sysvol replication between ntvfs and s3fs

Michael Wood esiotrot at
Fri Sep 21 03:54:52 MDT 2012


On 21 September 2012 11:27, Daniele Dario <d.dario76 at> wrote:
> I'm trying to use the sync_dc script but I'm stuck at the rsync point:
> from man rsync I see that the line
> rsync -X -A -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING
>       * will access via remote shell (don't need rsyncd on the other
>         side)

Yes, it will use ssh.

>       * will use $dc_account_name\$ as the user which has to
>         authenticate on the ${dc}.${domain} host
> How does rsync authenticate the given account (eg. KDC01$) on the other

rsync does not do the authentication.  ssh does.  So I suspect you
will need to get Kerberos working with ssh for the above to work.

> DC? I thought it would use the kerberos ticket got by kinit but trying
> to replicate on the shell the commands I get
> [root at kdc01:~/tmp]# export KRB5CCNAME=/tmp/sync.$$
> [root at kdc01:~/tmp]# kinit -k -t /usr/local/samba/private/secrets.keytab
> KDC01$
> [root at kdc01:~/tmp]# klist -l
>   Name                        Cache name      Expires
> KDC01$@SAITELITALIA.LOCAL   /tmp/krb5cc_0   Sep 21 20:44:52
> [root at kdc01:~/tmp]# rsync -X -A -u -a KDC01
> $@kdc02.saitelitalia.local:/usr/local/samba/var/locks/sysvol .
> Warning: Permanently added the ECDSA host key for IP address
> '' to the list of known hosts.
> KDC01$@kdc02.saitelitalia.local's password:
> I don't know the KDC01$ password and I think that that account is the
> machine account which is present in the domain not on the host so I
> guess it should not authenticate in this way.
> In my /etc/nsswitch.conf I have
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
> hosts:          files dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netgroup:       nis
> Am I missing something?
> Thanks in advance,
> Daniele.

Michael Wood <esiotrot at>

More information about the samba-technical mailing list