On 17/01/2022 06:19, Alexander Bokovoy wrote:
> On su, 16 tammi 2022, lejeczek via FreeIPA-users wrote:
>> Hi guys.
>>
>> I have an old - set up ~2 yrs ago - IPA domain which "survived"
>> updates/upgrades till this day in such a way that integrated Samba
>> serves up under different hostname/domain and serves non-enrolled
>> clients(win 10) too.
>>
>> With new deployment, 4.9.6, just adding things to just DNS - which
>> worked in that "old" domain - does _not_ do the trick.
>> With only such "simple" DNS Samba does respond, clients connect and
>> get password prompt but Samba says: NT_STATUS_WRONG_PASSWORD
>>
>> How - if it should be possible at all - to have a service, say
>> Samba, which would serve a "virtual" FQDN? - which would make
>> High-Available service for what I need.
>> What I've tried so far - adding host/service seems not good/enough.
>
> The only HA service supported by Samba upstream is use of CTDB over a
> distributed file system that supports required semantics.
>
https://wiki.samba.org/index.php/CTDB_and_Clustered_Samba
>
> It is impossible to say what is exact problem you have with your setup
> with that small amount of details. If you are already using CTDB, I'd
> suggest to share more of your configuration and logs. If you are not
> using CTDB for this configuration, there is most likely no way to help
> with that without going too deep into technical details and since this
> configuration would not be supported by either Samba or FreeIPA
> upstream, this would probably be a waste of everyone's time.
>
>
>
>
It's purely about IPA - as mentioned that "old" deployment of mine -
where DNS would manage a record(s) for a HA non-real-host, where such
a FQDN (under IPA's realm or outside of it(as I had it with "old"
domain)) would "float" between masters(following floating IP)
Really nothing else to be bothered with, certainly not at this point.
Info I found on "clustered services" is pretty scarce - my opinion -
wish that covered Samba as one specific example, since Samba is - my
opinion again - such an integral part of IPA.
Such "clustered Samba" seems like what should work - for me - any of
the masters' Samba serving a given HA-FQDN - part needin careful
fiddling would be kerberos I presume.
many thanks, L.
I realize one bit I might have left vague - Samba's customers/clients,
those no need to authenticate with Kerberos, password authentication is
good enough(what my "old" IPA does)