_BIN - name of the Winbind bin directory # WB_SBIN - name of the Winbind sbin directory. Used in Samba 3. # WB_INST - name of the Winbind configuration directory # NTUSER - name of the NT fault monitor user #WB_LIB_PATH- name of library paths to LD_LIBRARY_PATH #WB_DISCACHE - Should winbind cache be disabled. Used in Samba 3. #WB_SINGLEMODE - Should winbind run in single mode. Used in Samba 3. # LH - name of the LogicalHostname SC resource # HAS_RS - name of the Winbind HAStoragePlus SC resource # # The following example illustrates sample parameters # for the latest production release of Samba downloaded # from http://www.samba.org. # # # Latest production release from http://www.samba.org # # WB_BIN=/global/samba/bin # WB_SBIN=/global/samba/sbin # WB_INST=/global/samba/winbind # NTUSER=samba # RS= RG= WB_BIN= WB_SBIN= WB_INST= NTUSER= WB_LIB_PATH=/usr/lib:/usr/local/lib WB_DISCACHE=FALSE WB_SINGLEMODE=FALSE LH= HAS_RS= |
If you want to set up Samba as member of a Windows 200x server with ADS support and the Samba binaries is not static linked with the Ldap and kerberos libraries, you must configure SMB_LIB_PATH parameter in /opt/SUNWscsmb/samba/utils/samba_config and WB_LIB_PATH in /opt/SUNWscsmb/winbind/utils/winbind_config to point to the directories where those libraries resides.
smb.conf file — The Sun Cluster HA for Samba data service provides a sample smb.conf file. Ensure that the following parameters are set.
The smb.conf file is probably the most important file within Samba. Refer to the smb.conf(5) man page for complete configuration information on the parameters that follow. The Samba man pages with Solaris 9 are installed only if you have installed the SUNWsfman package.
Samba parameters in the smb.conf file for 2.2.x and for Samba 3.0.x.
bind interfaces only must be set to True.
interface must be defined to the Logical Hostname.
netbios name must be set to the NetBIOS name by which the Samba server is known.
security specifies the security mode under which the Samba instance will run.
Winbind parameters in the smb.conf file for 2.2.x.
workgroup must be set to the same value as the Samba smb.conf entry.
password server must be set to the same value as the Samba smb.conf entry.
template homedir must be set to the same value as the Samba smb.conf entry.
template shell must be set to the same value as the Samba smb.conf entry.
winbind uid must be set to the same value as the Samba smb.conf entry.
winbind gid must be set to the same value as the Samba smb.conf entry.
winbind enum users must be set to the same value as the Samba smb.conf entry.
winbind use default domain must be set to the same value as the Samba smb.conf entry.
Winbind parameters in the smb.conf file for 3.0.x.
workgroup must be set to the same value as the Samba smb.conf entry.
password server must be set to the same value as the Samba smb.conf entry.
template homedir must be set to the same value as the Samba smb.conf entry.
template shell must be set to the same value as the Samba smb.conf entry.
idmap uid must be set to the same value as the Samba smb.conf entry.
idmap gid must be set to the same value as the Samba smb.conf entry.
winbind enum users must be set to the same value as the Samba smb.conf entry.
winbind use default domain must be set to TRUE.
If you make additional smb.conf entries and those entries require a path variable, then you must ensure that any subsequent pathname is created within the relevant Samba or Winbind instance configuration directory.