On Fri, 2010-06-11 at 07:41 -0600, Ibrahim Hamouda wrote: > Hi guys > I setup my samba4 server with provision. (pdc1) > Then I setup a DC using net vampire after rolling back to commit > 62e0a74 to bypass mdw updates that broke net vampire. (pdc2) > I had to manually add to the zone in pdc1 the follwoing records to get > replication to work: > > I made all the modifications in named.txt to bind > > pdc2 IN A 192.168.48.236 > <PDC2-GUID>._msdsc IN CNAME pdc2 > > > scp the dns.keytab file from pdc1 to pdc2
You should not scp the keytab file anywhere - BIND is only single-master, and so there is only one server that can update DNS, and so only one server to put dns.keytab on. > modified smb.conf on pdc2 as follows > > nsupdate command = /usr/bin/nsupdate -v -k > /usr/local/samba/private/dns.keytab Where did you get that command from? > The dns update doesn't happen: > > on pdc2 i get the following message: > > 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown > option '...' > 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown > option '(...' > 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: > unexpected token near end of file > could not read key from /usr/local/samba/private/dns.keytab: unexpected > token > > Any ideas what am I doing wrong? Don't set the nsupdate command unless you have configured static keys. (which means a key file you have generated, not the samba-managed Kerberos keytab) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
