21.8.14

des res




uk
on plot storage, landscaped garden
quick sale £190 000
owner emigrating

19.8.14

complicated shadows

coincidence - confusion - family
today a vivid flashback
Conde Duque, Madrid. 13 July, 1996

17.8.14

romería sin romero

polop de la marina 16 agosto 2014 - 27º - storm threatening


Never done this in a happy state of mind. But made a bad start. Couldn't find any romero. I wanted my own romero. Anyway, sin romero, we set off at a fast pace following no fewer than 6 bands with people interspersed looking decidedly hot; mainly girls in heavy dresses. The pace slowed as we hit the slopes via Plaza Purisima. You have to go back to where you started. And carry romero on a stick. It says it in the rules. So with superstition not on our side, we finally made the 3 hour round trip, spared a thought for the musicians blowing and tapping in the humidity and got back to where we started.

















16.8.14

iTunes sync


tolerance quiz

Read the following passage concerning iPad skills. Then answer the simple questions which follow.


A. It hasn't gone into music.
B. What?
A. I can't get it into music.
B. Why not?
A. It says to sign in.
B. Well sign in then.
A. It won't let me.
B. Why?
A. It says try again. I do it and it doesn't let me.
B. How many times have you tried?
A. All day. It says I have to wait 8 hours.
B. Let me have a go.
(pause, keyboard activity)
What was the name of your first pet?
A. What pet?
B. Your first pet. What was its name?
A. I didn't have one.
(pause) Hang on, my Mother had a cat.
B. OK then. What was the cat's name?
A. She called it Busby.
B. No, that's not it.
A. What do you mean it's not it?
B. That's not the name of your first pet. It's not what the iPad thinks it is anyway.
(pause, keyboard activity)
What's your Mother's maiden name?
A. Allen. Why?
(pause, keyboard activity)
B. Is that, A L L A N?
A. I think so.
B. Nope. That's not it either.
A. Yes it is.
B. It's not what the iPad thinks it is.
A. What are you doing?
B. Getting the song onto the iPad.
A. Why? I just want it in music.
B. That's what I'm doing.
A. Why is it asking my pet's name?
B. Are you sure it was Allen?
(pause)
OK. Look, do you have another e-mail address?
A. Yes.
B. What is is?
A. mary@yahoo.co.uk
B. No, not that one. A different one.
A. I used to have one, but I can't remember it.
B. OK.
(long pause, keyboard activity)
OK. What was the name of your first pet?
A. I didn't have a pet.
B. What about the cat?
A. Busby.
B. Perfect. Now, what is your Mother's maiden name? Allen with an E?
A Yes.
B. Perfect.
(long pause)
OK then. I've changed your password to Creamtea42
A. I'll never remember that.
B. Right. It says that this iTunes account is not valid on this iPad
A. What's iTunes account?
B. It's what I need to get the song onto the iPad.
A. I just want it in music.
B. OK. Look, what do you do when you buy a song?
A. Marie does it.
B. So you've never bought a song.
A. No. Marie does it. She got me that Michael Jackson.
B. OK. Can you call her and ask her for her password? Tell her she can change it afterwards.
A. She says what password are you talking about.
B. (long pause, taking the 'phone)
No, no. Not that one. Your iTunes password. You can always change it afterwards.
(pause)
She can't remember it.

Questions

  1. Estimate a time scale for the above events.
  2. Who set up the iPad in the first instance?
  3. Using your answer to (2) above, or otherwise give:
a. The person to whom we should attribute pet ownership.
b. The person referred to when asked for maiden name.
c. The relationship between character A and Marie.
d. A possible identity for character B.

Your score:
 0-30%, mostly D's: You are good at relationships
30-60%, mostly F's etc. etc.


14.8.14

ubuntu cluster with sssd


winbind is not necessary for ctdb to function correctly. We can leave it sitting there but it does not need to be used for PAM nor nss. So, let's convert our ctdb cluster with winbind to our ctdb cluster with SSSD. The cluster we are converting is this one.



**EDIT: Now with startup script automation. Here are the relevant changes:

- install ubuntu ctdb and sssd

Edit and create the following files:
/usr/local/samba/etc/smb.conf
[global]
workgroup = ALTEA
realm = ALTEA.SITE
security = ADS
kerberos method = secrets and keytab
netbios name = SMBCLUSTER
clustering = Yes
ctdbd socket = /var/lib/run/ctdb/ctdbd.socket
pid dirctory = /var/run/samba
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No

ln -s /usr/local/samba/etc/smb.conf /etc/samba
mkdir -p /var/lib/samba

/etc/init/samba.conf 
description "SMB/CIFS File and Active Directory Server"
author      "Jelmer Vernooij <jelmer@ubuntu.com>"
start on (local-filesystems and net-device-up)
stop on runlevel [!2345]
expect fork
normal exit 0
pre-start script
[ -r /etc/default/samba4 ] && . /etc/default/samba4
install -o root -g root -m 755 -d /var/run/samba
install -o root -g root -m 755 -d /var/log/samba
end script
exec samba -D

disable it:
echo manual | sudo tee /etc/init/samba.override

/etc/init.d/samba
#!/bin/sh
### BEGIN INIT INFO
# Provides:          samba
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Should-Start:      slapd
# Should-Stop:       slapd
# Short-Description: start Samba daemons (nmbd and smbd)
### END INIT INFO

# Description of this script:
#                    
# This script comes initially from a Debian Squeeze machine on
# which samba 3.x was installed with "apt-get install samba". The script
# was modified/adjusted so it points to the correct paths of a default
# samba4 installation (/usr/local/samba).
#
# Installation instructions:
# (1) copy the content of this script into your clipboard or download it
# (2) save the content into /etc/init.d/samba of your samba4 host.
# (3) execute "chmod +x /etc/init.d/samba" to have the script executable
# (4) execute "update-rc.d samba defaults" to install auto-start function.
#     smbd+nmbd will automatically being started after earch system start/reboot

# Modified by local@#samba~irc.freenode.net at 06th March 2013
# The script was successfully tested on Debian GNU/Linux Squeeze+Wheezy

# Defaults
RUN_MODE="daemons"
# Reads config file (will override defaults above)
[ -r /etc/default/samba ] && . /etc/default/samba
PIDDIR=/var/run/samba
NMBDPID=$PIDDIR/nmbd.pid
SMBDPID=$PIDDIR/smbd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/local/samba/sbin/nmbd -a -x /usr/local/samba/sbin/smbd || exit 0
. /lib/lsb/init-functions
case "$1" in
        start)
                log_daemon_msg "Starting Samba daemons"
                # Make sure we have our PIDDIR, even if it's on a tmpfs
                install -o root -g root -m 755 -d $PIDDIR
                NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
                if [ "$NMBD_DISABLED" != 'Yes' ]; then
                        log_progress_msg "nmbd"
                        if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/nmbd -- -D
                        then
                                log_end_msg 1
                                exit 1
                        fi
                fi

           if [ "$RUN_MODE" != "inetd" ]; then
                        log_progress_msg "smbd"
                        if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/smbd -- -D; then
                                log_end_msg 1
                                exit 1
                        fi
                fi

                log_end_msg 0
                ;;
        stop)
                log_daemon_msg "Stopping Samba daemons"
                log_progress_msg "nmbd"

                start-stop-daemon --stop --quiet --pidfile $NMBDPID
                # Wait a little and remove stale PID file
                sleep 1
                if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
                then
                        # Stale PID file (nmbd was succesfully stopped),
                        # remove it (should be removed by nmbd itself IMHO.)
                        rm -f $NMBDPID
                fi 

                if [ "$RUN_MODE" != "inetd" ]; then
                        log_progress_msg "smbd"
                        start-stop-daemon --stop --quiet --pidfile $SMBDPID
                        # Wait a little and remove stale PID file
                        sleep 1
                        if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
                        then
                                # Stale PID file (nmbd was succesfully stopped),
                                # remove it (should be removed by smbd itself IMHO.)
                                rm -f $SMBDPID
                        fi
                fi
                log_end_msg 0
                ;;
     reload)
                log_daemon_msg "Reloading /usr/local/samba/etc/smb.conf" "smbd only"
                start-stop-daemon --stop --signal HUP --pidfile $SMBDPID
                log_end_msg 0
                ;;
        restart|force-reload)
                $0 stop
                sleep 1
                $0 start
                ;;
        status)
                status="0"
                NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
                if [ "$NMBD_DISABLED" != "Yes" ]; then
                        status_of_proc -p $NMBDPID /usr/local/samba/sbin/nmbd nmbd || status=$?
                fi
                if [ "$RUN_MODE" != "inetd" ]; then
                        status_of_proc -p $SMBDPID /usr/local/samba/sbin/smbd smbd || status=$?
                fi
                if [ "$NMBD_DISABLED" = "Yes" -a "$RUN_MODE" = "inetd" ]; then
                        status="4"
                fi
                exit $status
                ;;
        *)
                echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}"
                exit 1
                ;;
esac

/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = altea.site
[nss]
[pam]
[domain/altea.site]
ad_hostname = smbcluster.altea.site
ad_domain = altea.site
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_id_mapping = false

/etc/default/ctdb
CTDB_NODES=/etc/ctdb/nodes
CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
CTDB_MANAGES_SAMBA=yes
CTDB_SYSLOG=yes
CTDB_DEBUGLEVEL=NOTICE
CTDB_SERVICE_SMB=samba


/etc/ctdb/events.d/50.samba
#!/bin/sh
# ctdb event script for Samba
[ -n "$CTDB_BASE" ] || \
    export CTDB_BASE=$(cd -P $(dirname "$0") ; dirname "$PWD")
. $CTDB_BASE/functions
detect_init_style
case $CTDB_INIT_STYLE in
suse)
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-smb}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-nmb}
;;
debian)
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-samba}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-""}
;;
*)
# Use redhat style as default:
CTDB_SERVICE_SMB=${CTDB_SERVICE_SMB:-smb}
CTDB_SERVICE_NMB=${CTDB_SERVICE_NMB:-""}
;;
esac
service_name="samba"
loadconfig
ctdb_setup_service_state_dir
service_start ()
{
    # make sure samba is not already started
    service "$CTDB_SERVICE_SMB" stop > /dev/null 2>&1
    if [ -n "$CTDB_SERVICE_NMB" ] ; then
service "$CTDB_SERVICE_NMB" stop > /dev/null 2>&1
    fi
    killall -0 -q smbd && {
sleep 1
# make absolutely sure samba is dead
killall -q -9 smbd
    }
    killall -0 -q nmbd && {
sleep 1
# make absolutely sure samba is dead
killall -q -9 nmbd
    }

    # start Samba service. Start it reniced, as under very heavy load
    # the number of smbd processes will mean that it leaves few cycles
    # for anything else
    net serverid wipe
    if [ -n "$CTDB_SERVICE_NMB" ] ; then
nice_service "$CTDB_SERVICE_NMB" start || die "Failed to start nmbd"
    fi
  service "$CTDB_SERVICE_SMB" start || die "Failed to start samba"
}
service_stop ()
{
   service "$CTDB_SERVICE_SMB" stop
if [ -n "$CTDB_SERVICE_NMB" ] ; then
service "$CTDB_SERVICE_NMB" stop
    fi
}
######################################################################
# Show the testparm output using a cached smb.conf to avoid delays due
# to registry access.
smbconf_cache="$service_state_dir/smb.conf.cache"
testparm_foreground_update ()
{
    _timeout="$1"
    if ! _out=$(timeout $_timeout testparm -v -s 2>/dev/null) ; then
if [ -f "$smbconf_cache" ] ; then
   echo "WARNING: smb.conf cache update failed - using old cache file"
   return 1
else
   die "ERROR: smb.conf cache create failed"
fi
    fi
    _tmpfile="${smbconf_cache}.$$"
    # Patterns to exclude...
    pat='^[[:space:]]+(registry[[:space:]]+shares|include|copy|winbind[[:space:]]+separator)[[:space:]]+='  
    echo "$_out" | grep -Ev "$pat" >"$_tmpfile"
    mv "$_tmpfile" "$smbconf_cache" # atomic
    return 0
}
testparm_background_update ()
{
    _timeout="$1"
    testparm_foreground_update $_timeout >/dev/null 2>&1 </dev/null &
}
testparm_cat ()
{
    testparm -s "$smbconf_cache" "$@" 2>/dev/null
}
list_samba_shares ()
{
    testparm_cat |
    sed -n -e 's@^[[:space:]]*path[[:space:]]*=[[:space:]]@@p' |
    sed -e 's/"//g'
}
list_samba_ports ()
{
    testparm_cat --parameter-name="smb ports" |
    sed -e 's@,@ @g'
}
###########################
ctdb_start_stop_service
is_ctdb_managed_service || exit 0
###########################
case "$1" in
     startup)
ctdb_service_start
;;
     shutdown)
ctdb_service_stop
;;
     monitor)
testparm_foreground_update 10
ret=$?
smb_ports="$CTDB_SAMBA_CHECK_PORTS"
if [ -z "$smb_ports" ] ; then
   smb_ports=$(list_samba_ports)
   [ -n "$smb_ports" ] || die "Failed to set smb ports"
fi
ctdb_check_tcp_ports $smb_ports || exit $?
if [ "$CTDB_SAMBA_SKIP_SHARE_CHECK" != "yes" ] ; then
   list_samba_shares | ctdb_check_directories || exit $?
fi
if [ $ret -ne 0 ] ; then
   testparm_background_update 10
fi
;;
    *)
ctdb_standard_event_handler "$@"
;;
esac
exit 0

**EDIT: The original post with ctdb built from source follows:
So, on both nodes.
1. Remove the winbind lines from the PAM stack at /etc/pam.d

2. Install sssd
sudo apt-get install sssd
sudo pam-auth-update
choose sssd

3. Create /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = altea.site
[nss]
[pam]
[domain/altea.site]
ad_hostname = smbcluster.altea.site
ad_domain = altea.site
id_provider = ad
access_provider = ad
auth_provider = ad
ldap_id_mapping = false

4. minimise smb.conf
/usr/local/samba/etc/smb.conf
[global]
workgroup = ALTEA
realm = ALTEA.SITE
security = ADS
kerberos method = secrets and keytab
netbios name = SMBCLUSTER
clustering = Yes
ctdbd socket = /usr/local/var/run/ctdb/ctdbd.socket
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No
[shared]
path = /cluster/shared
force create mode = 0770
read only = No

5. create the keytab
remove any old /etc/krb5.keytab
then:
net ads keytab create -UAdministrator

6. edit the kerberos method line in smb.conf
kerberos method = secrets only

7. substitute sss for winbind in /etc/nsswitch.conf
passwd: files sss
group: files sss

7. Create a start-up script (don't laugh)
#!/bin/bash
case $1 in 
start)
echo tearing down apparmor
sudo service apparmor stop
sudo service apparmor teardown
echo startng sssd
sudo rm /var/lib/sss/db/*
sudo service sssd restart
ps aux|grep sssd
echo starting cluster node 1
echo mounting the cluster partition
sudo drbdadm primary r0
mount /dev/drbd1 /cluster
echo loading ctdbd
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog
echo sleeping
sleep 2
echo starting smbd
sudo smbd
sleep 1

echo starting winbindd

sudo winbindd
echo waiting for cluster, tailing log:
sudo tail -f /var/log/syslog
;;
stop)
echo stopping cluster
sudo umount /cluster
sudo killall ctdbd smbd winbindd
sudo service sssd stop
ps aux|grep ctdbd
ps aux|grep smbd
ps aux|grep winbindd
echo "done"
;;
esac

8. bring it on
** EDIT: now it's just: sudo service ctdb start
sudo ./ctdbcluster start
node 1
a Lubuntu client

13.8.14

ubuntu samba4 cluster: CTDB ocfs2 DRBD

Mr. Shuttleworth and the packagers at Ubuntu do a great job, but clustering is not one of them. Their samba packages are not built with cluster support and their ctdb is broken. To make matters even worse, the latest samba4 comes without winbind AD support. If that hasn't put you off yet, you then find out that the ctdb source doesn't use standard locations for its directories. Open Source at its very best.

conclusion
On Ubuntu, clustering means build it yourself. It can be done and when it's up, it's bulletproof. So, here goes. Breathe deeply and. . .

reference
This guide is an ubuntuified version of our openSUSE cluster post. If you think it's missing here, it'll be there instead.

hardware
Each node needs a minimum of 2 physical network interface cards, one for the cluster traffic between the nodes and the other that goes out to the domain. Here, we use 2 real cards and a virtual bond for the third.

for domain: altea.site
DC: palmera, 192.168.1.132
DNS: palmera, bind9_dlz master for altea.site forwarding 192.168.1.1
node 1: uc1 192.168.1.82, 192.168.1.80, 192.168.1.81 and 192.168.0.10
node 2: uc2 192.168.1.83, 192.168.1.80, 192.168.1.81 and 192.168.0.11
gateway: 192.168.1.1

eth0: domain traffic. nic is disabled
eth1: cluster traffic, no route out
bond0: domain and local traffic bound to eth0

cluster disk
You will need a second disk drive for your cluster data. We have a spare disk installed on each of the nodes which is recognised by fdisk as /dev/sdb. We have partitioned it as /dev/sdb1. We have used sdb1 as the shared storage. Under DRBD the cluster device becomes /dev/drbd1. /dev/drbd1 is formatted with ocfs2. We have drbd primaty:primary with both nodes up and mounted.

DNS
Get this right and the rest is easy.
/etc/hosts
127.0.0.1 localhost
192.168.0.10 uc1
192.168.0.11 uc2

If you know the ifup syntax for bonding and you want to mount the cluster partition on boot:
sudo apt-get install ifenslave-2.6
 /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
bond-master bond0

auto eth1
iface eth1 inet static
address 192.168.0.10
netmask 255.255.255.0

auto bond0
iface bond0 inet static
address 192.168.1.82
gateway 192.168.1.1
netmask 255.255.255.0
dns-nameserver 192.168.1.132
bond-slaves none

If not, use the pretty pictures to set up DNS as follows. Here are the screenshots for setting up networkmanager for uc1 on node1. Repeat for uc2 but using the second set of IPs from above. But be warned that you will have to use ifup if you want to mount the o2cb startup stuff.

install the cluster and kerberos stuff
sudo apt-get install drbd8-utils linux-server ocfs2-tools build-essential libattr1-dev krb5-user libblkid-dev gdb libgnutls-dev libreadline-gplv2-dev python-dev autoconf python-dnspython pkg-config pam-krb5utils libpopt-dev apparmor-utils  ldap-utils  libsasl2-modules-gssapi-mit

download and unpack ctdb-2.5.3.tar.gz
then it's just: 
./configure && make
and install it:
sudo make install

configure the cluster
 /usr/local/etc/ctdb/nodes
192.168.0.10
192.168.0.11
 /usr/local/etc/ctdb/public_addresses
192.168.1.80/24 bond0
192.168.1.81/24 bond0

 /etc/drbd.conf
global {
  usage-count yes;
}
common {
  net {
    protocol C;
  }
}
resource r0 {
 net { 
                allow-two-primaries; 
                after-sb-0pri discard-zero-changes;
                after-sb-1pri discard-secondary;
                after-sb-2pri disconnect;
        }
startup { become-primary-on both; }
  on uc1 {
    device    /dev/drbd1;
    disk      /dev/sdb1;
    address   192.168.0.10:7789;
    meta-disk internal;
  }
  on uc2 {
    device    /dev/drbd1;
    disk      /dev/sdb1;
    address   192.168.0.11:7789;
    meta-disk internal;
  }
}

/etc/ocfs2/cluster.conf
node:
        ip_port = 7777
        ip_address = 192.168.0.10
        number = 1
        name = uc1
        cluster = ocfs2
node:
        ip_port = 7777
        ip_address = 192.168.0.11
        number = 2
        name = uc2
        cluster = ocfs2
cluster:
        node_count = 2
        name = ocfs2

configure the fs
sudo dpkg-reconfigure ocfs2-tools
Setting cluster stack "o2cb": OK
Starting O2CB cluster ocfs2: OK

partition the spare disk
use fdisk to end up with /dev/sdb1 where:
fdisk -l
gives something like:
Disk /dev/sda: 12.9 GB, 12884901888 bytes, 25165824 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000f1bbc

   Device Boot      Start         End      Blocks   Id  System

/dev/sda1            2048     1525759      761856   82  Linux swap / Solaris
/dev/sda2   *     1525760    25165823    11820032   83  Linux

Disk /dev/sdb: 2147 MB, 2147483648 bytes, 4194304 sectors

Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ab2e5

   Device Boot      Start         End      Blocks   Id  System

/dev/sdb1            2048     4194303     2096128   83  Linux

create the drbd metadata on both nodes
sudo drbdadm create-md r0
sudo drbdadm up r0

sync the nodes
Be careful. If you have data you wish to keep on either node then choose that node to begin the sync.
sudo drbdadm primary --force r0
wait for
cat /proc/drbd
to stabilise, then make it active
sudo drbdadm primary r0

format the partition
Unless you just want fail-over, you must use something that doesn't crash if mounted simultaneously.
mkfs -t ocfs2 -N 2 -L ubuntucluster /dev/drbd1

mount it
sudo mkdir /cluster 
sudo mount /dev/drbd1 /cluster
cd /cluster
sudo mkdir users && sudo mkdir profiles && sudo chmod 1777 profiles

samba
download and unpack the latest samba (ATM 4.1.11.tar.gz)
 ./configure --with-cluster-support  --without-ad-dc  --with-shared-modules=idmap_ad --with-ads && make
install it:
sudo make install

/usr/local/samba/etc/samba/smb.conf
[global]
workgroup = ALTEA
netbios name = SMBCLUSTER
realm = ALTEA.SITE
security = ADS
kerberos method = secrets only
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap config * : backend = tdb
idmap config * : range = 19900-19999
idmap config ALTEA : backend  = ad
idmap config ALTEA : range = 20000-4000000
idmap config ALTEA : schema_mode = rfc2307
clustering = Yes
ctdbd socket = /usr/local/var/run/ctdb/ctdb.socket
[users]
path = /cluster/users
read only = No
[profiles]
path = /cluster/profiles
read only = No

winbind
create the stack at /etc/pam.d:
auth sufficient pam_winbind.so
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so 
account sufficient      pam_winbind.so
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so 
account requisite pam_deny.so
account required pam_permit.so
account sufficient pam_localuser.so

create the winbind links:
sudo ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so
sudo ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
sudo cp /usr/local/samba/lib/security/pam_winbind.so /lib/security

start the cluster
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog 

(tail the logs and wait for them to stabilise)

 sudo ctdb status
Number of nodes:2
pnn:0 192.168.0.10     OK (THIS NODE)
pnn:1 192.168.0.11     DISCONNECTED|UNHEALTHY|INACTIVE
Generation:2138318810
Size:1
hash:0 lmaster:0
Recovery mode:NORMAL (0)
Recovery master:0

create a domain user
uidNumber: 3000016
loginShell: /bin/bash
homeDrive: Z:
homeDirectory: \\smbcluster\users\stevep
profilePath: \\smbcluster\profiles\stevep
unixHomeDirectory: /cluster/users/stevep

'posixify' the group Domain Users
gidNumber: 20513

start smbd
sudo smbd

join the domain
on one node only:
net ads join -UAdministrator

start winbind
sudo winbindd

check
id stevep
uid=3000016(stevep) gid=20513(domain users) groups=20513(domain users),19903(BUILTIN\users)

add the round robin A records for the cluster to the DC
 host smbcluster
smbcluster.altea.site has address 192.168.1.81
smbcluster.altea.site has address 192.168.1.80

 ping smbcluster
PING smbcluster.altea.site (192.168.1.80) 56(84) bytes of data.
64 bytes from smbcluster (192.168.1.80): icmp_seq=1 ttl=64 time=0.863 ms

finally
sudo chgrp Domain\ Users /cluster/users && sudo chgrp Domain\ Users /cluster/profiles

Linux client:
sudo mount.cifs //smbcluster/users /cluster/users -osec=krb5,username=cifsuser,multiuser
 su stevep
Password: 
stevep@uc1:/home/steve$ cd ~
stevep@uc1:~$ touch cluster.txt
stevep@uc1:~$ ls -l
total 0
-rw-r--r-- 1 stevep domain users 0 ago 13 10:51 cluster.txt
stevep@uc1:~$ exit

bring up the other node
sudo ctdbd --dbdir=/usr/local/var/lib/ctdb --dbdir-persistent=/usr/local/var/lib/ctdb/persistent --event-script-dir=/usr/local/etc/ctdb/events.d --public-addresses=/usr/local/etc/ctdb/public_addresses --socket=/usr/local/var/run/ctdb/ctdbd.socket --logfile=/var/log/syslog 

sudo drbdadm primary r0

mount /dev/drbd1 /cluster

sudo ctdb enable

sudo ctdb status
Number of nodes:2
pnn:0 192.168.0.10     OK (THIS NODE)
pnn:1 192.168.0.11     OK
Generation:569123968
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0

disable node 1
sudo ctdb disable && sudo ctdb status
Number of nodes:2
pnn:0 192.168.0.10     DISABLED (THIS NODE)
pnn:1 192.168.0.11     OK
Generation:569123968
Size:2
hash:0 lmaster:0
hash:1 lmaster:1
Recovery mode:NORMAL (0)
Recovery master:0

(tail the logs and wait for the takeover to finish)

kill smbd on node 1
 killall smbd
 ps aux|grep smbd
steve    18577  0.0  0.1   7124   840 pts/5    S+   11:07   0:00 grep --color=auto smbd
(wait for the log activity to stabilise)

Back to the Linux workstation, check the fail-over:
stevep@uc1:~$ touch cluster2.txt
stevep@uc1:~$ ls -l
total 0
-rw-r--r-- 1 stevep domain users 0 ago 13 11:09 cluster2.txt
-rw-r--r-- 1 stevep domain users 0 ago 13 10:51 cluster.txt
You now admire your work as you fail-over and fail-back time and time again convincing yourself that it does indeed work. At first, you just don't believe it.

More graphical examples below with both Linux and XP clients working on the same data.

Choose your poison: Ubuntu or XP:
all together now, clusters give you. . .
peace of mind. . .