[Samba] dns.keytab

Andrew Bartlett abartlet at samba.org
Sat Jun 12 04:45:14 MDT 2010


On Fri, 2010-06-11 at 07:41 -0600, Ibrahim Hamouda wrote:
> Hi guys
> 	I setup my samba4 server with provision. (pdc1)
> 	Then I setup a DC using net vampire after rolling back to commit 62e0a74 to bypass mdw updates that broke net vampire. (pdc2)
> 	I had to manually add to the zone in pdc1 the follwoing records to get replication to work:
> 
> 	I made all the modifications in named.txt to bind
> 	
> 	pdc2	IN	A	192.168.48.236
> 	<PDC2-GUID>._msdsc	IN CNAME	pdc2
> 	
> 	
> 	scp the dns.keytab file from pdc1 to pdc2

You should not scp the keytab file anywhere - BIND is only
single-master, and so there is only one server that can update DNS, and
so only one server to put dns.keytab on. 

> 	modified smb.conf on pdc2 as follows
> 
> 	nsupdate command = /usr/bin/nsupdate -v -k /usr/local/samba/private/dns.keytab

Where did you get that command from?

> 	The dns update doesn't happen:
> 
> 	on pdc2 i get the following message:
> 
> 	11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown option '...'
> 	11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown option '(...'
> 	11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unexpected token near end of file
> 	could not read key from /usr/local/samba/private/dns.keytab: unexpected token
> 
> 	Any ideas what am I doing wrong?

Don't set the nsupdate command unless you have configured static keys.
(which means a key file you have generated, not the samba-managed
Kerberos keytab)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100612/4695feab/attachment.pgp>


More information about the samba mailing list