dns.keytab

Gémes Géza geza at kzsdabas.hu
Sun Dec 18 02:04:31 MST 2011


Hi,

First of all as I'm not the most authoritative source of information
please remain on the samba-technical mailing list (this thread could be
beneficial to others too).


> run and export keytab  and chmod 777 (for test)
> > samba-tool domain exportkeytab/usr/local/samba/private/dns.keytab
> --realm=samba.example.com <http://samba.example.com>
>
> but on restart bind
> see this error?
>
> default realm from krb5.conf (samba.example.com
> <http://samba.example.com>) does not match tkey-gssapi-credential
> (DNS/samba4.samba.example.com <http://samba4.samba.example.com>)
> configuring TKEY: failure
>  loading configuration: failure
> exiting (due to fatal error)
>
> what happen?
>
> On Sat, Dec 17, 2011 at 5:18 PM, Gémes Géza <geza at kzsdabas.hu
> <mailto:geza at kzsdabas.hu>> wrote:
>
>     2011-12-17 11:23 keltezéssel, Mohammad Ebrahim Abravi írta:
>     > Hello
>     >
>     > how to recreate dns.keytab (/usr/local/samba/private/dns.keytab) ?
>     see samba-tool domain exportkeytab --help
>
>
Second: the error message suggest some kind of misconfiguration. In
order to debug it we would need the following informations:
Samba version: samba -V
Bind9 version
Bind9 config file

BTW with samba-tool domain exportkeytab --principal you can export just
the needed keys: DNS/your-samba4s-fully-qualified-hostname
(DNS/samba4.samba.example.com in your case) and dns-samba4shorthostname
(dns-samba4 in your case)

Regards

Geza


More information about the samba-technical mailing list