This chapter explains how to install and configure Sun Cluster HA for Samba.
This chapter contains the following sections.
Overview of Installing and Configuring Sun Cluster HA for Samba
Planning the Sun Cluster HA for Samba Installation and Configuration
Verifying the Sun Cluster HA for Samba Installation and Configuration
Sun Cluster HA for Samba can be used with Samba that is packaged with Solaris 9 or 10, or downloaded and compiled from http://www.samba.org. Sun provides support for Samba that is packaged with Solaris 9 or 10, but does not offer support for Samba that has been downloaded and compiled from http://www.samba.org.
The Sun Cluster HA for Samba data service supports whichever Samba delivery is chosen so long as you adhere to the Configuration Restrictions and Configuration Requirements. If running a very recent version of Samba downloaded and compiled from http://www.samba.org you must also check that the Sun Cluster HA for Samba data service has been verified against that version.
Sun Cluster HA for Samba enables the Sun Cluster software to manage Samba by providing components to perform the orderly startup, shutdown, and fault monitoring of Samba.
The following table summarizes the tasks for installing and configuring Sun Cluster HA for Samba and provides cross-references to detailed instructions for performing these tasks. Perform the tasks in the order that they are listed in the table.
Table 1 Tasks for Installing and Configuring Sun Cluster HA for Samba
Task |
Instructions |
---|---|
Plan the installation |
Planning the Sun Cluster HA for Samba Installation and Configuration |
Install and configure the Samba software | |
Verify the installation and configuration | |
Install Sun Cluster HA for Samba packages | |
Register and configure Sun Cluster HA for Samba resources | |
Verify the Sun Cluster HA for Samba installation and configuration |
Verifying the Sun Cluster HA for Samba Installation and Configuration |
Tune the Sun Cluster HA for Samba fault monitor | |
Debug Sun Cluster HA for Samba |
This section contains the information you need to plan your Sun Cluster HA for Samba installation and configuration.
Throughout this section references will be made to the Samba instance and winbind instance. The Sun Cluster HA for Samba data service consists of three components smbd, nmbd, and winbindd.
The smbd and optional nmbd components will be created within a single resource. This will be referred to as the Samba instance or Samba resource.
The winbindd component will be created as a separate resource and will be referred to as the winbind instance or winbind resource.
For conceptual information about failover data services, and scalable data services, see Sun Cluster Concepts Guide for Solaris OS.
For conceptual information about HA containers, see Sun Cluster Data Service for Solaris Containers Guide for Solaris OS.
The configuration restrictions in the subsections that follow apply only to Sun Cluster HA for Samba.
Your data service configuration might not be supported if you do not observe these restrictions.
Sun Cluster HA for Samba supports Samba in the following configurations.
Primary Domain Controller (PDC).
Backup Domain Controller (BDC) to a Samba PDC.
NT4 domain member server with or without winbind.
Active Directory domain member server with or without winbind.
Standalone configuration.
Sun Cluster HA for Samba is supported in the following Sun Cluster configurations.
smbd and nmbd can only be configured to run within a failover resource group.
winbindd can be configured to run within a failover or scalable resource group.
All components can run in a global zone, a non-global zone or an HA container. See Restriction for multiple Samba instances that require winbind for more information.
The Samba files are where the Samba shares and smb.conf files are stored. The Sun Cluster HA for Samba data service requires that these files are stored within a configuration directory that reflects the NetBIOS name for the Samba or winbind instance. The Samba files needs to be placed on shared storage as either a cluster file system or a highly available local file system.
The following deployment example has been taken from Deployment Example: Installing Samba packaged with Solaris 10, where the configuration directory is /local/samba/smb1 which is a highly available local file system and the NetBIOS name is smb1.
Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks |
If Samba is downloaded and compiled from http://www.samba.org you may also want to consider placing these binaries on a cluster file system or highly available local file system.
Refer to Determining the Location of Application Binaries in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for a discussion on cluster file systems and highly available local file systems.
The Samba smb.conf file is a configuration file that is used by the Samba and winbind instances.
The Sun Cluster HA for Samba data service requires that these files are located at configuration-directory/lib/smb.conf. Depending on how Samba is deployed the following restrictions apply.
Each Samba instance requires a unique configuration directory that reflects the NetBIOS name of the Samba instance.
A winbind instance may share a Samba instance configuration directory and subsequent smb.conf file, together with the NetBIOS name of the Samba instance, if the Samba and winbind instances are deployed within the same failover resource group.
If a winbind instance is configured within a scalable resource group, a unique configuration directory that reflects the NetBIOS name for the winbind instance is required.
Each Samba instance smb.conf file must have a [scmondir] share. The Sun Cluster HA for Samba fault monitor uses smbclient to access the directory specified within [scmondir] to verify that smnd is operating correctly.
[scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No |
For illustration purposes the following example shows Samba installed from http://www.samba.org onto a cluster file system with two Samba instances (smb1 and smb2) and a winbind instance (winbind).
The Samba instances will run as failover services within separate failover resource groups on highly available local file systems with their own unique configuration directories. winbind will run as a scalable service on a cluster file system with it's own unique configuration directory.
Within this example:
Samba has been downloaded into /global/samba/software.
Samba has been compiled into /global/samba/3.0.22.
The NetBIOS name for the Samba instances are smb1 and smb2.
The NetBIOS name for the winbind instance is winbind.
The Samba instance smb1 has its configuration directory as /local/samba/config/smb1.
The Samba instance smb2 has its configuration directory as /local/samba/config/smb2.
The winbind instance winbind has its configuration directory as /global/samba/config/winbind.
The Samba instance smb1 has its smb.conf file located at /local/samba/config/smb1/lib/smb.conf.
The Samba instance smb2 has its smb.conf file located at /local/samba/config/smb2/lib/smb.conf.
The winbind instance winbind has its smb.conf file located at /global/samba/config/winbind/lib/smb.conf.
bash-3.00# ls -l /opt/samba lrwxrwxrwx 1 root root 20 Jul 13 11:24 /opt/samba -> /global/samba/latest bash-3.00# bash-3.00# ls -l /global/samba total 8 drwxrwx--- 2 root root 512 Jul 13 11:20 3.0.22 drwxrwx--- 3 root root 512 Jul 13 11:20 config lrwxrwxrwx 1 root root 20 Jul 13 11:20 latest -> /global/samba/3.0.22 drwxrwx--- 2 root root 512 Jul 13 11:20 software bash-3.00# bash-3.00# ls -l /global/samba/config total 2 drwxrwx--- 2 root root 512 Jul 13 11:20 winbind bash-3.00# bash-3.00# ls -l /local/samba/config total 4 drwxrwx--- 2 root root 512 Jul 13 11:25 smb1 drwxrwx--- 2 root root 512 Jul 13 11:25 smb2 bash-3.00# |
The Sun Cluster HA for Samba data service can support multiple Samba instances. However, only one winbind instance is supported per global zone, non-global zone or HA container.
If you intend to deploy multiple Samba instances that also require winbind, then you will need to consider if winbind needs to be a scalable service. The following discussion will help you determine how to deploy single or multiple Samba instances with winbind.
Disregard any reference to winbind if it is not required.
Within these examples:
There are two nodes within the cluster, node1 and node2.
Both nodes have two non-global zones each named z1 and z2.
Additional non-global zones are represented by z[n].
Each example listed simply shows the required Nodelist property value when creating a failover or scalable resource group.
Benefits and drawbacks are listed within each example as + and -.
Although these examples show non-global zones z1 and z2, you may also use global as the zone name or omit the zone entry within the Nodelist property value to use the global zone.
Create a single failover resource group that will contain all the Samba instances and a winbind instance in non-global zones across node1 and node2.
# clresourcegroup create -n node1:z1,node2:z1 RG1 |
+ Only one non-global zone per node is required.
- All Samba/winbind instances do not have independent failover as they are all within the same failover resource group.
Create multiple failover resource groups that will each contain one Samba/winbind instance in exclusive non-global zones across node1 and node2.
# clresourcegroup create -n node1:z1,node2:z1 RG1 # # clresourcegroup create -n node1:z2,node2:z2 RG2 # # clresourcegroup create -n node1:z[n],node2:z[n] RG[n] |
+ All Samba/winbind instances have independent failover in separate failover resource groups.
+ All Samba/winbind instances are isolated within their own exclusive non-global zones.
-Each resource group requires a unique non-global zone per node.
Create multiple failover resource groups that will each contain one Samba instance and one scalable resource group that will contain a scalable winbind resource in shared non-global zones across node1 and node2.
# clresourcegroup create -n node1:z1,node2:z1 RG1 # # clresourcegroup create -n node1:z1,node2:z1 RG2 # # clresourcegroup create -n node1:z1,node2:z1 RG[n] # # clresourcegroup create -S -n node1:z1,node2:z1 RG3 |
+ All Samba instances have independent failover within separate failover resource groups.
+ Only one non-global zone per node is required.
+/- All Samba instances share the same non-global zone.
For a scalable resource group different zones from the same node cannot be specified in the Nodelist parameter, thereby limiting a scalable resource group for winbind to one zone from the same node.
Create multiple failover resource groups that will each contain an HA container. Each HA container will then contain one Samba/winbind instance.
# clresourcegroup create -n node1,node2 RG1 # # clresourcegroup create -n node1,node2 RG2 # # clresourcegroup create -n node1,node2 RG[n] |
+ All Samba instances have independent failover within separate failover resource groups.
+ The same HA container per resource group is used per node.
+ Each HA container is only active on one node at a time.
- Each resource group requires a unique HA container per node.
If your requirement is simply to make Samba highly available you should consider choosing a global or non-global zone deployment over an HA container deployment. Deploying Samba within an HA container will incur additional failover time to boot/halt the HA container.
The configuration requirements in this section apply only to Sun Cluster HA for Samba.
If your data service configuration does not conform to these requirements, the data service configuration might not be supported.
Solaris zones provides a means of creating virtualized operating system environments within an instance of the Solaris 10 OS. Solaris zones allow one or more applications to run in isolation from other activity on your system. For complete information about installing and configuring a Solaris Container, see System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
You must determine which Solaris Zone Samba will run in. Samba can run within a global zone, non-global zone or in an HA container configuration. Table 2 provides some reasons to help you decide.
Samba cam be deployed within a whole root zone or a sparse root zone of a non-global zone or HA container.
Zone type |
Reasons for choosing the appropriate Solaris Zone for Samba |
---|---|
Global Zone |
Only one instance of Samba will be installed. Non-global zones are not required. |
Non-global Zone |
Several Samba instances need to be consolidated and isolated from each other. Different versions of Samba will be installed. Failover testing of Samba between non-global zones on the same node is required. |
HA Container |
You require Samba to run in the same zone regardless of which node the HA container is running on. |
If your requirement is simply to make Samba highly available you should consider choosing a global or non-global zone deployment over an HA Container deployment. Deploying Samba within an HA container will incur additional failover time to boot/halt the HA container.
If your Samba resource requires winbind, you must configure a start dependency on the winbind resource.
You will be required to set this dependency after you have created the Samba and winbind resources and will be prompted to do so later on within Registering and Configuring Sun Cluster HA for Samba.
Table 3 list the various dependencies.
Table 3 Samba components and their dependencies
Component |
Description |
---|---|
Samba resource (smbd and nmbd) |
The winbind resource (If the Samba resource requires winbind services) The smbd Logical Host resource The smbd HA Storage resource |
winbind resource (winbindd) |
The winbindd Logical Host resource The winbindd HA Storage resource |
Dependencies against the relevant component's Logical Host or HA Storage resource will be set for you when the Samba and winbind resources are registered.
The Samba smb.conf file located within each configuration directory must contain the following parameters. Refer to the smb.conf(5) man page for complete configuration information on the parameters that follow.
Samba parameters required in smb.conf for Samba 2.2.x and 3.0.x.
bind interfaces only must be set to True.
interface must be defined to the Logical Hostname.
lock dir must include the samba-configuration-directory in it's path.
netbios name must be set to the NetBIOS name by which the Samba server is known.
pid directory must include the samba-configuration-directory in it's path.
security specifies the security mode under which the Samba instance will run.
smb passwd file must include the samba-configuration-directory in it's path.
Winbind parameters required in smb.conf for Samba 2.2.x.
workgroup must be set to the same value as the Samba smb.conf entry.
bind interfaces only must be set to True.
interface must be defined to the Logical Hostname.
lock dir must include the samba-configuration-directory in it's path.
netbios name must be set to the NetBIOS name by which the winbind server is known.
password server must be set to the same value as the Samba smb.conf entry.
pid directory must include the samba-configuration-directory in it's path.
template homedir must be set to the same value as the Samba smb.conf entry.
template shell must be set to the same value as the Samba smb.conf entry.
winbind enum users must be set to the same value as the Samba smb.conf entry.
winbind gid must be set to the same value as the Samba smb.conf entry.
winbind uid must be set to the same value as the Samba smb.conf entry.
winbind use default domain must be set to the same value as the Samba smb.conf entry.
Winbind parameters required in smb.conf for Samba 3.0.x.
workgroup must be set to the same value as the Samba smb.conf entry.
bind interfaces only must be set to True.
interface must be defined to the Logical Hostname.
lock dir must include the samba-configuration-directory in it's path.
netbios name must be set to the NetBIOS name by which the winbind server is known.
password server must be set to the same value as the Samba smb.conf entry.
pid directory must include the samba-configuration-directory in it's path.
template homedir must be set to the same value as the Samba smb.conf entry.
template shell must be set to the same value as the Samba smb.conf entry.
idmap gid must be set to the same value as the Samba smb.conf entry.
winbind enum users must be set to the same value as the Samba smb.conf entry.
idmap uid must be set to the same value as the Samba smb.conf entry.
winbind use default domain must be set to TRUE.
This section contains the procedures you need to install and configure Samba.
This section contains the procedures you need to install and configure Samba.
Determine how many Samba instances will be used.
Refer to Restriction for multiple Samba instances that require winbind for more information.
Determine which Solaris zone to use.
Refer to Determine which Solaris Zone Samba will run use for more information.
If a zone will be used, create the non-global zone or HA container.
Refer to System Administration Guide: Solaris Containers-Resource Management and Solaris Zones for complete information about installing and configuring a Solaris Container.
Refer to Sun Cluster Data Service for Solaris Containers Guide for Solaris OS for complete information about creating an HA container.
Create a cluster file system or highly available local file system for the Samba files.
Refer to Restriction for the Location of Samba files for more information.
Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about creating a cluster file system or highly available local file system.
You may also want to consider allocating additional space if you install Samba from http://www.samba.org.
Install Samba onto a cluster file system or highly available local file system.
Sun provides support for Samba that is packaged with Solaris 9 or 10, but does not offer support for Samba that has been downloaded and compiled from http://www.samba.org.
Check Samba is installed on Solaris 9 or 10.
Refer to How to Check Samba is installed with Solaris 9 or 10 for more information.
Download and compile Samba from http://www.samba.org.
Refer to How to Install and Configure Samba downloaded from http://www.samba.org for more information.
Samba is already installed and configured with Solaris 9 or 10 and included in the following packages SUNWsmbac, SUNWsmbar, SUNWsmbau, and SUNWsfman. Refer to the Freeware Features within the book Solaris 10 What's New to check if new features have been added to Samba packaged with Solaris 10.
Check the package information to verify that Samba is installed on every node.
# for i in SUNWsmbac SUNWsmbar SUNWsmbau SUNWsfman > do > pkginfo $i > done system SUNWsmbac samba - A Windows SMB/CIFS fileserver for UNIX (client) system SUNWsmbar samba - A Windows SMB/CIFS fileserver for UNIX (Root) system SUNWsmbau samba - A Windows SMB/CIFS fileserver for UNIX (Usr) system SUNWsfman GNU and open source man pages |
Check what Samba version is installed on every node.
# pkginfo -l SUNWsmbac PKGINST: SUNWsmbac NAME: samba - A Windows SMB/CIFS fileserver for UNIX (client) CATEGORY: system ARCH: i386 VERSION: 11.10.0,REV=2005.01.08.01.09 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: samba - A Windows SMB/CIFS fileserver for UNIX (client) 3.0.11 PSTAMP: sfw10-patch-x20050420163529 INSTDATE: Oct 03 2005 09:23 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 13 installed pathnames 3 shared pathnames 3 directories 10 executables 10937 blocks used (approx) |
See How to Prepare Samba for Sun Cluster HA for Samba.
If a newer version of Samba is required you can download and compile Samba from http://www.samba.org.
(Optional) Mount the highly available local file system.
It is recommended that you download and install Samba onto a cluster file system or highly available local file system. Doing so will allow you to have Samba installed in one location. You will also be able to mount the file system in Solaris zones.
If multiple Samba instances will be deployed you should use a cluster file system for the Samba binaries and either a cluster file system or highly available local file system for the Samba files.
Refer to Example 2 in Restriction for the Samba smb.conf files for an example of download and compiling Samba onto a cluster file system and using a highly available local file system for the Samba files for each Samba instance.
Alternatively, you can download and compile Samba onto local file system for each Solaris zone.
If a cluster file system is being used, the file system should already be mounted at boot as a global file system.
# mount samba-highly-available-local-file-system |
Download and compile Samba from http://www.samba.org.
Here Kerberos, OpenLDAP, and Samba will be downloaded and compiled.
Samba will use the idmap_rid facility to map a single ADS domain SIDs to Solaris UIDs and GIDs. You should determine what idmap is suitable for your installation.
Within this example the samba-highly-available-local-file-system is /local/samba, where the software is installed into /local/samba/software and compiled into /opt/samba.
For more information using these filenames refer to the following deployment example in Deployment Example: Installing Samba from http://www.samba.org where these commands have been has been taken.
Download, Extract and Install Kerberos.
Vigor5# cd /local/samba/software Vigor5# wget http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.3-signed.tar Vigor5# tar -xfBp krb5*tar Vigor5# gunzip -c krb5*.tar.gz | tar -xfBp - Vigor5# rm krb5*tar* Vigor5# cd krb5*/src Vigor5# CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/samba \ > --enable-dns-for-realm Vigor5# make Vigor5# make install |
Download, Extract and Install OpenLDAP.
You must obtain a fix for Bug ID: 6419029 which describes a problem when compiling OpenLDAP before proceeding with this step.
Vigor5# cd /local/samba/software Vigor5# wget \ > ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.24.tgz Vigor5# gunzip -c openldap-2.3.24.tgz | tar -xfBp - Vigor5# rm openldap-2.3.24.tgz Vigor5# cd openldap* Vigor5# CC=/opt/SUNWspro/bin/cc \ > CPPFLAGS="-I/opt/samba/include" \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --disable-slapd --disable-slurpd Vigor5# make depend Vigor5# make Vigor5# make install |
Download, Extract and Install Samba.
Vigor5# cd /local/samba/software Vigor5# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.22.tar.gz Vigor5# gunzip -c samba-3.0.22.tar.gz | tar -xfBp - Vigor5# rm samba-3.0.22.tar.gz Vigor5# cd samba*/source Vigor5# CC=/opt/SUNWspro/bin/cc \ > CFLAGS=-I/opt/samba/include \ > LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \ > --with-ads --with-krb5=/opt/samba --with-shared-modules=idmap_rid Vigor5# make Vigor5# make install |
Copy winbind libnss_winbind.so to /usr/lib.
# cd /local/samba/software/samba*/source # # cp nsswitch/libnss_winbind.so /usr/lib # ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 # ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 |
See How to Prepare Samba for Sun Cluster HA for Samba.
This section contains the steps to prepare Samba for use with the Sun Cluster HA for Samba data service.
Some steps require that you use Samba commands, refer to the Docs and Books section with http://www.samba.org for the relevant man pages for more information of these Samba commands.
Perform this procedure on one node of the cluster, unless a specific step indicates otherwise.
If a non-global zone or HA container is being used, ensure the zone is booted.
Repeat this step on all nodes on the cluster.
# zoneadm list -v |
Boot the zone if it is not running.
# zoneadm -z zonename boot |
Create the fault monitor user.
If winbind is being used.
Create the fault monitor user on the NT PDC or ADS server with no home directory, no user profile and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.
If winbind is not being used.
Repeat this step on all nodes or zones on the cluster.
If the global zone is being used for Samba.
# groupadd -g 1000 samba-fault-monitor-group # useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user |
If a non-global zone or HA container is being used for Samba.
Create the fault monitor user in the zone.
# zlogin zonename groupadd -g 1000 samba-fault-monitor-group # zlogin zonename useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user |
A local Samba fmuser also requires a local password. The settings in the smb.conf specify which password will be used.
If winbind is used, add winbind as a name service on all nodes with Sun Cluster.
Repeat this step on all nodes or zones on the cluster.
Edit /etc/nsswitch.conf in the zones being used for Samba and add winbind to the passwd: and group: entries, for example:
# grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind |
If winbind is used, disable the Name Service Cache Daemon on all nodes with Sun Cluster.
Repeat this step on all nodes or zones on the cluster.
Create a cluster file system or highly available local file system.
Perform this step on all nodes of the cluster.
You must create a cluster file system or highly available local file system for some Samba files. Refer to Restriction for the Location of Samba files for more information on what is meant by Samba files.
Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about how to create a cluster file system or highly available local file system.
Mount the cluster file system or highly available local file system.
Perform this step on one node of the cluster.
If the global zone is being used for Samba.
# mount samba-highly-available-local-file-system |
If a non-global zone or HA container is being used for Samba.
Create the mount point on all zones of the cluster that are being used for Samba.
Mount the cluster file system or highly available local file system on one of the zones being used by Samba.
# zlogin zonename mkdir samba-highly-available-local-file-system # # mount -F lofs samba-highly-available-local-file-system \ > /zonepath/root/samba-highly-available-local-file-system |
Create the Samba configuration directory.
Repeat this step for each Samba or winbind instance on one node of the cluster.
Create the Samba configuration directory within the samba-highly-available-local-file-system.
# mkdir -p samba-configuration-directory # cd samba-configuration-directory # mkdir -p lib logs private shares var/locks |
The following deployment example has been taken from Deployment Example: Installing Samba packaged with Solaris 10 where /local is the highly available local file system and /local/samba/smb1 is the samba-configuration-directory.
Vigor5# mkdir -p /local/samba/smb1 Vigor5# cd /local/samba/smb1 Vigor5# mkdir -p lib logs private shares var/locks |
Create the smb.conf file within the configuration directory.
Repeat this step for each Samba or winbind instance on one node of the cluster.
Create a smb.conf file within the configuration directory that reflects the instance.
Refer to Required parameters for the Samba smb.conf file and the smb.conf[5] man page for an explanation of the required parameters.
The following deployment example has been taken from Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF [global] workgroup = ADS bind interfaces only = yes interfaces = SMB1/255.255.255.0 netbios name = SMB1 security = ADS realm = ADS.EXAMPLE.COM password server = ADS.EXAMPLE.COM server string = Samba (%v) domain (%h) pid directory = /local/samba/smb1/var/locks log file = /local/samba/smb1/logs/log.%m smb passwd file = /local/samba/smb1/private/smbpasswd private dir = /local/samba/smb1/private lock dir = /local/samba/smb1/var/locks winbind cache time = 30 allow trusted domains = no idmap backend = rid:ADS=100000-200000 idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes [scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No EOF |
If security = share is required then you must include guest only = yes within [scmondir].
Add the NetBIOS name entry to /etc/hosts and /etc/inet/ipnodes.
Repeat this step on all nodes or zones on the cluster.
Edit /etc/hosts and /etc/inet/ipnodes in the zones being used for Samba and add the NetBIOS name entries, for example:
# egrep -e "SMB1|ADS" /etc/hosts /etc/inet/ipnodes /etc/hosts:192.168.1.132 SMB1#20 /etc/hosts:192.168.1.9 ADS.EXAMPLE.COM#20 /etc/inet/ipnodes:192.168.1.132 SMB1#20 /etc/inet/ipnodes:192.168.1.9 ADS.EXAMPLE.COM#20 |
The name resolve order parameter in the smb.conf file will determine what naming service to use and in what order to resolve host names to IP addresses. Refer to the smb.conf[5] for more information.
The interfaces, netbios name and password server all require host name to IP address resolution.
If Samba will operate as an Active Directory Domain Member Server, create the Kerberos krb5.conf file.
Repeat this step on all nodes or zones on the cluster.
Create the /etc/krb5.conf file in the zones being used for Samba, that reflects the ADS realm. Refer to http://www.samba.org for complete information about installing and configuring Samba as a ADS domain member.
The following deployment example has been taken from Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /etc/krb5.conf <<-EOF [libdefaults] default_realm = ADS.EXAMPLE.COM [realms] ADS.EXAMPLE.COM = { kdc = 192.168.1.9 admin_server = 192.168.1.9 } [domain_realm] .your.domain.name = ADS.EXAMPLE.COM your.domain.name = ADS.EXAMPLE.COM EOF Vigor5# Vigor5# rm /etc/krb5/krb5.conf Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf |
Configure the logical host.
Perform this step on one node of the cluster.
The samba-logical-host should be the value you specified for the interfaces parameter when you created the smb.conf file in Step 8.
Test the smb.conf file.
Perform this step on one node or zone of the cluster.
If configured as a NT Domain Member and using Samba 2.2.x join the domain.
Perform this step on one node or zone of the cluster.
If the global zone is being used for Samba.
# samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -j domain -r PDC \ > -U Administrator-on-the-PDC |
If a non-global zone or HA container is being used for Samba.
# zlogin zonename samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -j domain -r PDC \ > -U Administrator-on-the-PDC |
If configured as a NT Domain Member and using Samba 3.0.x join the domain.
Perform this step on one node or zone of the cluster.
If the global zone is being used for Samba.
# samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > RPC JOIN \ > -U Administrator-on-the-PDC |
If a non-global zone or HA container is being used for Samba.
# zlogin zonename samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > RPC JOIN \ > -U Administrator-on-the-PDC |
If configured as a Windows 2003 Domain Member Server with ADS join the domain.
Perform this step on one node or zone of the cluster.
If the global zone is being used for Samba.
# samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > ADS JOIN \ > -U Administrator-on-the-ADS |
If a non-global zone or HA container is being used for Samba.
# zlogin zonename samba-bin-directory/net \ > -s samba-configuration-directory/lib/smb.comf \ > ADS JOIN \ > -U Administrator-on-the-ADS |
If configured as a PDC or with security = user add the fault monitor user.
Perform this step on one node or zone of the cluster.
If the global zone is being used for Samba.
# samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -a samba-fault-monitor-user |
If a non-global zone or HA container is being used for Samba.
# zlogin zonename samba-bin-directory/smbpasswd \ > -c samba-configuration-directory/lib/smb.comf \ > -a samba-fault-monitor-user |
If configured with security = share perform this step.
Ensure guest only = yes is coded within the [scmondir] section of your smb.conf file.
This section contains the procedure you need to verify the installation and configuration.
This procedure does not verify that your application is highly available because you have not yet installed your data service.
Perform this procedure on one node or zone of the cluster only.
Test the smb.conf file.
If winbind is used, start and test winbind.
Start and test winbind.
If the global zone is being used for Samba.
# samba-sbin-directory/winbindd \ > -s samba-configuration-directory/lib/smb.conf # getent passwd # getent group |
If a non-global zone or HA container is being used for Samba.
# zlogin zonename samba-sbin-directory/winbindd \ > -s samba-configuration-directory/lib/smb.conf # zlogin zonename getent passwd # zlogin zonename getent group |
Test if the fault monitor user can be resolved.
This test must succeed.
If you encounter problems restart winbindd with debug information using -d 3.
You should then retest and observe the winbindd log file which can be found at samba-configuration-directory/logs/log.winbindd.
Winbind caching can affect the results from getent passwd samba_fault_monitor which might not be up-to-date. Refer to the winbind[8] man page for more information on winbind caching and to the smb.conf[5] man page for more information on winbind cache time.
Start and test Samba.
Start Samba.
Test that smbclient can access Samba.
This test must succeed.
If you encounter problems restart smbclient with debug information using -d 3.
If the global zone is being used for Samba.
# samba-bin-directory/smbclient -N -L NetBIOS-name # # samba-bin-directory/smbclient '\\NetBIOS-name\scmondir' \ > -U samba-fault-monitor-user -c 'pwd;exit' |
If a non-global zone or HA container is being used for Samba.
# zlogin zonename samba-bin-directory/smbclient -N -L NetBIOS-name # # zlogin zonename samba-bin-directory/smbclient '//NetBIOS-name/scmondir' \ > -U samba-fault-monitor-user -c 'pwd;exit' |
Stop the smbd, nmbd, and winbindd daemons.
Perform this step in the global zone only.
# pkill -TERM -z zonename 'smbd|nmbd|winbindd' |
Unmount the highly available local file system.
Perform this step in the global zone only.
This step is not required if a cluster file system is being used.
You should unmount the highly available file system you mounted in Step 6 in How to Prepare Samba for Sun Cluster HA for Samba
Remove the logical host.
Perform this step in the global zone only.
You should remove the logical host you configured in Step 11 in How to Prepare Samba for Sun Cluster HA for Samba
# ifconfig interface removeif samba-logical-host |
If you did not install the Sun Cluster HA for Samba packages during your initial Sun Cluster installation, perform this procedure to install the packages. To install the packages, use the Sun JavaTM Enterprise System Installation Wizard.
You need to install the Sun Cluster HA for Samba packages in the global cluster and not in the zone cluster.
Perform this procedure on each cluster node where you are installing the Sun Cluster HA for Samba packages.
You can run the Sun Java Enterprise System Installation Wizard with a command-line interface (CLI) or with a graphical user interface (GUI). The content and sequence of instructions in the CLI and the GUI are similar.
Even if you plan to configure this data service to run in non-global zones, install the packages for this data service in the global zone. The packages are propagated to any existing non-global zones and to any non-global zones that are created after you install the packages.
Ensure that you have the Sun Java Availability Suite DVD-ROM.
If you intend to run the Sun Java Enterprise System Installation Wizard with a GUI, ensure that your DISPLAY environment variable is set.
On the cluster node where you are installing the data service packages, become superuser.
Load the Sun Java Availability Suite DVD-ROM into the DVD-ROM drive.
If the Volume Management daemon vold(1M) is running and configured to manage DVD-ROM devices, the daemon automatically mounts the DVD-ROM on the /cdrom directory.
Change to the Sun Java Enterprise System Installation Wizard directory of the DVD-ROM.
Start the Sun Java Enterprise System Installation Wizard.
# ./installer |
When you are prompted, accept the license agreement.
If any Sun Java Enterprise System components are installed, you are prompted to select whether to upgrade the components or install new software.
From the list of Sun Cluster agents under Availability Services, select the data service for Samba.
If you require support for languages other than English, select the option to install multilingual packages.
English language support is always installed.
When prompted whether to configure the data service now or later, choose Configure Later.
Choose Configure Later to perform the configuration after the installation.
Follow the instructions on the screen to install the data service packages on the node.
The Sun Java Enterprise System Installation Wizard displays the status of the installation. When the installation is complete, the wizard displays an installation summary and the installation logs.
(GUI only) If you do not want to register the product and receive product updates, deselect the Product Registration option.
The Product Registration option is not available with the CLI. If you are running the Sun Java Enterprise System Installation Wizard with the CLI, omit this step.
Exit the Sun Java Enterprise System Installation Wizard.
Unload the Sun Java Availability Suite DVD-ROM from the DVD-ROM drive.
See Registering and Configuring Sun Cluster HA for Samba to register Sun Cluster HA for Samba and to configure the cluster for the data service.
This section contains the procedures you need to configure Sun Cluster HA for Samba.
Some procedures within this section require you to use certain Sun Cluster commands. Refer to the relevant Sun Cluster command man page for more information about these command and their parameters.
Determine if a single or multiple Samba instances will be deployed.
Refer to Restriction for multiple Samba instances that require winbind to determine how to deploy a single or multiple Samba instances with or without winbind.
Once you have determined how Samba will be deployed, you can chose one or more of the steps below.
Create a failover resource group for Samba.
Use How to Register and Configure Sun Cluster HA for Samba in a failover resource group for Example 3 and Example 4.
Create a scalable resource group for winbind.
Use How to Register and Configure Sun Cluster HA for Samba in a failover resource group with winbind in a scalable resource group for Example 5.
Create a failover resource group for an HA container for Samba.
Use How to Register and Configure Sun Cluster HA for Samba in an HA Container for Example 6.
This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.
If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages.
Perform this procedure on one node of the cluster only.
On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.
Register the following resource types.
# clresourcetype register SUNW.HAStoragePlus # clresourcetype register SUNW.gds |
Create a failover resource group for Samba.
Refer to Restriction for multiple Samba instances that require winbind for more information on the nodelist entry.
# clresourcegroup create -n nodelist samba-resource-group |
Create a resource for the Samba Logical Hostname.
# clreslogicalhostname create -g samba-resource-group \ > -h samba-logical-hostname \ > samba-logical-hostname-resource |
Create a resource for the Samba Disk Storage.
If a ZFS highly available local file system is being used
# clresource create -g samba-resource-group \ > -t SUNW.HAStoragePlus \ > -p Zpools=samba-zspool \ > samba-hastorage-resource |
If a cluster file system or any other non-ZFS highly available local file system is being used
# clresource create -g samba-resource-group \ > -t SUNW.HAStoragePlus \ > -p FilesystemMountPoints=samba-filesystem-mountpoint \ > samba-hastorage-resource |
Bring online the failover resource group for Samba that now includes the HA Storage and Logical Hostname resources.
# clresourcegroup online -M samba-resource-group |
If winbind is required, create and register a winbind resource.
If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.
Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="winbindd" is specified. After you have edited samba_config, you must register the resource.
# cd /opt/SUNWscsmb/util # vi samba_config # ./samba_register |
The following deployment example has been taken from Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /var/tmp/winbind_config <<-EOF #+++ Resource Specific Parameters +++ RS=winbind RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="winbindd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/local/samba/smb1 LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR= SAMBA_FMPASS= SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE=FALSE WINBIND_SINGLEMODE=FALSE #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF |
Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/winbind_config |
If winbind is required enable the resource.
# clresource enable winbind-resource |
Create and register a Samba resource.
If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.
Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="smbd" or SERVICES="smbd,nmbd" is specified. After you have edited samba_config, you must register the resource.
# cd /opt/SUNWscsmb/util # vi samba_config # ./samba_register |
The following deployment example has been taken from Deployment Example: Installing Samba from http://www.samba.org.
Vigor5# cat > /var/tmp/samba_config <<-EOF #+++ Resource Specific Parameters +++ RS=samba RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="smbd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/local/samba/smb1 LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR=/local/samba/smb1/logs SAMBA_FMPASS=smb4#ads SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE= WINBIND_SINGLEMODE= #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF |
Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/samba_config |
If winbind is used, ensure Samba is dependent on winbind.
# clresource set -p Resource_dependencies=winbind-resource{local_node} samba-resource |
Enable the Samba resource.
# clresource enable samba-resource |
See Verifying the Sun Cluster HA for Samba Installation and Configuration
This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.
If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages.
Perform this procedure on one node of the cluster only.
On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.
Register the following resource types.
# clresourcetype register SUNW.HAStoragePlus # clresourcetype register SUNW.gds |
Create a failover resource group for the winbind shared network address.
Refer to Restriction for multiple Samba instances that require winbind for more information on the nodelist entry.
# clresourcegroup create -n nodelist winbind-failover-resource-group |
Create a resource for the winbind Logical Hostname.
# clressharedaddress create -g winbind-failover-resource-group \ > -h winbind-logical-hostname \ > winbind-logical-hostname-resource |
Create a scalable resource group for the scalable winbind resource.
Refer to Restriction for multiple Samba instances that require winbind for more information on the nodelist entry.
# clresourcegroup create -n nodelist -S \ > -p Maximum_primaries=maximum-number-active-primaries \ > -p Desired_primaries=desired-number-active-primaries \ > winbind-scalable-resource-group |
Create a resource for the winbind Disk Storage.
For a scalable HA Storage resource you must use a cluster file system.
# clresource create -g winbind-scalable-resource-group \ > -t SUNW.HAStoragePlus \ > -p FilesystemMountPoints=winbind-filesystem-mount-point \ > -x AffinityOn=FALSE \ > winbind-ha-storage-resource |
Enable the failover and scalable resource groups for winbind that now includes the HA Storage and Logical Hostname resources.
# clresourcegroup online -M winbind-failover-resource-group # clresourcegroup online -M winbind-scalable-resource-group |
Create and register a winbind resource.
If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.
Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="winbindd" is specified. After you have edited samba_config, you must register the resource.
# cd /opt/SUNWscsmb/util # vi samba_config # ./samba_register |
The following modified deployment example has been taken from Deployment Example: Installing Samba from http://www.samba.org, which shows a winbind-scalable-resource-group and winbind-ha-storage-resource. The winbind configuration directory is also located in a cluster file system, /global/samba/winbind.
Vigor5# cat > /var/tmp/winbind_config <<-EOF #+++ Resource Specific Parameters +++ RS=winbind RG=winbindS-rg RS_LH=winbind-lh RS_HAS=winbindS-has SERVICES="winbindd" #+++ Common Parameters +++ BINDIR=/opt/samba/bin SBINDIR=/opt/samba/sbin CFGDIR=/global/samba/winbind LDPATH=/opt/samba/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR= SAMBA_FMPASS= SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE=FALSE WINBIND_SINGLEMODE=FALSE #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE= LHOST= PROJECT=default TIMEOUT=30 EOF |
Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/winbind_config |
Enable the winbind resource.
# clresource enable winbind-resource |
Create and register a Samba resource in a failover resource group.
Follow steps 3, 4, 5, 6, 9, 10 and 11 in How to Register and Configure Sun Cluster HA for Samba in a failover resource group.
See Verifying the Sun Cluster HA for Samba Installation and Configuration
This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.
If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages.
Perform this procedure on one node of the cluster only.
Create a failover resource group for Samba.
Follow steps 1, 2, 3, 4, 5 and 6 in How to Register and Configure Sun Cluster HA for Samba in a failover resource group.
Register the HA container in the failover resource group for Samba.
Refer to Sun Cluster Data Service for Solaris Containers Guide for Solaris OS for complete information about HA containers.
Edit the sczbt_config file and follow the comments within that file. Ensure that you specify the samba-resource-group for the RG= parameter within sczbt_config.
After you have edited sczbt_config, you must register the resource.
# cd /opt/SUNWsczone/sczbt/util # vi sczbt_config # ./sczbt_register |
The following deployment example has been taken from Deployment Example: Installing Samba in an HA Container.
Vigor5# cat > /var/tmp/sczbt_config <<-EOF RS=sambaFOZ RG=samba-rg PARAMETERDIR=/zones SC_NETWORK=true SC_LH=samba-lh FAILOVER=true HAS_RS=sambaSVM-has,sambaZFS-has Zonename=failover Zonebootopt= Milestone=multi-user-server Mounts=/local EOF Vigor5# Vigor5# /opt/SUNWsczone/sczbt/util/sczbt_register -f /var/tmp/sczbt_config |
Enable the HA container resource.
# clresource enable samba-failover-zone-resource |
If winbind is required, create and register a winbind resource.
If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.
Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="winbindd" and the RS_ZONE variable specifies the Sun Cluster resource for the HA container. After you have edited samba_config, you must register the resource.
# cd /opt/SUNWscsmb/util # vi samba_config # ./samba_register |
If winbind is required, enable the winbind resource.
# clresource enable winbind-resource |
Create and register a Samba resource.
If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.
Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="smbd" or SERVICES="smbd,nmbd" and the RS_ZONE variable specifies the Sun Cluster resource for the HA container. After you have edited samba_config, you must register the resource.
# cd /opt/SUNWscsmb/util # vi samba_config # ./samba_register |
The following deployment example has been taken from Deployment Example: Installing Samba in an HA Container.
Vigor5# cat > /var/tmp/samba_config <<-EOF #+++ Resource Specific Parameters +++ RS=samba RG=samba-rg RS_LH=samba-lh RS_HAS=sambaZFS-has SERVICES="smbd,nmbd" #+++ Common Parameters +++ BINDIR=/usr/sfw/bin SBINDIR=/usr/sfw/sbin CFGDIR=/local/samba/smb1 LDPATH=/usr/sfw/lib FMUSER=homer #+++ SMBD & NMBD Specific Parameters (See Note 1) +++ SAMBA_LOGDIR=/local/samba/smb1/logs SAMBA_FMPASS=samba SAMBA_FMDOMAIN= #+++ WINBIND Specific Parameters (See Note 2) +++ WINBIND_DISCACHE=FALSE WINBIND_SINGLEMODE=FALSE #+++ Zone Specific Parameters (See Note 3) +++ RS_ZONE=sambaFOZ LHOST=192.168.1.132 PROJECT=default TIMEOUT=30 EOF Vigor5# Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/samba_config |
If winbind is used, ensure Samba is dependent on winbind.
# clresource set -p Resource_dependencies=winbind-resource{local_node} samba-resource |
Enable the Samba resource.
# clresource enable samba-resource |
See Verifying the Sun Cluster HA for Samba Installation and Configuration
This section contains the procedure you need to verify that you installed and configured your data service correctly.
On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.
Ensure all the Samba resources are online.
# cluster status |
Enable any Samba or winbind resource that is not online.
# clresource enable samba-resource |
Switch the Samba resource group to another cluster node.
# clresourcegroup switch -n node samba-resource-group |
Upgrade the Sun Cluster HA for Samba data service if the following conditions apply:
You are upgrading from an earlier version of the Sun Cluster HA for Samba data service.
You need to use the new features of this data service.
Perform steps 1, 2, 3 and 6 if you have an existing Sun Cluster HA for Samba deployment and wish to upgrade to the new version. Complete all steps if you need to use the new features of this data service.
On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.
Disable the Samba resources.
# clresource disable samba-resource |
Install the new version of Sun Cluster HA for Samba to each cluster.
Refer to How to Install the Sun Cluster HA for Samba Packages for more information.
Delete the Samba resources, if you want to use new features that have been introduced in the new version of Sun Cluster HA for Samba.
# clresource delete samba-resource |
Reregister the Samba resources, if you want to use new features that have been introduced in the new version of Sun Cluster HA for Samba.
Refer to How to Register and Configure Sun Cluster HA for Samba for more information.
Enable the Samba resources.
If you have only performed steps 1, 2 and 3 you will need to re-enable the Samba resources.
# clresource enable samba-resource |
This section describes the Sun Cluster HA for Samba fault monitor's probing algorithm or functionality, states the conditions, messages, and recovery actions associated with unsuccessful probing.
For conceptual information on fault monitors, see the Sun Cluster Concepts Guide.
The Sun Cluster HA for Samba fault monitor uses the same resource properties as resource type SUNW.gds. Refer to the SUNW.gds(5) man page for a complete list of resource properties used.
The Sun Cluster HA for Samba fault monitor is controlled by the extension properties that control the probing frequency. The default values of these properties determine the preset behavior of the fault monitor. The preset behavior should be suitable for most Sun Cluster installations. Therefore, you should tune the Sun Cluster HA for Samba fault monitor only if you need to modify this preset behavior.
Setting the interval between fault monitor probes (Thorough_probe_interval)
Setting the time-out for fault monitor probes (Probe_timeout)
Setting the number of times the fault monitor attempts to restart the resource (Retry_count)
The Sun Cluster HA for Samba fault monitor checks the smbd, nmbd, and winbindd components within an infinite loop. During each cycle the fault monitor will check the relevant component and report either a failure or success.
If the fault monitor is successful it returns to its infinite loop and continues the next cycle of probing and sleeping.
If the fault monitor reports a failure a request is made to the cluster to restart the resource. If the fault monitor reports another failure another request is made to the cluster to restart the resource. This behavior will continue whenever the fault monitor reports a failure.
If successive restarts exceed the Retry_count within the Thorough_probe_interval a request to failover the resource group onto a different node or zone is made.
The winbindd daemon resolves user and group information as a service to the Name Service Switch. When running winbindd the Name Service Cache daemon must be turned off. To disable this refer to Step 4 in How to Prepare Samba for Sun Cluster HA for Samba.
The winbind fault monitor periodically checks that the fault monitor user can be retrieved by using getent passwd samba-fault-monitor-user.
The Samba probe checks the nmbd daemon using the nmblookup program for each interface specified within the smb.conf file.
The Samba probe checks the smbd daemon using the smbclient program together with the samba-fault-monitor-user to access the scmondir share.
If smbclient cannot connect, there could be network/server issues causing smbclient to fail. These errors maybe transient and correctable within a few seconds. Therefore before a failure is called by the probe, smbclient is retried within 85% of the available Probe_timeout less 15 seconds, which is approximately the time-out for the first smbclient failure.
However, doing this is only realistic if Probe_timeout=30 seconds or more. If Probe_timeout is below 30 seconds then smbclient is tried only once.
Sun Cluster HA for Samba can be used by multiple Samba or winbind instances. It is possible to turn debug on for all Samba or winbind instances or a particular Samba or winbind instance.
A config file exists under /opt/SUNWscsmb/xxx/etc, where xxx refers to samba or winbind.
These files allow you to turn on debug for all Samba or winbind instances or for a specific Samba or winbind instance on a particular node with Sun Cluster. If you require debug to be turned on for Sun Cluster HA for Samba across the whole Sun Cluster, repeat this step on all nodes within Sun Cluster.
Edit /etc/syslog.conf and change daemon.notice to daemon.debug.
# grep daemon /etc/syslog.conf *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator # |
Change the daemon.notice to daemon.debug and restart syslogd. Note that the output below, from grep daemon /etc/syslog.conf, shows that daemon.debug has been set.
# grep daemon /etc/syslog.conf *.err;kern.debug;daemon.debug;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator |
Restart the syslog daemon.
Edit /opt/SUNWscsmb/xxx/config.
Perform this step for the samba or winbind components that require debug output, on each node of Sun Cluster as required.
Edit /opt/SUNWscsmb/xxx/etc/config and change DEBUG= to DEBUG=ALL or DEBUG=resource.
# cat /opt/SUNWscsmb/samba/etc/config # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)config 1.1 06/03/21 SMI" # # Usage: # DEBUG=<RESOURCE_NAME> or ALL # DEBUG=ALL |
To turn off debug, reverse the steps above.