From: Andrew Bartlett on
On Fri, 2010-06-11 at 07:41 -0600, Ibrahim Hamouda wrote:
> Hi guys
> I setup my samba4 server with provision. (pdc1)
> Then I setup a DC using net vampire after rolling back to commit 62e0a74 to bypass mdw updates that broke net vampire. (pdc2)
> I had to manually add to the zone in pdc1 the follwoing records to get replication to work:
> I made all the modifications in named.txt to bind
> pdc2 IN A
> <PDC2-GUID>._msdsc IN CNAME pdc2
> scp the dns.keytab file from pdc1 to pdc2

You should not scp the keytab file anywhere - BIND is only
single-master, and so there is only one server that can update DNS, and
so only one server to put dns.keytab on.

> modified smb.conf on pdc2 as follows
> nsupdate command = /usr/bin/nsupdate -v -k /usr/local/samba/private/dns.keytab

Where did you get that command from?

> The dns update doesn't happen:
> on pdc2 i get the following message:
> 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown option '...'
> 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unknown option '(...'
> 11-Jun-2010 07:30:16.956 /usr/local/samba/private/dns.keytab:1: unexpected token near end of file
> could not read key from /usr/local/samba/private/dns.keytab: unexpected token
> Any ideas what am I doing wrong?

Don't set the nsupdate command unless you have configured static keys.
(which means a key file you have generated, not the samba-managed
Kerberos keytab)

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Developer, Cisco Inc.