This section describes how to configure CIFS in ads mode.
In this mode, user authentication happens on the active directory using Kerberos. The cluster nodes act as member servers in the domain. You must have performed additional steps to make user and group mapping via winbind work.
A shared file system needs to be specified during the config operation. This file system is used to replicate the secrets.tdb
file (machine password file) across all cluster nodes. Only one of the cluster nodes joins the domain using the cluster name. Once you have copied this file to all the cluster nodes, the Domain controller sees all cluster nodes as one member server.
You must have configured Kerberos on all cluster nodes. The time on all cluster nodes needs to be synced up with the AD server/KDC.
The shared file system can also be used to store any tdb
file that needs to be shared across all cluster nodes. Appropriate symlinks must be created on all cluster nodes.
You must backup your existing smb.conf
file and ensure that the /var/log/samba
file exists on all cluster nodes, before running the cfsshare config command.
Note: |
If CNFS is already configured on the cluster, then specify the same shared_volume and mount_point for configuration of CIFS. |
cfsshare config [-n] -p cifs -l samba_lockdir -c \ samba_config_file -t samba_topdir -m ads \ shared_disk_group shared_volume mount_point
# cfsshare config -p cifs -m ads -l /var/run \ -c /etc/samba/smb.conf -t /usr -s sfstest-ad -d \ SFSTEST-AD2 -r SFSTEST-AD2.LOCAL -u Administrator \ lockdg lockvol /locks
Note: |
Check the path of the Samba lock directory and PID directory using the smdb -b command. Use the path of the PID directory for the -l samba_lock option. |
If the -n option is specified when using the cfsshare config command, you must follow the steps to complete the CIFS configuration:
To complete the CIFS configuration when using the -n option
Copy the following lines to your smb.conf
file:
security = ads workgroup = domainname password server = AD_server_of_the_domain realm = realm_name
Run the following command to backup your existing secrets.tdb
file:
# mv -f pvtdir/secrets.tdb pvtdir/secrets.tdb.OLD
where pvtdir is the private directory of your Samba installation.
Copy the secrets.tdb
file created in the locks file system to the private directory of your Samba installation:
# cp -f mntpt/cifs/secrets.tdb pvtdir/secrets.tdb
# cfsshare unconfig -p cifs
You can configure both CNFS and CIFS at the same time by running the cfsshare config -p all command.
# cfsshare config -p all -m ads -l /var/run \ -c /etc/samba/smb.conf -t /usr -s sfstest-ad -d \ SFSTEST-AD2 -r SFSTEST-AD2.LOCAL -u Administrator \ lockdg lockvol /locks