This section describes how to configure CIFS in domain mode.
In this mode, user authentication happens on the NT4-style Domain controllers.
The cluster nodes act as member servers in the domain. You must have performed additional steps to make user and group mapping via winbind work.
A shared file system needs to be specified during the config operation. This file system is used to replicate the secrets.tdb file (machine password file) across all cluster nodes. Only one of the cluster nodes joins the domain using the cluster name. Once you have copied this file to all the cluster nodes, the Domain controller sees all cluster nodes as one member server.
The shared file system can also be used to store any tdb
files that needs to be shared across all cluster nodes. Appropriate symlinks must be created on all cluster nodes.
You must backup your existing smb.conf
file and ensure that the /var/log/samba
file exists on all cluster nodes, before running the cfsshare config command.
Note: |
If CNFS is already configured on the cluster, then specify the same shared_volume and mount_point for configuration of CIFS. |
cfsshare config [-n] -p cifs -l samba_lockdir -c \ samba_config_file -t samba_topdir -m domain \ shared_disk_group shared_volume mount_point
For example:
# cfsshare config -p cifs -m domain -l \ /var/run -c /etc/samba/smb.conf -t /usr -s sfstest-ad \ -d SFSTEST-AD2 -u Administrator lockdg vollocks /locks
Note: |
Check the path of the Samba lock directory and PID directory using the smbd -b command. Use the path of the PID directory for the -l samba_lock option. |
If the -n option is specified when using the cfsshare config command, you must follow the steps to complete the CIFS configuration:
To complete the CIFS configuration when using the -n option
smb.conf
file:security = domain workgroup = domainname password server = Domain_Controller_of_the_domain
secrets.tdb
file:# mv -f pvtdir/secrets.tdb pvtdir/secrets.tdb.OLD
where pvtdir is the private directory of your Samba installation.
secrets.tdb
file created in the locks file system to the private directory of your Samba installation:# cp -f mntpt/cifs/secrets.tdb pvtdir/secrets.tdb
where mntpt is the mount point.
To unconfigure CIFS:
# cfsshare unconfig -p cifs
The unconfigure operation fails if any file systems are being shared via CIFS protocol.
You can configure both CNFS and CIFS at the same time by running the cfsshare config -p all command.
# cfsshare config -p all -m domain -l \ /var/run -c /etc/samba/smb.conf -t /usr -s sfstest-ad \ -d SFSTEST-AD2 -u Administrator lockdg vollocks /locks