Samba AD and Bind
asn at samba.org
Fri Aug 4 09:42:35 UTC 2017
we have a bind_dlz module so that Bind can be used as a nameserver. The files
needed by bind (beside the module) are the tsig and config file.
Those are located in the Samba private directory!
Distributions limit the access to the private directory to root and give it
0700 as the permissions.
As the 'named' of bind needs to access to those files it wants access to the
private directory but it is not allowed.
I think if an external daemon wants to have access to some samba resources,
the private directory is the wrong place.
So instead of
there should be probably
and all the files required by bind should go there. Then we could give 'named'
access to that directory!
named:root with 0770 for the permissions ...
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
More information about the samba-technical