[Samba] Samba4/Windows DNS replication and administration issue
steve
steve at steve-ss.com
Fri Sep 6 01:08:29 MDT 2013
On Thu, 2013-09-05 at 20:39 -0700, Pete Storkey wrote:
>
> I have tried manually recreating dns.keytab:
>
> # samba-tool domain exportkeytab --principal=DNS/server.domain.com /var/lib/samba/private/dns.keytab
> # samba-tool domain exportkeytab --principal=DNS/windowsserver.domain.com /var/lib/samba/private/dns.keytab
>
That syntax seems wrong.
# samba-tool domain exportkeytab /path/to/dns.keytab
--principal=server1.your.domain
> The contents of dns.keytab are as follows:
>
> # ktutil
> ktutil: read_kt /var/lib/samba/private/dns.keytab
> ktutil: list
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> 1 1 DNS/server.domain.com at DOMAIN.COM
> 2 1 DNS/server.domain.com at DOMAIN.COM
> 3 1 DNS/server.domain.com at DOMAIN.COM
> 4 31 DNS/windowsserver.domain.com at DOMAIN.COM
> 5 31 DNS/windowsserver.domain.com at DOMAIN.COM
> 6 31 DNS/windowsserver.domain.com at DOMAIN.COM
> 7 31 DNS/windowsserver.domain.com at DOMAIN.COM
>
> The problem persists after recreating dns.keytab and restarting Samba and Bind daemons.
>
> Is this the correct way to generate the dns.keytab? Is there anything I'm missing?
Maybe you didn't recreate the keytab? Look for the timestamp:
klist -kte /path/to/dns.keytab
The only difference I can see with our keytab is that we have:
DNS/fqdn at REALM
and
short-hostname at REALM
Maybe this isn't a keytab issue?
HTH
Steve
More information about the samba
mailing list