On 17/01/2022 06:19, Alexander Bokovoy wrote:
On su, 16 tammi 2022, lejeczek via FreeIPA-users wrote:
> Hi guys.
>
> I have an old - set up ~2 yrs ago - IPA domain which "survived"
> updates/upgrades till this day in such a way that integrated Samba
> serves up under different hostname/domain and serves non-enrolled
> clients(win 10) too.
>
> With new deployment, 4.9.6, just adding things to just DNS - which
> worked in that "old" domain - does _not_ do the trick.
> With only such "simple" DNS Samba does respond, clients connect and
> get password prompt but Samba says: NT_STATUS_WRONG_PASSWORD
>
> How - if it should be possible at all - to have a service, say Samba,
> which would serve a "virtual" FQDN? - which would make High-Available
> service for what I need.
> What I've tried so far - adding host/service seems not good/enough.
The only HA service supported by Samba upstream is use of CTDB over a
distributed file system that supports required semantics.
https://wiki.samba.org/index.php/CTDB_and_Clustered_Samba
It is impossible to say what is exact problem you have with your setup
with that small amount of details. If you are already using CTDB, I'd
suggest to share more of your configuration and logs. If you are not
using CTDB for this configuration, there is most likely no way to help
with that without going too deep into technical details and since this
configuration would not be supported by either Samba or FreeIPA
upstream, this would probably be a waste of everyone's time.
It's purely about IPA - as mentioned that "old" deployment of mine -
where DNS would manage a record(s) for a HA non-real-host, where such a
FQDN (under IPA's realm or outside of it(as I had it with "old" domain))
would "float" between masters(following floating IP)
Really nothing else to be bothered with, certainly not at this point.
Info I found on "clustered services" is pretty scarce - my opinion -
wish that covered Samba as one specific example, since Samba is - my
opinion again - such an integral part of IPA.
Such "clustered Samba" seems like what should work - for me - any of the
masters' Samba serving a given HA-FQDN - part needin careful fiddling
would be kerberos I presume.
many thanks, L.