Bug 1819797

Summary: "netbios name" should have a default set in smb.conf in clustered setups
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Guenther Deschner <gdeschner>
Component: sambaAssignee: Guenther Deschner <gdeschner>
Status: CLOSED ERRATA QA Contact: Aditya Ramteke <aramteke>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rhgs-3.5CC: anoopcs, aramteke, asriram, pprakash, rcyriac, rhs-smb
Target Milestone: ---Keywords: ZStream
Target Release: RHGS 3.5.z Async Update   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: samba-4.12.6-102.el8rhgs Doc Type: Bug Fix
Doc Text:
Earlier, on standalone Samba installations without identical "netbios name" in smb.conf, individual account databases per cluster node were created. Hence, authorization failures could occur as the account database was not shared among all cluster nodes. With this update, a unified default "netbios name" on all cluster nodes guarantees the account database is using identical credentials on all cluster nodes and the authorization works as expected.
 Story Points: ---
Clone Of:
: 1888641 (view as bug list) Environment:
Last Closed: 2020-10-29 06:27:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1888641    

Description Guenther Deschner 2020-04-01 15:16:50 UTC 
Description of problem:

RHGS gluster cluster setups with ctdb absolutely need to have identical "netbios name" configurations to avoid differing account database generations on each node.

When "netbios name" is not explicitly configured (our current default), the current hostname is used for "netbios name". In that case, typically each node sets its own individual value for "netbios name". The problem that then occurs is that the CTDB database entries for both standalone and domain member setups are based on that "netbios name". 

In case of AD members authentication will fail (or worse: multiple machine accounts are created). In case of standalone machines (not joined to AD) also each node would generate its own security identifier (SID) causing all kinds of authentication and authorization problems as there is no synchronisation between the account databases of the various nodes (e.g. duplicate entries for users can get created).

All these problems are avoided when "netbios name" is set to a choosen name on all nodes in the cluster. RHGS should set a default value.
Comment 21 errata-xmlrpc 2020-10-29 06:27:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (samba bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4403