Samba AD and Bind
Andreas Schneider
asn at samba.org
Mon Aug 14 16:12:46 UTC 2017
On Tuesday, 8 August 2017 12:22:10 CEST Andreas Schneider via samba-technical
wrote:
> > > As the 'named' of bind needs to access to those files it wants access to
> > > the private directory but it is not allowed.
> > >
> > > I think if an external daemon wants to have access to some samba
> > > resources,
> > > the private directory is the wrong place.
> > >
> > > So instead of
> > >
> > > ${LOCALSTATEDIR}/lib/samba/private
> > >
> > > there should be probably
> > >
> > > ${LOCALSTATEDIR}/lib/samba/bind_dns
> >
> > That seems reasonable.
>
> Ok, I will implement it that way. We should have that fixed in 4.7.
>
Hi Andrew,
I've implemented that we create the 'private dir' with 0700 and that we have a
bind-dns directory with 0770. There is a smb.conf option 'binddns dir' for
that now. So if you have provisioned a domain controller with an earlier
version and have set permissions to the 'private dir' that bind can access it
you can simple set 'binddns dir = /var/lib/samba/private' and it should still
work (I need to test it to confirm).
You can find the patches here:
https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-bind_dlz
Should we support some kind of automatic migration from older installations to
Samba 4.7 or is just adding a note to WHATSNEW.txt enought to set:
binddns dir = /var/lib/samba/private
If we want to have a migration path how are domaincontrollers upgraded and how
should we support it?
Any suggestions?
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list