Re: Problem Accessing Samba share from Windows workstation via DNS Round Robin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, 2012-01-20 at 16:38 +1000, Peter Tan wrote: 
> I have set up a 2 node linux cluster and wish to share a ocfs2 mount on san storage. I have configured ctdb, samba and Kerberos and am able to map the share on my windows workstation when I hit the ip of each of the two nodes.
> 
> I am able to mount this share via nfs on other linux servers ok.
> 
> However it does not appear to be authenticating when I try to map to the DNS hostname that has been set up to round robins across the two ip's - I keep getting prompted for a login and password and I get the following in /var/log/messages: "krb5_rd_req failed (Key table entry not found)"
> 
> Node 1: 10.101.4.16
> Node 2: 10.101.4.17
> DNS A Name: clusterpub 10.101.4.16
> DNS A Name: clusterpub 10.101.4.17
> 
> I have set the "netbios name = clusterpub" in smb.conf on both nodes
> 
> Interestingly, I am able to successfully connect to the "clusterpub" share from one of the nodes via smbclient.
> 
> # smbclient //clusterpub/archive -U <user>
> Enter <user> password:
> Domain=[COUNCIL] OS=[Unix] Server=[Samba 3.5.4-0.83.el5]
> smb: \> dir
>   .                     D        0  Fri Jan 20 14:28:01 2012
>   ..                    D        0  Wed Jan 18 13:56:46 2012
>   hello-from-samba               0  Fri Jan 20 14:28:01 2012
> 
>                 64000 blocks of size 16777216. 63805 blocks available
> smb: \>
> 
> What am I missing?

You have 2 ways to solve this issue.

My preferred one is to join the cluster to the domain with the public
name (clusterpub) in your case, and share the keytab between the 2
nodes. They are logically a single server and need to share the same
credentials.

Another way I like a lot less is to make sure you have PTR records set
up so that they point to the respective private names, and join each
node with these names. I like this less because it relies on reverse
address resolution and kinda breaks the fact you are trying to present a
single service to the clients.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo@xxxxxxxxx>
Principal Software Engineer at Red Hat, Inc. <simo@xxxxxxxxxx>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux