5.5 Samba Configuration

Now that you have installed and configured Novell Cluster Services and created the Samba cluster resource, you are ready to configure Samba on each cluster server.

5.5.1 Preparing the Cluster Servers

  1. If you have not already done so, install and configure the Novell Samba pattern on each cluster server that will share the Samba resource.

    Be sure that the Base Context for Samba Users is set to the container where you plan to create your Samba users, or to a container above that in the eDirectory tree.

    For more information on installing and configuring Novell Samba, see Section 3.0, Installing Samba for OES 2.

  2. Enter the following command on all preferred nodes in the cluster:

    chkconfig smb off

    This command ensures that Samba is not started until it is required for a resource migration or failover.

  3. Continue with Section 5.5.2, Creating a Samba Share.

5.5.2 Creating a Samba Share

In OES 2, you can use the new Samba management plug-in for iManager to create a new Samba share, instead of manually adding a share definition in the /etc/samba/smb.conf file.

  1. In iManager’s Roles and Tasks mode, select File Protocols > Samba.

  2. Enter the IP address or DNS name of the primary cluster server, or browse and select it.

  3. Wait for the general Samba information to be displayed, then click the Share tab.

  4. Click New and follow the on-screen prompts to create a share that maps to the mount point you defined for the Samba cluster resource.

  5. Continue with Section 5.5.3, Editing the smb.conf File.

5.5.3 Editing the smb.conf File

  1. Copy the smb.conf file from the /etc/samba directory on the primary cluster server to the /etc/samba directory you created on the shared disk in Step 2.

    This would be the /mnt/samba/etc/samba directory if you used the same directory names as those given in the example.

  2. Rename the copied smb.conf file to match the name specified for the CONFIG_FILE variable in the Samba cluster resource load and unload scripts.

    For example, if you left the variable set at its default name, you would rename the file SambaResource-smb.conf.

  3. Modify the copied and renamed .conf file as follows:

    1. In the Entries made by OES install section, locate the following line:

      passdb backend = NDS_ldapsam:ldaps//xxx.xxx.xxx.xxx:636

      Verify that xxx.xxx.xxx.xxx is the IP address of the master LDAP server for your eDirectory tree.

    2. Add the following lines to the [global] section:

      bind interfaces only = yes
      
      interfaces = resource_ipaddress
      
      pid directory = $MOUNT_POINT/share/locks
      

      Replace resource_ipaddress with the IP address you plan to assign to the Samba cluster resource.

    3. In the line netbios name = %h-W, change %h-W to something unique, such as the name you will give the Samba virtual server.

  4. (Conditional) You probably have other instances of Samba running on servers in your cluster. If this is true, edit the smb.conf file on each server where another Samba instance is running and add the following lines to the [global] section:

    bind interfaces only = yes
    
    interfaces = server_ipaddress
    

    Replace server_ipaddress with the IP address of the server where the instance of Samba is running.

    Adding these lines to the respective smb.conf files eliminates conflicts caused by running multiple instances of Samba.

  5. Continue with Section 5.5.4, Bringing the Samba Cluster Resource Online.

5.5.4 Bringing the Samba Cluster Resource Online

You are now ready to reedit the Samba resource load and unload scripts and bring the Samba cluster resource online.

  1. Enter the following command to take the Samba cluster resource offline:

    cluster offline resource_name

  2. Enter the following command on all cluster nodes to stop Samba:

    rcsmb stop

  3. Using iManager, uncomment the Samba-related lines you previously commented out in the resource load and unload scripts. (See Section 5.4.2, Configuring Samba Load, Unload, and Monitor Scripts.)

  4. Bring the cluster back online by entering:

    cluster online cluster_name node_name

  5. Continue with Section 5.5.5, Creating Samba Users and a Group for Cluster Access.

5.5.5 Creating Samba Users and a Group for Cluster Access

The procedure for creating Samba users to access the shared Samba cluster resource is similar to the procedure for creating Samba users in a non-clustered environment. However, because you want to use only one group to provide access for all of the Samba servers in the cluster, you cannot use the default Samba users groups that are created automatically on each Samba server. Instead, you must create a single LUM-enabled group for the cluster and make your Samba users members of that group.

NOTE:The instructions below assume that you have not yet created the Samba user accounts in eDirectory. If you have existing users that you want to access the Samba cluster resource, you must assign them a Universal Password individually.

  1. Using iManager, select Directory Administration > Create Object and create a new Organizational Unit container for the Samba cluster users.

  2. Select Passwords > Password Policies and assign the Samba Default Password Policy to the new container.

  3. Select Users > Create User and create accounts for the Samba cluster users in the new container.

  4. Select Groups > Create Group and create a new group for your Samba cluster users.

  5. Select Linux User Management > Enable Groups for Linux and LUM-enable the group. Associate the group with the UNIX Workstation objects for all of the cluster servers.

  6. Select Groups > Modify Group and add the Samba cluster users as members of the group.

  7. Select File Protocols > Samba and select the primary cluster server as the Samba server to configure.

  8. Click the Users tab, select Add, and add all of the Samba cluster users.

  9. At the terminal prompt, enter the following commands to grant the necessary access rights to the shared Samba resource:

    chmod 775 path

    chgrp group_name path

    Replace path with the path to the shared Samba file system (mount point) and group_name with the name of the LUM-enabled group you created for Samba cluster access.

    The Samba cluster users gain access rights to the shared resource by virtue of their membership in the specified group.

You should now be able to log in as one of the Samba cluster users at a Windows workstation (without the Novell Client installed on it) and access files on the shared Samba resource. Access to this resource should continue uninterrupted when the cluster resource is migrated between preferred nodes or in the event of an unexpected server failure.