[Samba] Samba4-AD - named.conf

Matthieu Patou mat at samba.org
Mon Feb 14 04:25:02 MST 2011

On 14/02/2011 12:49, nc-codewete at netcologne.de wrote:
> Hello Matthieu,
> I followed exactly the steps of this howto, but when I checked the 
> named.conf by "using named -d9 -g -c /etc/bind9/named.conf", I got a 
> the error "failed to acquire accept credentials for 
> DNS/samba.example.net: GSSAPI error: Major = Unspecified GSS failure. 
> Minor code may provide more information, Minor = Permission denied.".
> I had set the owner to bind:bind before I set the permisson 644 and it 
> wasn't working well.
> Now it's working all fine and by the way: Samba4 is a great work :o)
> Also I never used Kerberos before and I'm now happy about this. It's 
> just great!
But in the same time you put your security at risk, what is the owner of 
the bind process (ie. ps axu | grep bind), you should really limitate 
the right to the bind user (or what ever is it called, also you should 
check if the bind user has rights to go through the upper directories).


Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba mailing list