[Samba] Samba4-AD - named.conf
nc-codewete at netcologne.de
nc-codewete at netcologne.de
Mon Feb 14 13:34:57 MST 2011
Hello Matthieu,
here my settings:
chown bind.bind /usr/local/samba/private/dns.keytab;
chown bind.bind /usr/local/samba/private/named.conf;
chmod 644 /usr/local/samba/private/dns.keytab;
chmod 644 /usr/local/samba/private/named.conf;
This was the only changes.
I have checked the logs and found no errors about permissions-problems
and no other errors.
It's this really a security-problem?
Many thanks
Bert
Am 14.02.2011 12:25, schrieb Matthieu Patou:
> On 14/02/2011 12:49, nc-codewete at netcologne.de wrote:
>> Hello Matthieu,
>>
>> I followed exactly the steps of this howto, but when I checked the
>> named.conf by "using named -d9 -g -c /etc/bind9/named.conf", I got a
>> the error "failed to acquire accept credentials for
>> DNS/samba.example.net: GSSAPI error: Major = Unspecified GSS failure.
>> Minor code may provide more information, Minor = Permission denied.".
>>
>> I had set the owner to bind:bind before I set the permisson 644 and
>> it wasn't working well.
>>
>> Now it's working all fine and by the way: Samba4 is a great work :o)
>>
>> Also I never used Kerberos before and I'm now happy about this. It's
>> just great!
> But in the same time you put your security at risk, what is the owner
> of the bind process (ie. ps axu | grep bind), you should really
> limitate the right to the bind user (or what ever is it called, also
> you should check if the bind user has rights to go through the upper
> directories).
>
> Matthieu.
>
More information about the samba
mailing list