sysvol replication between ntvfs and s3fs

[Michael Wood]

Hi Daniele

On 21 September 2012 14:41, Daniele Dario <d.dario76 at gmail.com> wrote:
> Hi Michael,
>
> On Fri, 2012-09-21 at 11:54 +0200, Michael Wood wrote:
>> Hi
>>
>> On 21 September 2012 11:27, Daniele Dario <d.dario76 at gmail.com> wrote:
>> [...]
>> > I'm trying to use the sync_dc script but I'm stuck at the rsync point:
>> > from man rsync I see that the line
>> >
>> > rsync -X -A -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING
>> >
>> >       * will access via remote shell (don't need rsyncd on the other
>> >         side)
>>
>> Yes, it will use ssh.
>>
>> >       * will use $dc_account_name\$ as the user which has to
>> >         authenticate on the ${dc}.${domain} host
>> >
>> > How does rsync authenticate the given account (eg. KDC01$) on the other
>>
>> rsync does not do the authentication.  ssh does.  So I suspect you
>> will need to get Kerberos working with ssh for the above to work.
>>
> [...]
>
> ok thanks.
>
> I'm trying to follow some topic on the internet which tells to:
>
> assert in ssh_config (for the client)
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
> GSSAPITrustDns yes
>
> on sshd_config enable
> KerberosAuthentication yes
> KerberosOrLocalPasswd yes
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
>
> and don't use PAM.
>
> With this config I can't get it working so please can you point me in the right direction?

I've never tried to get ssh working with Kerberos.

You could try doing this on the server:

# /usr/sbin/sshd -p 222 -ddd

That will run another copy of sshd on port 222 in debugging mode.

Then on the client:

# ssh -vvv -p 222 server

And see if you can figure out from the debug messages what is going wrong.

Otherwise you could use SSH with a passwordless key, but that's
obviously less secure.

> Both DCs are working on Ubuntu 11.04 x86 server.
>
> Thanks in advance,
> Daniele.

-- 
Michael Wood <esiotrot at gmail.com>