This chapter contains a summary of the basic procedure to edit the configuration for a Samba server. It also provides examples that show the additional steps needed for the following configurations:
(There are no additional steps for standalone Samba servers.)
This section provides a summary of the editing procedure.
To edit configuration files, do the following:
Set up the contents of the /usr/samba/lib/smb.conf.template file for each server in the cluster. (An example is provided with the plugin.) This file should be edited to contain the correct workgroup for the Samba server and any site-specific global section changes that are needed. Copy this file to all nodes of the cluster that will be serving the Samba resource.
Create the /usr/samba/lib/smb.conf. servername files, where servername is the NetBIOS name of the resources that are exported by the FailSafe cluster. (The NetBIOS name is the Samba resource name.)
Each of these files should contain sections for share definitions that each NetBIOS name will offer to clients. The pathnames in each section should exist under the highly available filesystem resource on which the Samba resource depends.
In other words, the area of the filesystem being shared by Samba should be able to be failed over from one node to another node. Any global parameters that are to differ from the template file can be added to the start of this file before any share sections.
Copy these /usr/samba/lib/smb.conf. servername files to all the nodes of the cluster that will be serving the Samba resources, so that all nodes are able to share out all the resources.
For example, if there is a two-node cluster with the following:
A Samba resource named server1 in a workgroup named workgroup1 with the HA filesystem dependency /fs1
A Samba resource named server2 in a workgroup named workgroup2 with the HA filesystem dependency /fs2
The two files might look like the following:
Contents of /usr/samba/lib/smb.conf.server1: workgroup = workgroup1 [fs1] comment = failsafe filesystem1 path = /fs1 read only = no guest ok = yes Contents of /usr/samba/lib/smb.conf.server2: workgroup = workgroup2 [fs2] comment = failsafe filesystem2 path = /fs2 read only = no guest ok = yes
Note: For more information about the meaning of the various parameters, see the smb.conf(4) man page. The workgroup parameter is normally set in the smb.conf.template file. However, because each of these resources is in a different workgroup, the workgroup parameter is entered at the beginning of each smb.conf.servername file; this action allows the value in the smb.conf.template file to be overridden by each resource. If all resources are in the same workgroup, you do not need to add the workgroup parameter to these files.
If resource server2 is failed over to hans1, then as filesystem /fs2 becomes mounted on hans1, the Samba daemons will be started that will start serving out the SMB share fs2 under the NetBIOS name server2. You would now see two sets of Samba daemons running on the machine hans1 (inline whitespace deleted for readability):
# ps -ef | grep mbd root 6193606 1 0 Feb 08 ? 0:14 /usr/samba/bin/nmbd -D -s /fs1/.samba/server1/smb.conf root 6199848 1 0 Feb 08 ? 0:00 /usr/samba/bin/smbd -D -s /fs1/.samba/server1/smb.conf root 7689487 1 0 Feb 08 ? 0:00 /usr/samba/bin/nmbd -D -s /fs2/.samba/server2/smb.conf root 7690286 1 0 Feb 08 ? 0:00 /usr/samba/bin/smbd -D -s /fs2/.samba/server2/smb.conf
This section contains a summary of the steps required to configure a node as a member server of a Windows NT domain. See the section entitled "security = domain in Samba 2.x" in the Samba HOWTO collection for detailed instructions. The HOWTO collection is available at /usr/samba/swat/help/Samba-HOWTO-Collection.html.
The example used in the summary assumes the following:
A Samba resource named server1.
A filesystem dependency of /fs1.
A domain named DOM.
A primary domain controller named DOMPDC.
An account with administrative rights exists on the PDC with the name administrator and password of password,
Not all Samba resources in the cluster are operating as a member of a Windows NT domain. (If all Samba resources were to be the running in the same server configuration mode, the changes specified in step 1 could be made to the /usr/samba/lib/smb.conf.template file.)
To configure a node as a member server with the above assumptions, you would do the following:
Add the following lines to the beginning of the /usr/samba/lib/smb.conf.server1 file:
workgroup = dom security = domain encrypt passwords = yes password server = dompdc
Note: The password server line is not required if a WINS server has been specified in the smb.conf.template file and the domain controller specifies the same WINS server. Start the Samba resource by adding it to a resource group as specified in “Creating a Samba Resource Group” in Chapter 4. This will create the default directories and files required.
Join the domain by executing the following command:
root# /usr/samba/bin/smbpasswd -c /fs1/.samba/server1/smb.conf -j DOM -r DOMPDC -Uadministrator%password
The smbpasswd command for versions of Samba prior to 2.2.4 will report joining the wrong domain name if the workgroup = dom line is not in the main smb.conf file.
The following is a summary of the steps required to configure a node as a Windows NT primary domain controller (PDC). For more details, see the section entitled "How to Configure Samba 2.2 as a Primary Domain Controller" in the Samba HOWTO collection. This section is also available as an individual document at /usr/samba/swat/help/Samba-PDC-HOWTO.html .
The example in the summary assumes the following:
A Samba resource named server1.
A filesystem dependency of /fs1.
A domain named DOM.
There is more than one Samba resource in the cluster. (If there was only one Samba resource, the changes specified in step 1 could be made to the /usr/samba/lib/smb.conf.template file.)
To configure a node as a primary domain controller with the above assumptions, you would do the following:
Add the following lines to the beginning of the /usr/samba/lib/smb.conf.server1 file:
workgroup = dom security = user encrypt passwords = yes os level = 34 local master = yes preferred master = yes domain master = yes domain logons = yes [netlogon] comment = The domain logon service path = /fs1/samba/logon guest ok = no read only = yes browsable = no
You could also add other parameters such as logon path, logon drive , logon home, and logon script before the netlogon section. If roving profiles were desired, you could also add a profile section.
Ensure the /fs1/samba/logon directory exists.
Start the Samba resource by adding it to a resource group, as specified in “Creating a Samba Resource Group” in Chapter 4. This will create the default directories and files required.
If you have Windows NT clients (or Samba clients) that will be joining the domain, you must create machine trust accounts. These accounts may be created automatically by Samba if the add user script parameter is set in the smb.conf file. There is a sample command included in the /usr/samba/lib/smb.conf.template file that is installed by the FailSafe Samba software, but it is commented out by default; you can remove the semicolon (;) at the beginning of the line to enable it.
Alternately, you may wish to create these accounts manually. For example, if you want the machine with a NetBIOS name of server2 to join the domain, do the following:
Add the server2 machine name to the /etc/passwd file. (The machine name is the NetBIOS name followed by a $ character).
Use the smbpasswd command to add the machine trust account to the smbpasswd file by executing the following command:
root# /usr/samba/bin/smbpasswd -c /fs1/.samba/server1/smb.conf -a -m server2