sysvol replication between ntvfs and s3fs
Michael Wood
esiotrot at gmail.com
Fri Sep 21 03:54:52 MDT 2012
Hi
On 21 September 2012 11:27, Daniele Dario <d.dario76 at gmail.com> wrote:
[...]
> I'm trying to use the sync_dc script but I'm stuck at the rsync point:
> from man rsync I see that the line
>
> rsync -X -A -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING
>
> * will access via remote shell (don't need rsyncd on the other
> side)
Yes, it will use ssh.
> * will use $dc_account_name\$ as the user which has to
> authenticate on the ${dc}.${domain} host
>
> How does rsync authenticate the given account (eg. KDC01$) on the other
rsync does not do the authentication. ssh does. So I suspect you
will need to get Kerberos working with ssh for the above to work.
> DC? I thought it would use the kerberos ticket got by kinit but trying
> to replicate on the shell the commands I get
>
> [root at kdc01:~/tmp]# export KRB5CCNAME=/tmp/sync.$$
> [root at kdc01:~/tmp]# kinit -k -t /usr/local/samba/private/secrets.keytab
> KDC01$
> [root at kdc01:~/tmp]# klist -l
> Name Cache name Expires
> KDC01$@SAITELITALIA.LOCAL /tmp/krb5cc_0 Sep 21 20:44:52
> [root at kdc01:~/tmp]# rsync -X -A -u -a KDC01
> $@kdc02.saitelitalia.local:/usr/local/samba/var/locks/sysvol .
> Warning: Permanently added the ECDSA host key for IP address
> '192.168.12.2' to the list of known hosts.
> KDC01$@kdc02.saitelitalia.local's password:
>
> I don't know the KDC01$ password and I think that that account is the
> machine account which is present in the domain not on the host so I
> guess it should not authenticate in this way.
>
> In my /etc/nsswitch.conf I have
>
> passwd: compat winbind
> group: compat winbind
> shadow: compat
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> Am I missing something?
>
> Thanks in advance,
> Daniele.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list