With the release of Samba 4, there’s now the possibility of running an Active Directory-compatible controller on most *nixes out there. Don’t get me wrong about the real Active Directory solution from Microsoft out there, it’s a great solution for larger enterprises, but for the others out there who are either too restricted in terms of budgeting or just don’t want to touch a Microsoft Windows Server for Active Directory; Samba 4 can be a good option.
Up until now, using a Samba 4 AD domain controller for a Microsoft Failover Cluster is almost next to impossible as the validation pages fail on this error:
An error occurred while executing the test.
There was an error initializing the network tests.
There was an error creating the server side agent (CPrepSrv).
Creating an instance of the COM component with CLSID {E1568352-586D-43E4-933F-8E6DC4DE317A} from the IClassFactory failed due to the following error: 80070721 A security package specific error occurred. (Exception from HRESULT: 0x80070721).
Fortunately there is a way to temporarily resolve this issue. That solution is to add any value to the servicePrincipalName attribute via ADSI Edit or the Active Directory Users and Computers MMC snap-in. (Sorry folks, can’t use Active Directory Administrative Center as Samba4 doesn’t currently emulate an AD DS Web Service server…). And yes the people at the Samba project are aware about this “bug” due to the way of a developer interpreting how the security should have been implemented. (Sorry Andrew, I didn’t mean to throw you under the bus 😉
After adding that attribute, you should be able to validate successfully and have a fully functional Hyper-V cluster for almost next to nothing. (Except the cost of a Windows 8 Pro license)
Edit: Apologies of me being a little ambiguous on “any value” to the servicePrincipleName attribute. What I really meant was setting a non-NULL value on servicePrincipalName on the user who’s performing the validation checks and forming the cluster, not the computer account of the cluster member.