[Samba] Samba4-AD - named.conf
Matthieu Patou
mat at samba.org
Mon Feb 14 04:25:02 MST 2011
On 14/02/2011 12:49, nc-codewete at netcologne.de wrote:
> Hello Matthieu,
>
> I followed exactly the steps of this howto, but when I checked the
> named.conf by "using named -d9 -g -c /etc/bind9/named.conf", I got a
> the error "failed to acquire accept credentials for
> DNS/samba.example.net: GSSAPI error: Major = Unspecified GSS failure.
> Minor code may provide more information, Minor = Permission denied.".
>
> I had set the owner to bind:bind before I set the permisson 644 and it
> wasn't working well.
>
> Now it's working all fine and by the way: Samba4 is a great work :o)
>
> Also I never used Kerberos before and I'm now happy about this. It's
> just great!
But in the same time you put your security at risk, what is the owner of
the bind process (ie. ps axu | grep bind), you should really limitate
the right to the bind user (or what ever is it called, also you should
check if the bind user has rights to go through the upper directories).
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba
mailing list