Hello Matthieu,
here my settings:
chown bind.bind /usr/local/samba/private/dns.keytab;
chown bind.bind /usr/local/samba/private/named.conf;
chmod 644 /usr/local/samba/private/dns.keytab;
chmod 644 /usr/local/samba/private/named.conf;
This was the only changes.
I have checked the logs and found no errors about permissions-problems
and no other errors.
It's this really a security-problem?
Many thanks
Bert
Am 14.02.2011 12:25, schrieb Matthieu Patou:
On 14/02/2011 12:49, [email protected] wrote:
Hello Matthieu,
I followed exactly the steps of this howto, but when I checked the
named.conf by "using named -d9 -g -c /etc/bind9/named.conf", I got a
the error "failed to acquire accept credentials for
DNS/samba.example.net: GSSAPI error: Major = Unspecified GSS failure.
Minor code may provide more information, Minor = Permission denied.".
I had set the owner to bind:bind before I set the permisson 644 and
it wasn't working well.
Now it's working all fine and by the way: Samba4 is a great work :o)
Also I never used Kerberos before and I'm now happy about this. It's
just great!
But in the same time you put your security at risk, what is the owner
of the bind process (ie. ps axu | grep bind), you should really
limitate the right to the bind user (or what ever is it called, also
you should check if the bind user has rights to go through the upper
directories).
Matthieu.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
