test

Sun Cluster Data Service for Samba Guide for Solaris OS

Installing and Configuring Sun Cluster HA for Samba

This chapter explains how to install and configure Sun Cluster HA for Samba.

This chapter contains the following sections.

Sun Cluster HA for Samba Overview

Sun Cluster HA for Samba can be used with Samba that is packaged with Solaris 9 or 10, or downloaded and compiled from http://www.samba.org. Sun provides support for Samba that is packaged with Solaris 9 or 10, but does not offer support for Samba that has been downloaded and compiled from http://www.samba.org.

The Sun Cluster HA for Samba data service supports whichever Samba delivery is chosen so long as you adhere to the Configuration Restrictions and Configuration Requirements. If running a very recent version of Samba downloaded and compiled from http://www.samba.org you must also check that the Sun Cluster HA for Samba data service has been verified against that version.

Sun Cluster HA for Samba enables the Sun Cluster software to manage Samba by providing components to perform the orderly startup, shutdown, and fault monitoring of Samba.

Overview of Installing and Configuring Sun Cluster HA for Samba

The following table summarizes the tasks for installing and configuring Sun Cluster HA for Samba and provides cross-references to detailed instructions for performing these tasks. Perform the tasks in the order that they are listed in the table.

Table 1 Tasks for Installing and Configuring Sun Cluster HA for Samba

Task 

Instructions 

Plan the installation 

Planning the Sun Cluster HA for Samba Installation and Configuration

Install and configure the Samba software 

Installing and Configuring Samba

Verify the installation and configuration 

How to Verify the Installation and Configuration of Samba

Install Sun Cluster HA for Samba packages 

Installing the Sun Cluster HA for Samba Packages

Register and configure Sun Cluster HA for Samba resources 

Registering and Configuring Sun Cluster HA for Samba

Verify the Sun Cluster HA for Samba installation and configuration 

Verifying the Sun Cluster HA for Samba Installation and Configuration

Tune the Sun Cluster HA for Samba fault monitor 

Understanding the Sun Cluster HA for Samba Fault Monitor

Debug Sun Cluster HA for Samba 

Debug Sun Cluster HA for Samba

Planning the Sun Cluster HA for Samba Installation and Configuration

This section contains the information you need to plan your Sun Cluster HA for Samba installation and configuration.

Throughout this section references will be made to the Samba instance and winbind instance. The Sun Cluster HA for Samba data service consists of three components smbd, nmbd, and winbindd.

The smbd and optional nmbd components will be created within a single resource. This will be referred to as the Samba instance or Samba resource.

The winbindd component will be created as a separate resource and will be referred to as the winbind instance or winbind resource.

For conceptual information about failover data services, and scalable data services, see Sun Cluster Concepts Guide for Solaris OS.

For conceptual information about failover zones, see Sun Cluster Data Service for Solaris Containers Guide.

Configuration Restrictions

The configuration restrictions in the subsections that follow apply only to Sun Cluster HA for Samba.

Caution – Caution –

Your data service configuration might not be supported if you do not observe these restrictions.

Restriction for the supported configurations of Samba

Sun Cluster HA for Samba supports Samba in the following configurations.

Sun Cluster HA for Samba is supported in the following Sun Cluster configurations.

Restriction for the Location of Samba files

The Samba files are where the Samba shares and smb.conf files are stored. The Sun Cluster HA for Samba data service requires that these files are stored within a configuration directory that reflects the NetBIOS name for the Samba or winbind instance. The Samba files needs to be placed on shared storage as either a cluster file system or a highly available local file system.

The following deployment example has been taken from Appendix A, Deployment Example: Installing Samba packaged with Solaris 10, where the configuration directory is /local/samba/smb1 which is a highly available local file system and the NetBIOS name is smb1.


Vigor5# mkdir -p /local/samba/smb1
Vigor5# cd /local/samba/smb1
Vigor5# mkdir -p lib logs private shares var/locks
Note –

If Samba is downloaded and compiled from http://www.samba.org you may also want to consider placing these binaries on a cluster file system or highly available local file system.

Refer to Determining the Location of Application Binaries in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for a discussion on cluster file systems and highly available local file systems.

Restriction for the Samba smb.conf files

The Samba smb.conf file is a configuration file that is used by the Samba and winbind instances.

The Sun Cluster HA for Samba data service requires that these files are located at configuration-directory/lib/smb.conf. Depending on how Samba is deployed the following restrictions apply.

Each Samba instance requires a unique configuration directory that reflects the NetBIOS name of the Samba instance.

A winbind instance may share a Samba instance configuration directory and subsequent smb.conf file, together with the NetBIOS name of the Samba instance, if the Samba and winbind instances are deployed within the same failover resource group.

If a winbind instance is configured within a scalable resource group, a unique configuration directory that reflects the NetBIOS name for the winbind instance is required.

Each Samba instance smb.conf file must have a [scmondir] share. The Sun Cluster HA for Samba fault monitor uses smbclient to access the directory specified within [scmondir] to verify that smnd is operating correctly.

Example 1 Sample [scmondir] entry within smb.conf.


[scmondir]
comment = Monitor directory for Sun Cluster
path = /tmp
browseable = No

For illustration purposes the following example shows Samba installed from http://www.samba.org onto a cluster file system with two Samba instances (smb1 and smb2) and a winbind instance (winbind).

The Samba instances will run as failover services within separate failover resource groups on highly available local file systems with their own unique configuration directories. winbind will run as a scalable service on a cluster file system with it's own unique configuration directory.

Within this example:

Example 2 Samba and winbind configuration directories


bash-3.00# ls -l /opt/samba
lrwxrwxrwx   1 root     root     20 Jul 13 11:24 /opt/samba -> /global/samba/latest
bash-3.00#
bash-3.00# ls -l /global/samba
total 8
drwxrwx---   2 root     root     512 Jul 13 11:20 3.0.22
drwxrwx---   3 root     root     512 Jul 13 11:20 config
lrwxrwxrwx   1 root     root      20 Jul 13 11:20 latest -> /global/samba/3.0.22
drwxrwx---   2 root     root     512 Jul 13 11:20 software
bash-3.00#
bash-3.00# ls -l /global/samba/config
total 2
drwxrwx---   2 root     root     512 Jul 13 11:20 winbind
bash-3.00#
bash-3.00# ls -l /local/samba/config
total 4
drwxrwx---   2 root     root     512 Jul 13 11:25 smb1
drwxrwx---   2 root     root     512 Jul 13 11:25 smb2
bash-3.00#

Restriction for multiple Samba instances that require winbind

The Sun Cluster HA for Samba data service can support multiple Samba instances. However, only one winbind instance is supported per global zone, non-global zone or failover zone.

If you intend to deploy multiple Samba instances that also require winbind, then you will need to consider if winbind needs to be a scalable service. The following discussion will help you determine how to deploy single or multiple Samba instances with winbind.

Disregard any reference to winbind if it is not required.

Within these examples:

Note –

Although these examples show non-global zones z1 and z2, you may also use global as the zone name or omit the zone entry within the Nodelist property value to use the global zone.

Example 3 Run all Samba instances and a winbind instance within the same failover resource group.

Create a single failover resource group that will contain all the Samba instances and a winbind instance in non-global zones across node1 and node2.


# clresourcegroup create -n node1:z1,node2:z1 RG1
Example 4 Run each Samba/winbind instance within separate failover resource groups.

Create multiple failover resource groups that will each contain one Samba/winbind instance in exclusive non-global zones across node1 and node2.


# clresourcegroup create -n node1:z1,node2:z1 RG1
#
# clresourcegroup create -n node1:z2,node2:z2 RG2
#
# clresourcegroup create -n node1:z[n],node2:z[n] RG[n]
Example 5 Run each Samba instance within separate failover resource groups and winbind in a scalable resource group.

Create multiple failover resource groups that will each contain one Samba instance and one scalable resource group that will contain a scalable winbind resource in shared non-global zones across node1 and node2.


# clresourcegroup create -n node1:z1,node2:z1 RG1
#
# clresourcegroup create -n node1:z1,node2:z1 RG2
#
# clresourcegroup create -n node1:z1,node2:z1 RG[n]
#
# clresourcegroup create -S -n node1:z1,node2:z1 RG3
Note –

For a scalable resource group different zones from the same node cannot be specified in the Nodelist parameter, thereby limiting a scalable resource group for winbind to one zone from the same node.

Example 6 Run each Samba/winbind instance in separate failover resource groups that contain separate failover zones across node1 and node2.

Create multiple failover resource groups that will each contain a failover zone. Each failover zone will then contain one Samba/winbind instance.


# clresourcegroup create -n node1,node2 RG1
#
# clresourcegroup create -n node1,node2 RG2
#
# clresourcegroup create -n node1,node2 RG[n]
Note –

If your requirement is simply to make Samba highly available you should consider choosing a global or non-global zone deployment over a failover zone deployment. Deploying Samba within a failover zone will incur additional failover time to boot/halt the failover zone.

Configuration Requirements

The configuration requirements in this section apply only to Sun Cluster HA for Samba.

Caution – Caution –

If your data service configuration does not conform to these requirements, the data service configuration might not be supported.

Determine which Solaris Zone Samba will run use

Solaris zones provides a means of creating virtualized operating system environments within an instance of the Solaris 10 OS. Solaris zones allow one or more applications to run in isolation from other activity on your system. For complete information about installing and configuring a Solaris Container, see System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

You must determine which Solaris Zone Samba will run in. Samba can run within a global zone, non-global zone or in a failover zone configuration. Table 2 provides some reasons to help you decide.

Note –

Samba cam be deployed within a whole root zone or a sparse root zone of a non-global zone or failover zone.

Table 2 Choosing the appropriate Solaris Zone for Samba

Zone type 

Reasons for choosing the appropriate Solaris Zone for Samba 

Global Zone 

Only one instance of Samba will be installed. 

Non-global zones are not required. 

Non-global Zone 

Several Samba instances need to be consolidated and isolated from each other. 

Different versions of Samba will be installed. 

Failover testing of Samba between non-global zones on the same node is required. 

Failover Zone 

You require Samba to run in the same zone regardless of which node the failover zone is running on. 

Note –

If your requirement is simply to make Samba highly available you should consider choosing a global or non-global zone deployment over a failover zone deployment. Deploying Samba within a failover zone will incur additional failover time to boot/halt the failover zone.

Dependencies Between Sun Cluster HA for Samba Components

If your Samba resource requires winbind, you must configure a start dependency on the winbind resource.

You will be required to set this dependency after you have created the Samba and winbind resources and will be prompted to do so later on within Registering and Configuring Sun Cluster HA for Samba.

Table 3 list the various dependencies.

Table 3 Samba components and their dependencies

Component 

Description 

Samba resource  

(smbd and nmbd)

The winbind resource (If the Samba resource requires winbind services)

The smbd Logical Host resource

The smbd HA Storage resource

winbind resource  

(winbindd)

The winbindd Logical Host resource

The winbindd HA Storage resource

Note –

Dependencies against the relevant component's Logical Host or HA Storage resource will be set for you when the Samba and winbind resources are registered.

Required parameters for the Samba smb.conf file

The Samba smb.conf file located within each configuration directory must contain the following parameters. Refer to the smb.conf(5) man page for complete configuration information on the parameters that follow.

Installing and Configuring Samba

This section contains the procedures you need to install and configure Samba.

ProcedureHow to Install and Configure Samba

This section contains the procedures you need to install and configure Samba.

  1. Determine how many Samba instances will be used.

    Refer to Restriction for multiple Samba instances that require winbind for more information.

  2. Determine which Solaris zone to use.

    Refer to Determine which Solaris Zone Samba will run use for more information.

  3. If a zone will be used, create the non-global zone or failover zone.

    Refer to System Administration Guide: Solaris Containers-Resource Management and Solaris Zones for complete information about installing and configuring a Solaris Container.

    Refer to Sun Cluster Data Service for Solaris Containers Guide for complete information about creating a failover zone.

  4. Create a cluster file system or highly available local file system for the Samba files.

    Refer to Restriction for the Location of Samba files for more information.

    Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about creating a cluster file system or highly available local file system.

    Note –

    You may also want to consider allocating additional space if you install Samba from http://www.samba.org.

  5. Install Samba onto a cluster file system or highly available local file system.

    Note –

    Sun provides support for Samba that is packaged with Solaris 9 or 10, but does not offer support for Samba that has been downloaded and compiled from http://www.samba.org.

ProcedureHow to Check Samba is installed with Solaris 9 or 10

Samba is already installed and configured with Solaris 9 or 10 and included in the following packages SUNWsmbac, SUNWsmbar, SUNWsmbau, and SUNWsfman. Refer to the Freeware Features within the book Solaris 10 What's New to check if new features have been added to Samba packaged with Solaris 10.

  1. Check the package information to verify that Samba is installed on every node.


    # for i in SUNWsmbac SUNWsmbar SUNWsmbau SUNWsfman
> do
> pkginfo $i
> done
system      SUNWsmbac samba - A Windows SMB/CIFS fileserver for UNIX (client)
system      SUNWsmbar samba - A Windows SMB/CIFS fileserver for UNIX (Root)
system      SUNWsmbau samba - A Windows SMB/CIFS fileserver for UNIX (Usr)
system      SUNWsfman GNU and open source man pages

  2. Check what Samba version is installed on every node.


    # pkginfo -l SUNWsmbac
   PKGINST:  SUNWsmbac
      NAME:  samba - A Windows SMB/CIFS fileserver for UNIX (client)
  CATEGORY:  system
      ARCH:  i386
   VERSION:  11.10.0,REV=2005.01.08.01.09
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  samba - A Windows SMB/CIFS fileserver for UNIX (client) 3.0.11
    PSTAMP:  sfw10-patch-x20050420163529
  INSTDATE:  Oct 03 2005 09:23
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       13 installed pathnames
                   3 shared pathnames
                   3 directories
                  10 executables
               10937 blocks used (approx)
Next Steps

See How to Prepare Samba for Sun Cluster HA for Samba.

ProcedureHow to Install and Configure Samba downloaded from http://www.samba.org

If a newer version of Samba is required you can download and compile Samba from http://www.samba.org.

  1. (Optional) Mount the highly available local file system.

    It is recommended that you download and install Samba onto a cluster file system or highly available local file system. Doing so will allow you to have Samba installed in one location. You will also be able to mount the file system in Solaris zones.

    If multiple Samba instances will be deployed you should use a cluster file system for the Samba binaries and either a cluster file system or highly available local file system for the Samba files.

    Refer to Example 2 in Restriction for the Samba smb.conf files for an example of download and compiling Samba onto a cluster file system and using a highly available local file system for the Samba files for each Samba instance.

    Alternatively, you can download and compile Samba onto local file system for each Solaris zone.

    Note –

    If a cluster file system is being used, the file system should already be mounted at boot as a global file system.


    # mount samba-highly-available-local-file-system

  2. Download and compile Samba from http://www.samba.org

    Here Kerberos, OpenLDAP, and Samba will be downloaded and compiled.

    Samba will use the idmap_rid facility to map a single ADS domain SIDs to Solaris UIDs and GIDs. You should determine what idmap is suitable for your installation.

    Within this example the samba-highly-available-local-file-system is /local/samba, where the software is installed into /local/samba/software and compiled into /opt/samba.

    For more information using these filenames refer to the following deployment example in Appendix B, Deployment Example: Installing Samba from http://www.samba.org where these commands have been has been taken.

    1. Download, Extract and Install Kerberos.


      Vigor5# cd /local/samba/software
Vigor5# wget http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.3-signed.tar
Vigor5# tar -xfBp krb5*tar
Vigor5# gunzip -c krb5*.tar.gz | tar -xfBp -
Vigor5# rm krb5*tar*
Vigor5# cd krb5*/src
Vigor5# CC=/opt/SUNWspro/bin/cc ./configure --prefix=/opt/samba \
> --enable-dns-for-realm
Vigor5# make
Vigor5# make install

    2. Download, Extract and Install OpenLDAP.

      Note –

      You must obtain a fix for Bug ID: 6419029 which describes a problem when compiling OpenLDAP before proceeding with this step.


      Vigor5# cd /local/samba/software
Vigor5# wget \
> ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.24.tgz
Vigor5# gunzip -c openldap-2.3.24.tgz | tar -xfBp -
Vigor5# rm openldap-2.3.24.tgz
Vigor5# cd openldap*
Vigor5# CC=/opt/SUNWspro/bin/cc \
> CPPFLAGS="-I/opt/samba/include" \
> LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \
> --disable-slapd --disable-slurpd
Vigor5# make depend
Vigor5# make
Vigor5# make install

    3. Download, Extract and Install Samba.


      Vigor5# cd /local/samba/software
Vigor5# wget http://us3.samba.org/samba/ftp/old-versions/samba-3.0.22.tar.gz
Vigor5# gunzip -c samba-3.0.22.tar.gz | tar -xfBp -
Vigor5# rm samba-3.0.22.tar.gz
Vigor5# cd samba*/source
Vigor5# CC=/opt/SUNWspro/bin/cc \
> CFLAGS=-I/opt/samba/include \
> LDFLAGS="-L/opt/samba/lib -R/opt/samba/lib" ./configure --prefix=/opt/samba \
> --with-ads --with-krb5=/opt/samba --with-shared-modules=idmap_rid
Vigor5# make
Vigor5# make install

  3. Copy winbind libnss_winbind.so to /usr/lib 


    # cd /local/samba/software/samba*/source
#
# cp nsswitch/libnss_winbind.so /usr/lib
# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1
Next Steps

See How to Prepare Samba for Sun Cluster HA for Samba.

ProcedureHow to Prepare Samba for Sun Cluster HA for Samba

This section contains the steps to prepare Samba for use with the Sun Cluster HA for Samba data service.

Some steps require that you use Samba commands, refer to the Docs and Books section with http://www.samba.org for the relevant man pages for more information of these Samba commands.

Perform this procedure on one node of the cluster, unless a specific step indicates otherwise.

  1. If a non-global zone or failover zone is being used, ensure the zone is booted.

    Repeat this step on all nodes on the cluster.


    # zoneadm list -v

    Boot the zone if it is not running.


    # zoneadm -z zonename boot

  2. Create the fault monitor user

    1. If winbind is being used.

      Create the fault monitor user on the NT PDC or ADS server with no home directory, no user profile and no logon script. Set the Password never expire parameter to true and User cannot change password parameter to true.

    2. If winbind is not being used.

      Repeat this step on all nodes or zones on the cluster.

      1. If the global zone is being used for Samba.


        # groupadd -g 1000 samba-fault-monitor-group
# useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user

      2. If a non-global zone or failover zone is being used for Samba.

        Create the fault monitor user in the zone.


        # zlogin zonename groupadd -g 1000 samba-fault-monitor-group
# zlogin zonename useradd -u 1000 -g 1000 -s /bin/false samba-fault-monitor-user
    Note –

    A local Samba fmuser also requires a local password. The settings in the smb.conf specify which password will be used.

  3. If winbind is used, add winbind as a name service on all nodes with Sun Cluster

    Repeat this step on all nodes or zones on the cluster.

    Edit /etc/nsswitch.conf in the zones being used for Samba and add winbind to the passwd: and group: entries, for example:


    # grep winbind /etc/nsswitch.conf
passwd:     files winbind
group:      files winbind

  4. If winbind is used, disable the Name Service Cache Daemon on all nodes with Sun Cluster

    Repeat this step on all nodes or zones on the cluster.

    1. If running Solaris 9


      # /etc/init.d/nscd stop

    2. If running Solaris 10

      1. If the global zone is being used for Samba.


        # svcadm disable name-service-cache

      2. If a non-global zone or failover zone is being used for Samba.


        # zlogin zonename svcadm disable name-service-cache

  5. Create a cluster file system or highly available local file system

    Perform this step on all nodes of the cluster.

    You must create a cluster file system or highly available local file system for some Samba files. Refer to Restriction for the Location of Samba files for more information on what is meant by Samba files.

    Refer to Sun Cluster Data Services Planning and Administration Guide for Solaris OS for more information about how to create a cluster file system or highly available local file system.

  6. Mount the cluster file system or highly available local file system

    Perform this step on one node of the cluster.

    1. If the global zone is being used for Samba.


      # mount samba-highly-available-local-file-system

    2. If a non-global zone or failover zone is being used for Samba.

      Create the mount point on all zones of the cluster that are being used for Samba.

      Mount the cluster file system or highly available local file system on one of the zones being used by Samba.


      # zlogin zonename mkdir samba-highly-available-local-file-system
#
# mount -F lofs samba-highly-available-local-file-system \
> /zonepath/root/samba-highly-available-local-file-system

  7. Create the Samba configuration directory.

    Repeat this step for each Samba or winbind instance on one node of the cluster.

    Create the Samba configuration directory within the samba-highly-available-local-file-system.


    # mkdir -p samba-configuration-directory
# cd samba-configuration-directory
# mkdir -p lib logs private shares var/locks

    The following deployment example has been taken from Appendix A, Deployment Example: Installing Samba packaged with Solaris 10 where /local is the highly available local file system and /local/samba/smb1 is the samba-configuration-directory.


    Vigor5# mkdir -p /local/samba/smb1
Vigor5# cd /local/samba/smb1
Vigor5# mkdir -p lib logs private shares var/locks

  8. Create the smb.conf file within the configuration directory.

    Repeat this step for each Samba or winbind instance on one node of the cluster.

    Create a smb.conf file within the configuration directory that reflects the instance.

    Refer to Required parameters for the Samba smb.conf file and the smb.conf[5] man page for an explanation of the required parameters.

    The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.


    Vigor5# cat > /local/samba/smb1/lib/smb.conf <<-EOF
[global]
        workgroup = ADS
        bind interfaces only = yes
        interfaces = SMB1/255.255.255.0
        netbios name = SMB1
        security = ADS
        realm = ADS.EXAMPLE.COM
        password server = ADS.EXAMPLE.COM
        server string = Samba (%v) domain (%h)
        pid directory = /local/samba/smb1/var/locks
        log file = /local/samba/smb1/logs/log.%m
        smb passwd file = /local/samba/smb1/private/smbpasswd
        private dir = /local/samba/smb1/private
        lock dir = /local/samba/smb1/var/locks

        winbind cache time = 30
        allow trusted domains = no
        idmap backend = rid:ADS=100000-200000
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        winbind enum groups = yes
        winbind enum users = yes
        winbind use default domain = yes

[scmondir]
        comment = Monitor directory for Sun Cluster
        path = /tmp
        browseable = No
EOF
    Note –

    If security = share is required then you must include guest only = yes within [scmondir].

  9. Add the NetBIOS name entry to /etc/hosts and /etc/inet/ipnodes

    Repeat this step on all nodes or zones on the cluster.

    Edit /etc/hosts and /etc/inet/ipnodes in the zones being used for Samba and add the NetBIOS name entries, for example:


    # egrep -e "SMB1|ADS" /etc/hosts /etc/inet/ipnodes
/etc/hosts:192.168.1.132	SMB1#20
/etc/hosts:192.168.1.9  	ADS.EXAMPLE.COM#20
/etc/inet/ipnodes:192.168.1.132	SMB1#20
/etc/inet/ipnodes:192.168.1.9  	ADS.EXAMPLE.COM#20
    Note –

    The name resolve order parameter in the smb.conf file will determine what naming service to use and in what order to resolve host names to IP addresses. Refer to the smb.conf[5] for more information.

    The interfaces, netbios name and password server all require host name to IP address resolution.

  10. If Samba will operate as an Active Directory Domain Member Server, create the Kerberos krb5.conf file.

    Repeat this step on all nodes or zones on the cluster.

    Create the /etc/krb5.conf file in the zones being used for Samba, that reflects the ADS realm. Refer to http://www.samba.org for complete information about installing and configuring Samba as a ADS domain member.

    The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.


    Vigor5# cat > /etc/krb5.conf <<-EOF
[libdefaults]
        default_realm = ADS.EXAMPLE.COM

[realms]
        ADS.EXAMPLE.COM = {
                kdc = 192.168.1.9
                admin_server = 192.168.1.9
        }

[domain_realm]
        .your.domain.name = ADS.EXAMPLE.COM
        your.domain.name = ADS.EXAMPLE.COM
EOF
Vigor5#
Vigor5# rm /etc/krb5/krb5.conf
Vigor5# ln -s /etc/krb5.conf /etc/krb5/krb5.conf

  11. Configure the logical host

    Perform this step on one node of the cluster.

    The samba-logical-host should be the value you specified for the interfaces parameter when you created the smb.conf file in Step 8.

    1. If the global zone only is being used for Samba.


      # ifconfig interface addif samba-logical-host up

    2. If a non-global zone or failover zone is being used for Samba.

      Configure the logical host within the zone.


      # ifconfig interface addif samba-logical-host up zone zonename

  12. Test the smb.conf file

    Perform this step on one node or zone of the cluster.

    1. If the global zone is being used for Samba.


      # samba-bin-directory/testparm \
> samba-configuration-directory/lib/smb.conf

    2. If a non-global zone or failover zone is being used for Samba.


      # zlogin zonename samba-bin-directory/testparm \
> samba-configuration-directory/lib/smb.conf

  13. If configured as a NT Domain Member and using Samba 2.2.x join the domain

    Perform this step on one node or zone of the cluster.

    1. If the global zone is being used for Samba.


      # samba-bin-directory/smbpasswd \
> -c samba-configuration-directory/lib/smb.comf \
> -j domain -r PDC \
> -U Administrator-on-the-PDC

    2. If a non-global zone or failover zone is being used for Samba.


      # zlogin zonename samba-bin-directory/smbpasswd \
> -c samba-configuration-directory/lib/smb.comf \
> -j domain -r PDC \
> -U Administrator-on-the-PDC

  14. If configured as a NT Domain Member and using Samba 3.0.x join the domain

    Perform this step on one node or zone of the cluster.

    1. If the global zone is being used for Samba.


      # samba-bin-directory/net \
> -s samba-configuration-directory/lib/smb.comf \
> RPC JOIN \
> -U Administrator-on-the-PDC

    2. If a non-global zone or failover zone is being used for Samba.


      # zlogin zonename samba-bin-directory/net \
> -s samba-configuration-directory/lib/smb.comf \
> RPC JOIN \
> -U Administrator-on-the-PDC

  15. If configured as a Windows 2003 Domain Member Server with ADS join the domain

    Perform this step on one node or zone of the cluster.

    1. If the global zone is being used for Samba.


      # samba-bin-directory/net \
> -s samba-configuration-directory/lib/smb.comf \
> ADS JOIN \
> -U Administrator-on-the-ADS

    2. If a non-global zone or failover zone is being used for Samba.


      # zlogin zonename samba-bin-directory/net \
> -s samba-configuration-directory/lib/smb.comf \
> ADS JOIN \
> -U Administrator-on-the-ADS

  16. If configured as a PDC or with security = user add the fault monitor user

    Perform this step on one node or zone of the cluster.

    1. If the global zone is being used for Samba.


      # samba-bin-directory/smbpasswd \
> -c samba-configuration-directory/lib/smb.comf \
> -a samba-fault-monitor-user

    2. If a non-global zone or failover zone is being used for Samba.


      # zlogin zonename samba-bin-directory/smbpasswd \
> -c samba-configuration-directory/lib/smb.comf \
> -a samba-fault-monitor-user

  17. If configured with security = share

    Ensure guest only = yes is coded within the [scmondir] section of your smb.conf file.

Verifying the Installation and Configuration of Samba

This section contains the procedure you need to verify the installation and configuration.

ProcedureHow to Verify the Installation and Configuration of Samba

This procedure does not verify that your application is highly available because you have not yet installed your data service.

Perform this procedure on one node or zone of the cluster only.

  1. Test the smb.conf file

    1. If the global zone is being used for Samba.


      # samba-bin-directory/testparm \
> samba-configuration-directory/lib/smb.conf

    2. If a non-global zone or failover zone is being used for Samba.


      # zlogin zonename samba-bin-directory/testparm \
> samba-configuration-directory/lib/smb.conf

  2. If winbind is used, start and test winbind

    1. Start and test winbind

      1. If the global zone is being used for Samba.


        # samba-sbin-directory/winbindd \
> -s samba-configuration-directory/lib/smb.conf
# getent passwd
# getent group

      2. If a non-global zone or failover zone is being used for Samba.


        # zlogin zonename samba-sbin-directory/winbindd \
> -s samba-configuration-directory/lib/smb.conf
# zlogin zonename getent passwd
# zlogin zonename getent group

    2. Test the fault monitor user can be resolved

      This test must succeed.

      If you encounter problems restart winbindd with debug information using -d 3.

      You should then retest and observe the winbindd log file which can be found at samba-configuration-directory/logs/log.winbindd.

      Note –

      Winbind caching can affect the results from getent passwd samba_fault_monitor which might not be up-to-date. Refer to the winbind[8] man page for more information on winbind caching and to the smb.conf[5] man page for more information on winbind cache time.

      1. If the global zone is being used for Samba.


        # getent passwd samba-fault-monitor-user

      2. If a non-global zone or failover zone is being used for Samba.


        # zlogin zonename getent passwd samba-fault-monitor-user

  3. Start and test Samba

    1. Start Samba

      1. If the global zone is being used for Samba.


        # samba-sbin-directory/smbd \
> -s samba-configuration-directory/lib/smb.conf -D

      2. If a non-global zone or failover zone is being used for Samba.


        # zlogin zonename samba-sbin-directory/smbd \
> -s samba-configuration-directory/lib/smb.conf -D

    2. Test that smbclient can access Samba

      This test must succeed.

      If you encounter problems restart smbclient with debug information using -d 3.

      1. If the global zone is being used for Samba.


        # samba-bin-directory/smbclient -N -L NetBIOS-name
#
# samba-bin-directory/smbclient '\\NetBIOS-name\scmondir' \
> -U samba-fault-monitor-user -c 'pwd;exit'

      2. If a non-global zone or failover zone is being used for Samba.


        # zlogin zonename samba-bin-directory/smbclient -N -L NetBIOS-name
#
# zlogin zonename samba-bin-directory/smbclient '//NetBIOS-name/scmondir' \
> -U samba-fault-monitor-user -c 'pwd;exit'

  4. Stop the smbd, nmbd, and winbindd daemons

    Perform this step in the global zone only.


    # pkill -TERM -z zonename 'smbd|nmbd|winbindd'

  5. Unmount the highly available local file system

    Perform this step in the global zone only.

    This step is not required if a cluster file system is being used.

    You should unmount the highly available file system you mounted in Step 6 in How to Prepare Samba for Sun Cluster HA for Samba

    1. If the global zone only is being used for Samba.


      # umount samba-highly-available-local-file-system

    2. If a non-global zone or failover zone is being used for Samba.

      Unmount the highly available local file system from the zone.


      # umount /zonepath/root/samba-highly-available-local-file-system

  6. Remove the logical host

    Perform this step in the global zone only.

    You should remove the logical host you configured in Step 11 in How to Prepare Samba for Sun Cluster HA for Samba 


    # ifconfig interface removeif samba-logical-host

Installing the Sun Cluster HA for Samba Packages

If you did not install the Sun Cluster HA for Samba packages during your initial Sun Cluster installation, perform this procedure to install the packages. To install the packages, use the Sun JavaTM Enterprise System Installation Wizard.

ProcedureHow to Install the Sun Cluster HA for Samba Packages

Perform this procedure on each cluster node where you are installing the Sun Cluster HA for Samba packages.

You can run the Sun Java Enterprise System Installation Wizard with a command-line interface (CLI) or with a graphical user interface (GUI). The content and sequence of instructions in the CLI and the GUI are similar.

Note –

Even if you plan to configure this data service to run in non-global zones, install the packages for this data service in the global zone. The packages are propagated to any existing non-global zones and to any non-global zones that are created after you install the packages.

Before You Begin

Ensure that you have the Sun Java Availability Suite DVD-ROM.

If you intend to run the Sun Java Enterprise System Installation Wizard with a GUI, ensure that your DISPLAY environment variable is set.

  1. On the cluster node where you are installing the data service packages, become superuser.

  2. Load the Sun Java Availability Suite DVD-ROM into the DVD-ROM drive.

    If the Volume Management daemon vold(1M) is running and configured to manage DVD-ROM devices, the daemon automatically mounts the DVD-ROM on the /cdrom directory.

  3. Change to the Sun Java Enterprise System Installation Wizard directory of the DVD-ROM.

    • If you are installing the data service packages on the SPARC® platform, type the following command:


      # cd /cdrom/cdrom0/Solaris_sparc

    • If you are installing the data service packages on the x86 platform, type the following command:


      # cd /cdrom/cdrom0/Solaris_x86

  4. Start the Sun Java Enterprise System Installation Wizard.


    # ./installer

  5. When you are prompted, accept the license agreement.

    If any Sun Java Enterprise System components are installed, you are prompted to select whether to upgrade the components or install new software.

  6. From the list of Sun Cluster agents under Availability Services, select the data service for Samba.

  7. If you require support for languages other than English, select the option to install multilingual packages.

    English language support is always installed.

  8. When prompted whether to configure the data service now or later, choose Configure Later.

    Choose Configure Later to perform the configuration after the installation.

  9. Follow the instructions on the screen to install the data service packages on the node.

    The Sun Java Enterprise System Installation Wizard displays the status of the installation. When the installation is complete, the wizard displays an installation summary and the installation logs.

  10. (GUI only) If you do not want to register the product and receive product updates, deselect the Product Registration option.

    The Product Registration option is not available with the CLI. If you are running the Sun Java Enterprise System Installation Wizard with the CLI, omit this step

  11. Exit the Sun Java Enterprise System Installation Wizard.

  12. Unload the Sun Java Availability Suite DVD-ROM from the DVD-ROM drive.

    1. To ensure that the DVD-ROM is not being used, change to a directory that does not reside on the DVD-ROM.

    2. Eject the DVD-ROM.


      # eject cdrom
Next Steps

See Registering and Configuring Sun Cluster HA for Samba to register Sun Cluster HA for Samba and to configure the cluster for the data service.

Registering and Configuring Sun Cluster HA for Samba

This section contains the procedures you need to configure Sun Cluster HA for Samba.

Some procedures within this section require you to use certain Sun Cluster commands. Refer to the relevant Sun Cluster command man page for more information about these command and their parameters.

ProcedureHow to Register and Configure Sun Cluster HA for Samba

Determine if a single or multiple Samba instances will be deployed.

Refer to Restriction for multiple Samba instances that require winbind to determine how to deploy a single or multiple Samba instances with or without winbind.

Once you have determined how Samba will be deployed, you can chose one or more of the steps below.

  1. Create a failover resource group for Samba.

    Use How to Register and Configure Sun Cluster HA for Samba in a failover resource group for Example 3 and Example 4.

  2. Create a scalable resource group for winbind.

    Use How to Register and Configure Sun Cluster HA for Samba in a failover resource group with winbind in a scalable resource group for Example 5.

  3. Create a failover resource group for a failover zone for Samba.

    Use How to Register and Configure Sun Cluster HA for Samba in a failover zone for Example 6.

ProcedureHow to Register and Configure Sun Cluster HA for Samba in a failover resource group

This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.

If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages.

Note –

Perform this procedure on one node of the cluster only.

  1. On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.

  2. Register the following resource types.


    # clresourcetype register SUNW.HAStoragePlus
# clresourcetype register SUNW.gds

  3. Create a failover resource group for Samba.

    Note –

    Refer to Restriction for multiple Samba instances that require winbind for more information on the nodelist entry.


    # clresourcegroup create -n nodelist samba-resource-group

  4. Create a resource for the Samba Logical Hostname.


    # clreslogicalhostname create -g samba-resource-group \
> -h samba-logical-hostname \
> samba-logical-hostname-resource

  5. Create a resource for the Samba Disk Storage.

    1. If a ZFS highly available local file system is being used


      # clresource create -g samba-resource-group  \
> -t SUNW.HAStoragePlus  \
> -p Zpools=samba-zspool \
> samba-hastorage-resource

    2. If a cluster file system or any other non-ZFS highly available local file system is being used


      # clresource create -g samba-resource-group  \
> -t SUNW.HAStoragePlus  \
> -p FilesystemMountPoints=samba-filesystem-mountpoint \
> samba-hastorage-resource

  6. Bring online the failover resource group for Samba that now includes the HA Storage and Logical Hostname resources.


    # clresourcegroup online -M samba-resource-group

  7. If winbind is required, create and register a winbind resource

    If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.

    Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="winbindd" is specified. After you have edited samba_config, you must register the resource.


    # cd /opt/SUNWscsmb/util
# vi samba_config
# ./samba_register

    The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.


    Vigor5# cat > /var/tmp/winbind_config <<-EOF
#+++ Resource Specific Parameters +++
RS=winbind
RG=samba-rg
RS_LH=samba-lh
RS_HAS=sambaZFS-has
SERVICES="winbindd"

#+++ Common Parameters +++
BINDIR=/opt/samba/bin
SBINDIR=/opt/samba/sbin
CFGDIR=/local/samba/smb1
LDPATH=/opt/samba/lib
FMUSER=homer

#+++ SMBD & NMBD Specific Parameters (See Note 1) +++
SAMBA_LOGDIR=
SAMBA_FMPASS=
SAMBA_FMDOMAIN=

#+++ WINBIND Specific Parameters (See Note 2) +++
WINBIND_DISCACHE=FALSE
WINBIND_SINGLEMODE=FALSE

#+++ Zone Specific Parameters (See Note 3) +++
RS_ZONE=
LHOST=
PROJECT=default
TIMEOUT=30
EOF


    Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/winbind_config

  8. If winbind is required enable the resource.


    # clresource enable winbind-resource

  9. Create and register a Samba resource.

    If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.

    Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="smbd" or SERVICES="smbd,nmbd" is specified. After you have edited samba_config, you must register the resource.


    # cd /opt/SUNWscsmb/util
# vi samba_config
# ./samba_register

    The following deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org.


    Vigor5# cat > /var/tmp/samba_config <<-EOF
#+++ Resource Specific Parameters +++
RS=samba
RG=samba-rg
RS_LH=samba-lh
RS_HAS=sambaZFS-has
SERVICES="smbd"

#+++ Common Parameters +++
BINDIR=/opt/samba/bin
SBINDIR=/opt/samba/sbin
CFGDIR=/local/samba/smb1
LDPATH=/opt/samba/lib
FMUSER=homer

#+++ SMBD & NMBD Specific Parameters (See Note 1) +++
SAMBA_LOGDIR=/local/samba/smb1/logs
SAMBA_FMPASS=smb4#ads
SAMBA_FMDOMAIN=

#+++ WINBIND Specific Parameters (See Note 2) +++
WINBIND_DISCACHE=
WINBIND_SINGLEMODE=

#+++ Zone Specific Parameters (See Note 3) +++
RS_ZONE=
LHOST=
PROJECT=default
TIMEOUT=30
EOF


    Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/samba_config

  10. If winbind is used, ensure Samba is dependent on winbind.


    # clresource set -p Resource_dependencies=winbind-resource{local_node} samba-resource

  11. Enable the Samba resource.


    # clresource enable samba-resource
Next Steps

See Verifying the Sun Cluster HA for Samba Installation and Configuration

ProcedureHow to Register and Configure Sun Cluster HA for Samba in a failover resource group with winbind in a scalable resource group

This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.

If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages.

Note –

Perform this procedure on one node of the cluster only.

  1. On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.

  2. Register the following resource types.


    # clresourcetype register SUNW.HAStoragePlus
# clresourcetype register SUNW.gds

  3. Create a failover resource group for the winbind shared network address

    Note –

    Refer to Restriction for multiple Samba instances that require winbind for more information on the nodelist entry.


    # clresourcegroup create -n nodelist winbind-failover-resource-group

  4. Create a resource for the winbind Logical Hostname.


    # clressharedaddress create -g winbind-failover-resource-group \
> -h winbind-logical-hostname \
> winbind-logical-hostname-resource

  5. Create a scalable resource group for the scalable winbind resource

    Note –

    Refer to Restriction for multiple Samba instances that require winbind for more information on the nodelist entry.


    # clresourcegroup create -n nodelist -S \
> -p Maximum_primaries=maximum-number-active-primaries \
> -p Desired_primaries=desired-number-active-primaries \
> winbind-scalable-resource-group

  6. Create a resource for the winbind Disk Storage.

    For a scalable HA Storage resource you must use a cluster file system.


    # clresource create -g winbind-scalable-resource-group  \
> -t SUNW.HAStoragePlus \
> -p FilesystemMountPoints=winbind-filesystem-mount-point \
> -x AffinityOn=FALSE \
> winbind-ha-storage-resource

  7. Enable the failover and scalable resource groups for winbind that now includes the HA Storage and Logical Hostname resources.


    # clresourcegroup online -M winbind-failover-resource-group
# clresourcegroup online -M winbind-scalable-resource-group

  8. Create and register a winbind resource

    If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.

    Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="winbindd" is specified. After you have edited samba_config, you must register the resource.


    # cd /opt/SUNWscsmb/util
# vi samba_config
# ./samba_register

    The following modified deployment example has been taken from Appendix B, Deployment Example: Installing Samba from http://www.samba.org, which shows a winbind-scalable-resource-group and winbind-ha-storage-resource. The winbind configuration directory is also located in a cluster file system, /global/samba/winbind.


    Vigor5# cat > /var/tmp/winbind_config <<-EOF
#+++ Resource Specific Parameters +++
RS=winbind
RG=winbindS-rg
RS_LH=winbind-lh
RS_HAS=winbindS-has
SERVICES="winbindd"

#+++ Common Parameters +++
BINDIR=/opt/samba/bin
SBINDIR=/opt/samba/sbin
CFGDIR=/global/samba/winbind
LDPATH=/opt/samba/lib
FMUSER=homer

#+++ SMBD & NMBD Specific Parameters (See Note 1) +++
SAMBA_LOGDIR=
SAMBA_FMPASS=
SAMBA_FMDOMAIN=

#+++ WINBIND Specific Parameters (See Note 2) +++
WINBIND_DISCACHE=FALSE
WINBIND_SINGLEMODE=FALSE

#+++ Zone Specific Parameters (See Note 3) +++
RS_ZONE=
LHOST=
PROJECT=default
TIMEOUT=30
EOF


    Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/winbind_config

  9. Enable the winbind resource.


    # clresource enable winbind-resource

  10. Create and register a Samba resource in a failover resource group.

    Follow steps 3, 4, 5, 6, 9, 10 and 11 in How to Register and Configure Sun Cluster HA for Samba in a failover resource group.

Next Steps

See Verifying the Sun Cluster HA for Samba Installation and Configuration

ProcedureHow to Register and Configure Sun Cluster HA for Samba in a failover zone

This procedure assumes that you installed the data service packages during your initial Sun Cluster installation.

If you did not install the Sun Cluster HA for Samba packages as part of your initial Sun Cluster installation, go to How to Install the Sun Cluster HA for Samba Packages.

Note –

Perform this procedure on one node of the cluster only.

  1. Create a failover resource group for Samba.

    Follow steps 1, 2, 3, 4, 5 and 6 in How to Register and Configure Sun Cluster HA for Samba in a failover resource group.

  2. Register the failover zone in the failover resource group for Samba.

    Refer to Sun Cluster Data Service for Solaris Containers Guide for complete information about failover zones.

    Edit the sczbt_config file and follow the comments within that file. Ensure that you specify the samba-resource-group for the RG= parameter within sczbt_config.

    After you have edited sczbt_config, you must register the resource.


    # cd /opt/SUNWsczone/sczbt/util
# vi sczbt_config
# ./sczbt_register

    The following deployment example has been taken from Appendix C, Deployment Example: Installing Samba in a Failover Zone.


    Vigor5# cat > /var/tmp/sczbt_config <<-EOF
RS=sambaFOZ
RG=samba-rg
PARAMETERDIR=/zones
SC_NETWORK=true
SC_LH=samba-lh
FAILOVER=true
HAS_RS=sambaSVM-has,sambaZFS-has

Zonename=failover
Zonebootopt=
Milestone=multi-user-server
Mounts=/local
EOF
Vigor5#
Vigor5# /opt/SUNWsczone/sczbt/util/sczbt_register -f /var/tmp/sczbt_config

  3. Enable the failover zone resource


    # clresource enable samba-failover-zone-resource

  4. If winbind is required, create and register a winbind resource

    If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.

    Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="winbindd" and the RS_ZONE variable specifies the Sun Cluster resource for the failover zone. After you have edited samba_config, you must register the resource.


    # cd /opt/SUNWscsmb/util
# vi samba_config
# ./samba_register

  5. If winbind is required, enable the winbind resource.


    # clresource enable winbind-resource

  6. Create and register a Samba resource

    If Samba was dynamically linked and is being used as an Active Directory Server member you must configure the LDPATH variable to point to the Samba lib directory.

    Edit the samba_config file and follow the comments within that file. Ensure that SERVICES="smbd" or SERVICES="smbd,nmbd" and the RS_ZONE variable specifies the Sun Cluster resource for the failover zone. After you have edited samba_config, you must register the resource.


    # cd /opt/SUNWscsmb/util
# vi samba_config
# ./samba_register

    The following deployment example has been taken from Appendix C, Deployment Example: Installing Samba in a Failover Zone.


    Vigor5# cat > /var/tmp/samba_config <<-EOF
#+++ Resource Specific Parameters +++
RS=samba
RG=samba-rg
RS_LH=samba-lh
RS_HAS=sambaZFS-has
SERVICES="smbd,nmbd"

#+++ Common Parameters +++
BINDIR=/usr/sfw/bin
SBINDIR=/usr/sfw/sbin
CFGDIR=/local/samba/smb1
LDPATH=/usr/sfw/lib
FMUSER=homer

#+++ SMBD & NMBD Specific Parameters (See Note 1) +++
SAMBA_LOGDIR=/local/samba/smb1/logs
SAMBA_FMPASS=samba
SAMBA_FMDOMAIN=

#+++ WINBIND Specific Parameters (See Note 2) +++
WINBIND_DISCACHE=FALSE
WINBIND_SINGLEMODE=FALSE

#+++ Zone Specific Parameters (See Note 3) +++
RS_ZONE=sambaFOZ
LHOST=192.168.1.132
PROJECT=default
TIMEOUT=30
EOF
Vigor5#
Vigor5# /opt/SUNWscsmb/util/samba_register -f /var/tmp/samba_config

  7. If winbind is used, ensure Samba is dependent on winbind.


    # clresource set -p Resource_dependencies=winbind-resource{local_node} samba-resource

  8. Enable the Samba resource.


    # clresource enable samba-resource
Next Steps

See Verifying the Sun Cluster HA for Samba Installation and Configuration

Verifying the Sun Cluster HA for Samba Installation and Configuration

This section contains the procedure you need to verify that you installed and configured your data service correctly.

ProcedureHow to Verify the Sun Cluster HA for Samba Installation and Configuration

  1. On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.

  2. Ensure all the Samba resources are online.


    # cluster status

    Enable any Samba or winbind resource that is not online.


    # clresource enable samba-resource

  3. Switch the Samba resource group to another cluster node.


    # clresourcegroup switch -n node samba-resource-group

Upgrading Sun Cluster HA for Samba

Upgrade the Sun Cluster HA for Samba data service if the following conditions apply:

ProcedureHow to Migrate Existing Resources to a New Version of Sun Cluster HA for Samba

Perform steps 1, 2, 3 and 6 if you have an existing Sun Cluster HA for Samba deployment and wish to upgrade to the new version. Complete all steps if you need to use the new features of this data service.

  1. On a cluster member, become superuser or assume a role that provides solaris.cluster.modify RBAC authorization.

  2. Disable the Samba resources.


    # clresource disable samba-resource

  3. Install the new version of Sun Cluster HA for Samba to each cluster

    Refer to How to Install the Sun Cluster HA for Samba Packages for more information.

  4. Delete the Samba resources, if you want to use new features that have been introduced in the new version of Sun Cluster HA for Samba.


    # clresource delete samba-resource

  5. Reregister the Samba resources, if you want to use new features that have been introduced in the new version of Sun Cluster HA for Samba.

    Refer to How to Register and Configure Sun Cluster HA for Samba for more information.

  6. Enable the Samba resources

    If you have only performed steps 1, 2 and 3 you will need to re-enable the Samba resources.


    # clresource enable samba-resource

Understanding the Sun Cluster HA for Samba Fault Monitor

This section describes the Sun Cluster HA for Samba fault monitor's probing algorithm or functionality, states the conditions, messages, and recovery actions associated with unsuccessful probing.

For conceptual information on fault monitors, see the Sun Cluster Concepts Guide.

Resource Properties

The Sun Cluster HA for Samba fault monitor uses the same resource properties as resource type SUNW.gds. Refer to the SUNW.gds(5) man page for a complete list of resource properties used.

Probing Algorithm and Functionality

The Sun Cluster HA for Samba fault monitor is controlled by the extension properties that control the probing frequency. The default values of these properties determine the preset behavior of the fault monitor. The preset behavior should be suitable for most Sun Cluster installations. Therefore, you should tune the Sun Cluster HA for Samba fault monitor only if you need to modify this preset behavior.

The Sun Cluster HA for Samba fault monitor checks the smbd, nmbd, and winbindd components within an infinite loop. During each cycle the fault monitor will check the relevant component and report either a failure or success.

If the fault monitor is successful it returns to its infinite loop and continues the next cycle of probing and sleeping.

If the fault monitor reports a failure a request is made to the cluster to restart the resource. If the fault monitor reports another failure another request is made to the cluster to restart the resource. This behavior will continue whenever the fault monitor reports a failure.

If successive restarts exceed the Retry_count within the Thorough_probe_interval a request to failover the resource group onto a different node or zone is made.

Operations of the winbind probe

Note –

The winbindd daemon resolves user and group information as a service to the Name Service Switch. When running winbindd the Name Service Cache daemon must be turned off. To disable this refer to Step 4 in How to Prepare Samba for Sun Cluster HA for Samba.

The winbind fault monitor periodically checks that the fault monitor user can be retrieved by using getent passwd samba-fault-monitor-user.

Operations of the Samba probe

The Samba probe checks the nmbd daemon using the nmblookup program for each interface specified within the smb.conf file.

The Samba probe checks the smbd daemon using the smbclient program together with the samba-fault-monitor-user to access the scmondir share.

If smbclient cannot connect, there could be network/server issues causing smbclient to fail. These errors maybe transient and correctable within a few seconds. Therefore before a failure is called by the probe, smbclient is retried within 85% of the available Probe_timeout less 15 seconds, which is approximately the time-out for the first smbclient failure.

However, doing this is only realistic if Probe_timeout=30 seconds or more. If Probe_timeout is below 30 seconds then smbclient is tried only once.

Debug Sun Cluster HA for Samba

ProcedureHow to turn on debug for Sun Cluster HA for Samba

Sun Cluster HA for Samba can be used by multiple Samba or winbind instances. It is possible to turn debug on for all Samba or winbind instances or a particular Samba or winbind instance.

A config file exists under /opt/SUNWscsmb/xxx/etc, where xxx refers to samba or winbind.

These files allow you to turn on debug for all Samba or winbind instances or for a specific Samba or winbind instance on a particular node with Sun Cluster. If you require debug to be turned on for Sun Cluster HA for Samba across the whole Sun Cluster, repeat this step on all nodes within Sun Cluster.

  1. Edit /etc/syslog.conf and change daemon.notice to daemon.debug. 


    # grep daemon /etc/syslog.conf
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
*.alert;kern.err;daemon.err                     operator
#

    Change the daemon.notice to daemon.debug and restart syslogd. Note that the output below, from grep daemon /etc/syslog.conf, shows that daemon.debug has been set.


    # grep daemon /etc/syslog.conf
*.err;kern.debug;daemon.debug;mail.crit        /var/adm/messages
*.alert;kern.err;daemon.err                    operator

    Restart the syslog daemon.

    1. If running Solaris 9


      # pkill -1 syslogd

    2. If running Solaris 10


      # svcadm disable system-log
# svcadm enable system-log

  2. Edit /opt/SUNWscsmb/xxx/config.

    Perform this step for the samba or winbind components that require debug output, on each node of Sun Cluster as required.

    Edit /opt/SUNWscsmb/xxx/etc/config and change DEBUG= to DEBUG=ALL or DEBUG=resource.


    # cat /opt/SUNWscsmb/samba/etc/config
#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident   "@(#)config 1.1     06/03/21 SMI"
#
# Usage:
#       DEBUG=<RESOURCE_NAME> or ALL
#
DEBUG=ALL
    Note –

    To turn off debug, reverse the steps above.