HP CIFS Server 3.0f Administrator's Guide verison A.02.03
Special Notes for HA HP CIFS Server
There are several areas of concern when implementing Samba in the MC/ServiceGuard HA framework.
These areas are described below:
• Client Applications
HA HP CIFS Server cannot guarantee that client applications with open files on a HP CIFS Server share,
or, applications launched from HP CIFS Server shares, will transparently recover from a switchover. In
these instances there may be cases where the application will need to be restarted and the files reopened
as a switchover is a logical shutdown and restart of the HP CIFS Server.
• File Locks
File locks are not preserved during failover. File locks are lost and applications are not advised about
any lost file locks.
• Print Jobs
If a failover occurs when a print job is in process, the job may be printed twice or not at all, depending
on the job state at the time of the failover.
• Symbolic Links
If you have your Samba server configured with
follow symlinks
set to
yes
and
wide links
set to
yes,
the
defaults for these parameters, you should be cautious.
Symbolic links in the shared directory trees may point to files outside any shared directory. If the symbolic
links point to files that are not in logical shared volumes, then, after a failover occurs, the symbolic link
may point to a different file or no file. Keeping the targets of all shared symbolic links synchronized
with all MC/ServiceGuard nodes at all times could be difficult in this situation.
Easier options would be to set
wide links
to
no
or to be sure that every file or directory that you point
to is on a logical shared volume.
• Security Files
An important security file is
secrets.tdb
. Machine account information is among the important contents
of this file. Since this file will be updated periodically (as defined in
smb.conf
by machine password
timeout, 604800 seconds by default), HP recommends that you locate
secrets.tdb
on a shared logical
volume. The location of the secrets.tdb file is defined by the
smb.conf
parameter, private dir. For
example, private dir = /var/opt/samba/shared_vol_1/private will result in the file
/
var/opt/samba/shared_vol_1/private/secrets.tdb
.
User authentication is also dependent on several entries in different security files. Other important
security files are the user password file,
smbpasswd
and
passdb.tdb
. If you have your Samba server
configured with the "passdb backend = smbpasswd", for example, then you have an smbpasswd
file. By default, this file is located in the path
/var/opt/samba/private
but the passdb backend
parameter can be in two parts, the backend name and a location string that has meaning only to that
particular backend. For example, passdb backend =
tdbsam:/var/opt/samba/private/path1/passdb.tdb,
smbpasswd:/var/opt/samba/private/path2/smbpasswd will result in files
/var/opt/samba/private/path1/passdb.tdb
and
/var/opt/samba/private/path2/smbpasswd
.
For both the machine account file and user password file, HP recommends that you store the files in a
common and secure directory on a shared logical volume.
• Username Mapping File
If you configure your Samba server to use a username mapping file, HP recommends that you configure
it to be located on a shared logical volume. This way, if changes are made, all the nodes will always
be up-to-date. The username mapping file location is defined in
smb.conf
by the parameter username
map, e.g. username map = /var/opt/samba/shared_vol_1/username.map. There is no
username map file by default.
• Winbind Configurations
Add the commented winbind lines in samba.mon and samba.cntl as reviously described.
Special Notes for HA HP CIFS Server 161