NT_STATUS_LOGON_FAILURE when rollout restart a Samba Statefulset with CTDB feature

[FTS152]

Hi, I am trying to deploy a Samba service with CTDB support on a bare-metal k3s cluster, here is my environment:

NAME        STATUS   ROLES                       AGE   VERSION
k8s-test2   Ready    control-plane,etcd,master   20d   v1.24.4+k3s1
k8s-test3   Ready    control-plane,etcd,master   20d   v1.24.4+k3s1
k8s-test4   Ready    control-plane,etcd,master   20d   v1.24.4+k3s1

I use rook-ceph as my backend storage and metalLB as my load balancer:

NAME                   PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
local-path (default)   rancher.io/local-path           Delete          WaitForFirstConsumer   false                  20d
rook-cephfs            rook-ceph.cephfs.csi.ceph.com   Delete          Immediate              true                   20d

NAMESPACE               NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
samba-operator-system   smbshare1-pvc     Bound    pvc-738b3752-952d-47b5-a25a-8504ab36c744   100Gi      RWX            rook-cephfs    5d22h
samba-operator-system   smbshare1-state   Bound    pvc-649423f5-60cf-4505-baf1-2a5bdc5476ae   10Gi       RWX            rook-cephfs    10m

I deploy a Samba statefulset with minClusterSize=3 and so far so good:

NAME                                                 READY   STATUS    RESTARTS        AGE
samba-operator-controller-manager-677c5f7c47-6m4hv   2/2     Running   9 (4d22h ago)   20d
smbshare1-0                                          4/4     Running   1 (13m ago)     13m
smbshare1-1                                          4/4     Running   0               13m
smbshare1-2                                          4/4     Running   1 (12m ago)     12m

NAME                                                TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)         AGE
samba-operator-controller-manager-metrics-service   ClusterIP      10.43.12.21     <none>         8443/TCP        20d
smbshare1                                           LoadBalancer   10.43.27.1      10.20.91.127   445:31108/TCP   14m

However when I restart samba by kubectl rollout restart without any changes, I cannot login to samba server anymore after rolling update is done:

root@k8s-test4:~/samba-service# smbclient '//10.20.91.127/smbshare1' -U smbuser1 -p 445
Enter WORKGROUP\smbuser1's password:
session setup failed: NT_STATUS_LOGON_FAILURE

What I figured out are that account_policy.tdb, group_mapping.tdb and registry.tdb disappeared in /var/lib/samba in the pod, and some error messages in log file of samba container:

2022-10-11 03:47:44,961: INFO: Enabling ctdb in samba config file
Failed to initialize the registry: WERR_FILE_NOT_FOUND
Can't load /etc/samba/smb.conf - run testparm to debug it
smbd - Failed to load config file!

Also samba share information is lost in registry in the pod. Any ideas? Thanks.