Samba AD and Bind

Andreas Schneider asn at
Fri Aug 4 09:42:35 UTC 2017

Hi Andrew,

we have a bind_dlz module so that Bind can be used as a nameserver. The files 
needed by bind (beside the module) are the tsig and config file.

Those are located in the Samba private directory!

Distributions limit the access to the private directory to root and give it 
0700 as the permissions.

As the 'named' of bind needs to access to those files it wants access to the 
private directory but it is not allowed.

I think if an external daemon wants to have access to some samba resources, 
the private directory is the wrong place.

So instead of


there should be probably


and all the files required by bind should go there. Then we could give 'named' 
access to that directory!

named:root with 0770 for the permissions ...



Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list