[Samba] dns.keytab
Andrew Bartlett
abartlet at samba.org
Sat Jun 12 04:45:14 MDT 2010
On Fri, 2010-06-11 at 07:41 -0600, Ibrahim Hamouda wrote:
> Hi guys
> I setup my samba4 server with provision. (pdc1)
> Then I setup a DC using net vampire after rolling back to commit 62e0a74 to bypass mdw updates that broke net vampire. (pdc2)
> I had to manually add to the zone in pdc1 the follwoing records to get replication to work:
>
> I made all the modifications in named.txt to bind
>
> pdc2 IN A 192.168.48.236
> <PDC2-GUID>._msdsc IN CNAME pdc2
>
>
> scp the dns.keytab file from pdc1 to pdc2
You should not scp the keytab file anywhere - BIND is only
single-master, and so there is only one server that can update DNS, and
so only one server to put dns.keytab on.
> modified smb.conf on pdc2 as follows
>
> nsupdate command = /usr/bin/nsupdate -v -k /usr/local/samba/private/dns.keytab
Where did you get that command from?
> The dns update doesn't happen:
>
> on pdc2 i get the following message:
>
> 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown option '...'
> 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown option '(...'
> 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unexpected token near end of file
> could not read key from /usr/local/samba/private/dns.keytab: unexpected token
>
> Any ideas what am I doing wrong?
Don't set the nsupdate command unless you have configured static keys.
(which means a key file you have generated, not the samba-managed
Kerberos keytab)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100612/4695feab/attachment.pgp>
More information about the samba
mailing list