thr3ads.net - samba - [Samba] Possible small bug discovered in Samba4 dc sernet + bind9 (Debian) [Mar 2014]

If this information is useful, please help other people find it:
Share via:

Oscar Aparicio Holgado

2014-Mar-05 22:31 UTC

[Samba] Possible small bug discovered in Samba4 dc sernet + bind9 (Debian)

Hi all.
I have installed sernet-samba-ad success with bind9 from Debian repositories.
I added:
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; in
/etc/bind/named.conf.options
and then i added:
include "/var/lib/samba/private/named.conf"; in
/etc/bind/named.conf.local
After doing this two steps and modified /etc/resolv.conf when you restart bind9
it says error "unable to read /etc/bind/named.conf.local, access
denied" Some of the files have root:bind permissions, but
/var/lib/samba/private folder have this permissions:
drwxr-x---   7 root root      4096 mar  5 23:20 private
And with this config bind is unable to read some files in that folder, possibly
in dns folder.
if i change the permissions as this:
drwxr-xr-x   7 root root      4096 mar  5 23:20 private
Then now you can restart safely bind9 and no more errors of denied files. Would
you please confirm this small bug?

Thanks all.

Oscar Aparicio Holgado

2014-Mar-05 22:36 UTC

head link

[Samba] Possible small bug discovered in Samba4 dc sernet + bind9 (Debian)

Another tip:
better do (more secure):
chown root:bind /var/lib/samba/private/chmod 750 var/lib/samba/private/
> From: pelucheloko at hotmail.com
> To: samba at lists.samba.org
> Date: Wed, 5 Mar 2014 23:31:01 +0100
> Subject: [Samba] Possible small bug discovered in Samba4 dc sernet + bind9
(Debian)
> 
> Hi all.
> I have installed sernet-samba-ad success with bind9 from Debian
repositories.
> I added:
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; in
/etc/bind/named.conf.options
> and then i added:
> include "/var/lib/samba/private/named.conf"; in
/etc/bind/named.conf.local
> After doing this two steps and modified /etc/resolv.conf when you restart
bind9 it says error "unable to read /etc/bind/named.conf.local, access
denied" Some of the files have root:bind permissions, but
/var/lib/samba/private folder have this permissions:
> drwxr-x---   7 root root      4096 mar  5 23:20 private
> And with this config bind is unable to read some files in that folder,
possibly in dns folder.
> if i change the permissions as this:
> drwxr-xr-x   7 root root      4096 mar  5 23:20 private
> Then now you can restart safely bind9 and no more errors of denied files.
Would you please confirm this small bug?
> 
> Thanks all. 		 	   		  
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Maybe Matching Threads

Search for more reasonably related threads

samba - Mar 2014 - Possible small bug discovered in Samba4 dc sernet + bind9 (Debian)

[Samba] Possible small bug discovered in Samba4 dc sernet + bind9 (Debian)

[Samba] Possible small bug discovered in Samba4 dc sernet + bind9 (Debian)

Maybe Matching Threads