winbind is not necessary for ctdb to function correctly. We can leave it sitting there but it does not need to be used for PAM nor nss. So, let's convert our ctdb cluster with winbind to our ctdb cluster with SSSD. The cluster we are converting is this one.
**EDIT: Now with startup script automation. Here are the relevant changes:
- install ubuntu ctdb and sssd
Edit and create the following files:
/usr/local/samba/etc/smb.conf
[global]
workgroup = ALTEA
realm = ALTEA.SITE
security = ADS
kerberos method = secrets and keytab
netbios name = SMBCLUSTER
clustering = Yes
ctdbd socket = /var/lib/run/ctdb/ctdbd.socket
pid dirctory = /var/run/samba
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
ln -s /usr/local/samba/etc/smb.conf /etc/samba
mkdir -p /var/lib/samba
/etc/init/samba.conf
description "SMB/CIFS File and Active Directory Server"
author "Jelmer Vernooij <jelmer@ubuntu.com>"
start on (local-filesystems and net-device-up)
stop on runlevel [!2345]
expect fork
normal exit 0
pre-start script
[ -r /etc/default/samba4 ] && . /etc/default/samba4
install -o root -g root -m 755 -d /var/run/samba
install -o root -g root -m 755 -d /var/log/samba
end script
exec samba -D
disable it:
echo manual | sudo tee /etc/init/samba.override
/etc/init.d/samba
#!/bin/sh
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Should-Start: slapd
# Should-Stop: slapd
# Short-Description: start Samba daemons (nmbd and smbd)
### END INIT INFO
# Description of this script:
#
# This script comes initially from a Debian Squeeze machine on
# which samba 3.x was installed with "apt-get install samba". The script
# was modified/adjusted so it points to the correct paths of a default
# samba4 installation (/usr/local/samba).
#
# Installation instructions:
# (1) copy the content of this script into your clipboard or download it
# (2) save the content into /etc/init.d/samba of your samba4 host.
# (3) execute "chmod +x /etc/init.d/samba" to have the script executable
# (4) execute "update-rc.d samba defaults" to install auto-start function.
# smbd+nmbd will automatically being started after earch system start/reboot
#
# Modified by local@#samba~irc.freenode.net at 06th March 2013
# The script was successfully tested on Debian GNU/Linux Squeeze+Wheezy
# Defaults
RUN_MODE="daemons"
# Reads config file (will override defaults above)
[ -r /etc/default/samba ] && . /etc/default/samba
PIDDIR=/var/run/samba
NMBDPID=$PIDDIR/nmbd.pid
SMBDPID=$PIDDIR/smbd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/local/samba/sbin/nmbd -a -x /usr/local/samba/sbin/smbd || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba daemons"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
if [ "$NMBD_DISABLED" != 'Yes' ]; then
log_progress_msg "nmbd"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/nmbd -- -D
then
log_end_msg 1
exit 1
fi
fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/smbd -- -D; then
log_end_msg 1
exit 1
fi
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba daemons"
log_progress_msg "nmbd"
start-stop-daemon --stop --quiet --pidfile $NMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by nmbd itself IMHO.)
rm -f $NMBDPID
fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
start-stop-daemon --stop --quiet --pidfile $SMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by smbd itself IMHO.)
rm -f $SMBDPID
fi
fi
log_end_msg 0
;;
reload)
log_daemon_msg "Reloading /usr/local/samba/etc/smb.conf" "smbd only"
start-stop-daemon --stop --signal HUP --pidfile $SMBDPID
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status="0"
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
if [ "$NMBD_DISABLED" != "Yes" ]; then
status_of_proc -p $NMBDPID /usr/local/samba/sbin/nmbd nmbd || status=$?
fi
if [ "$RUN_MODE" != "inetd" ]; then
status_of_proc -p $SMBDPID /usr/local/samba/sbin/smbd smbd || status=$?
fi
if [ "$NMBD_DISABLED" = "Yes" -a "$RUN_MODE" = "inetd" ]; then
status="4"
fi
exit $status
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
[sssd]
services = nss, pam
config_file_version = 2
domains = altea.site
[nss]
[pam]
[domain/altea.site]
ad_hostname = smbcluster.altea.site
ad_domain = altea.site
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_id_mapping = false
/etc/default/ctdb
CTDB_NODES=/etc/ctdb/nodes
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_SYSLOG=yes
CTDB_DEBUGLEVEL=NOTICE
CTDB_SERVICE_SMB=samba
/etc/ctdb/events.d/50.samba
#!/bin/sh
# ctdb event script for Samba
[ -n "$CTDB_BASE" ] || \
export CTDB_BASE=$(cd -P $(dirname "$0") ; dirname "$PWD")
. $CTDB_BASE/functions
detect_init_style
case $CTDB_INIT_STYLE in
suse)
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-smb}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-nmb}
;;
debian)
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-samba}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-""}
;;
*)
# Use redhat style as default:
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-smb}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-""}
;;
esac
service_name="samba"
loadconfig
ctdb_setup_service_state_dir
service_start ()
{
# make sure samba is not already started
service "$CTDB_SERVICE_SMB" stop > /dev/null 2>&1
if [ -n "$CTDB_SERVICE_NMB" ] ; then
service "$CTDB_SERVICE_NMB" stop > /dev/null 2>&1
fi
killall -0 -q smbd && {
sleep 1
# make absolutely sure samba is dead
killall -q -9 smbd
}
killall -0 -q nmbd && {
sleep 1
# make absolutely sure samba is dead
killall -q -9 nmbd
}
# start Samba service. Start it reniced, as under very heavy load
# the number of smbd processes will mean that it leaves few cycles
# for anything else
net serverid wipe
if [ -n "$CTDB_SERVICE_NMB" ] ; then
nice_service "$CTDB_SERVICE_NMB" start || die "Failed to start nmbd"
fi
service "$CTDB_SERVICE_SMB" start || die "Failed to start samba"
}
service_stop ()
{
service "$CTDB_SERVICE_SMB" stop
if [ -n "$CTDB_SERVICE_NMB" ] ; then
service "$CTDB_SERVICE_NMB" stop
fi
}
######################################################################
# Show the testparm output using a cached smb.conf to avoid delays due
# to registry access.
smbconf_cache="$service_state_dir/smb.conf.cache"
testparm_foreground_update ()
{
_timeout="$1"
if ! _out=$(timeout $_timeout testparm -v -s 2>/dev/null) ; then
if [ -f "$smbconf_cache" ] ; then
echo "WARNING: smb.conf cache update failed - using old cache file"
return 1
else
die "ERROR: smb.conf cache create failed"
fi
fi
_tmpfile="${smbconf_cache}.$$"
# Patterns to exclude...
pat='^[[:space:]]+(registry[[:space:]]+shares|include|copy|winbind[[:space:]]+separator)[[:space:]]+='
echo "$_out" | grep -Ev "$pat" >"$_tmpfile"
mv "$_tmpfile" "$smbconf_cache" # atomic
return 0
}
testparm_background_update ()
{
_timeout="$1"
testparm_foreground_update $_timeout >/dev/null 2>&1 </dev/null &
}
testparm_cat ()
{
testparm -s "$smbconf_cache" "$@" 2>/dev/null
}
list_samba_shares ()
{
testparm_cat |
sed -n -e 's@^[[:space:]]*path[[:space:]]*=[[:space:]]@@p' |
sed -e 's/"//g'
}
list_samba_ports ()
{
testparm_cat --parameter-name="smb ports" |
sed -e 's@,@ @g'
}
###########################
ctdb_start_stop_service
is_ctdb_managed_service || exit 0
###########################
case "$1" in
startup)
ctdb_service_start
;;
shutdown)
ctdb_service_stop
;;
monitor)
testparm_foreground_update 10
ret=$?
smb_ports="$CTDB_SAMBA_CHECK_PORTS"
if [ -z "$smb_ports" ] ; then
smb_ports=$(list_samba_ports)
[ -n "$smb_ports" ] || die "Failed to set smb ports"
fi
ctdb_check_tcp_ports $smb_ports || exit $?
if [ "$CTDB_SAMBA_SKIP_SHARE_CHECK" != "yes" ] ; then
list_samba_shares | ctdb_check_directories || exit $?
fi
if [ $ret -ne 0 ] ; then
testparm_background_update 10
fi
;;
*)
ctdb_standard_event_handler "$@"
;;
esac
exit 0
**EDIT: The original post with ctdb built from source follows:
So, on both nodes.
1. Remove the winbind lines from the PAM stack at /etc/pam.d
2. Install sssd
sudo apt-get install sssd
sudo pam-auth-update
choose sssd
3. Create /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = altea.site
[nss]
[pam]
[domain/altea.site]
ad_hostname = smbcluster.altea.site
ad_domain = altea.site
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_id_mapping = false
4. minimise smb.conf
/usr/local/samba/etc/smb.conf[global]
workgroup = ALTEA
realm = ALTEA.SITE
security = ADS
kerberos method = secrets and keytab
netbios name = SMBCLUSTER
clustering = Yes
ctdbd socket = /usr/local/var/run/ctdb/ctdbd.socket
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
[shared]
path = /cluster/shared
force create mode = 0770
read only = No
5. create the keytab
remove any old /etc/krb5.keytab
then:
net ads keytab create -UAdministrator
6. edit the kerberos method line in smb.conf
kerberos method = secrets only
7. substitute sss for winbind in /etc/nsswitch.conf
passwd: files sss
group: files sss
7. Create a start-up script (don't laugh)
#!/bin/bash
#!/bin/bash
case $1 in
start)
echo tearing down apparmor
sudo service apparmor stop
sudo service apparmor teardown
echo startng sssd
sudo rm /var/lib/sss/db/*
sudo service sssd restart
ps aux|grep sssd
echo starting cluster node 1
echo mounting the cluster partition
sudo drbdadm primary r0
mount /dev/drbd1 /cluster
echo loading ctdbd
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
echo sleeping
sleep 2
echo starting smbd
sudo smbd
sleep 1
echo starting winbindd
sudo winbindd
echo waiting for cluster, tailing log:
sudo tail -f /var/log/syslog
;;
stop)
echo stopping cluster
sudo umount /cluster
sudo killall ctdbd smbd winbindd
sudo service sssd stop
ps aux|grep ctdbd
ps aux|grep smbd
ps aux|grep winbindd
ps aux|grep winbindd
echo "done"
;;
esac
8. bring it on
** EDIT: now it's just: sudo service ctdb start
** EDIT: now it's just: sudo service ctdb start
sudo ./ctdbcluster start
 |
| node 1 |
 |
| a Lubuntu client |