HP CIFS Server 3.0i Administrator's Guide version A.02.03.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

171

172

173

174

175

176

177

178

179

180

Special Notes for HA HP CIFS Server

There are several areas of concern when implementing Samba in the MC/ServiceGuard HA

framework. These areas are described below:

• Client Applications

HA HP CIFS Server cannot guarantee that client applications with open files on a HP CIFS

Server share, or, applications launched from HP CIFS Server shares, will transparently

recover from a switchover. In these instances there may be cases where the application will

need to be restarted and the files reopened as a switchover is a logical shutdown and restart

of the HP CIFS Server.

• File Locks

File locks are not preserved during failover. File locks are lost and applications are not

advised about any lost file locks.

• Print Jobs

If a failover occurs when a print job is in process, the job may be printed twice or not at all,

depending on the job state at the time of the failover.

• Symbolic Links

If you have your Samba server configured with follow symlinks set to yes and wide links set

to yes, the defaults for these parameters, you should be cautious.

Symbolic links in the shared directory trees may point to files outside any shared directory.

If the symbolic links point to files that are not in logical shared volumes, then, after a failover

occurs, the symbolic link may point to a different file or no file. Keeping the targets of all

shared symbolic links synchronized with all MC/ServiceGuard nodes at all times could be

difficult in this situation.

Easier options would be to set wide links to no or to be sure that every file or directory that

you point to is on a logical shared volume.

• Security Files

An important security file is secrets.tdb. Machine account information is among the important

contents of this file. Since this file will be updated periodically (as defined in smb.conf by

machine password timeout, 604800 seconds by default), HP recommends that you locate

secrets.tdb on a shared logical volume. The location of the secrets.tdb file is defined by the

smb.conf parameter, private dir. For example, private dir =

/var/opt/samba/shared_vol_1/private will result in the file

/var/opt/samba/shared_vol_1/private/secrets.tdb.

User authentication is also dependent on several entries in different security files. Other

important security files are the user password file, smbpasswd and passdb.tdb. If you have

your Samba server configured with the "passdb backend = smbpasswd", for example,

then you have an smbpasswd file. By default, this file is located in the path

/var/opt/samba/private but the passdb backend parameter can be in two parts, the backend

name and a location string that has meaning only to that particular backend. For example,

passdb backend = tdbsam:/var/opt/samba/private/path1/passdb.tdb,

smbpasswd:/var/opt/samba/private/path2/smbpasswd will result in files

/var/opt/samba/private/path1/passdb.tdb and /var/opt/samba/private/path2/smbpasswd.

For both the machine account file and user password file, HP recommends that you store

the files in a common and secure directory on a shared logical volume.

• Username Mapping File

If you configure your Samba server to use a username mapping file, HP recommends that

you configure it to be located on a shared logical volume. This way, if changes are made,

all the nodes will always be up-to-date. The username mapping file location is defined in

174 Configuring HA HP CIFS