Configuring CIFS in domain mode

This section describes how to configure CIFS in domain mode.

In this mode, user authentication happens on the NT4-style Domain controllers.

The cluster nodes act as member servers in the domain. You must have performed additional steps to make user and group mapping via winbind work.

A shared file system needs to be specified during the config operation. This file system is used to replicate the secrets.tdb file (machine password file) across all cluster nodes. Only one of the cluster nodes joins the domain using the cluster name. Once you have copied this file to all the cluster nodes, the Domain controller sees all cluster nodes as one member server.

The shared file system can also be used to store any tdb files that needs to be shared across all cluster nodes. Appropriate symlinks must be created on all cluster nodes.

You must backup your existing smb.conf file and ensure that the /var/log/samba file exists on all cluster nodes, before running the cfsshare config command.


If CNFS is already configured on the cluster, then specify the same shared_volume and mount_point for configuration of CIFS.

cfsshare config [-n] -p cifs -l samba_lockdir -c \
samba_config_file -t samba_topdir -m domain \
shared_disk_group shared_volume mount_point

For example:

# cfsshare config -p cifs -m domain -l \
/var/run -c /etc/samba/smb.conf -t /usr -s sfstest-ad \
-d SFSTEST-AD2 -u Administrator lockdg vollocks /locks


Check the path of the Samba lock directory and PID directory using the smbd -b command. Use the path of the PID directory for the -l samba_lockdir option.


The cfsshare config command fails if the shared_volume specified is already registered with VCS. Verify that the shared_volume is not registered with VCS by examining the output from the following command:

# /opt/VRTS/bin/cfsmntadm display

If the -n option is specified when using the cfsshare config command, you must follow the steps to complete the CIFS configuration:

To complete the CIFS configuration when using the -n option

  1. Copy the following lines to your smb.conf file:
    security = domain
    workgroup = domainname
    password server = Domain_Controller_of_the_domain
  2. Run the following command to backup your existing secrets.tdb file:
    # mv -f pvtdir/secrets.tdb pvtdir/secrets.tdb.OLD

    where pvtdir is the private directory of your Samba installation.

  3. Copy the secrets.tdb file created in the locks file system to the private directory of your Samba installation:
    # cp -f mntpt/cifs/secrets.tdb pvtdir/secrets.tdb

    where mntpt is the mount point.

To unconfigure CIFS:

To configure both CNFS and CIFS

# cfsshare config -p all -m domain -l \
/var/run -c /etc/samba/smb.conf -t /usr -s sfstest-ad \
-d SFSTEST-AD2 -u Administrator lockdg vollocks /locks