summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/libjs/provision.js2
-rw-r--r--source4/setup/named.conf10
2 files changed, 7 insertions, 5 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ca0fedf97b..fd6de2695f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -380,6 +380,7 @@ function provision_default_paths(subobj)
paths.secrets = lp.get("secrets database");
paths.keytab = "secrets.keytab";
paths.dns_keytab = "dns.keytab";
+ paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab;
paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone";
paths.named_conf = lp.get("private dir") + "/named.conf";
paths.winsdb = "wins.ldb";
@@ -478,6 +479,7 @@ function provision_fix_subobj(subobj, paths)
subobj.SAM_LDB = "tdb://" + paths.samdb;
subobj.SECRETS_KEYTAB = paths.keytab;
subobj.DNS_KEYTAB = paths.dns_keytab;
+ subobj.DNS_KEYTAB_ABS = paths.dns_keytab_abs;
subobj.LDAPDIR = paths.ldapdir;
var ldap_path_list = split("/", paths.ldapdir);
diff --git a/source4/setup/named.conf b/source4/setup/named.conf
index 6f97adf644..17beb7a2d7 100644
--- a/source4/setup/named.conf
+++ b/source4/setup/named.conf
@@ -22,15 +22,15 @@ zone "${DNSDOMAIN}." IN {
# for named: KRB5_KTNAME so that it points to the keytab generated.
# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following
# line to the /etc/sysconfig/named file:
-# export KRB5_KTNAME=${DNS_KEYTAB}
+# export KRB5_KTNAME=${DNS_KEYTAB_ABS}
#
# Please note that most distributions have BIND configured to run under
# a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as
# the user "named" once the daemon relinquishes its rights. Therefore,
-# the file "dns.keytab" must be readable by the user that BIND run as.
-# If BIND is running as a non-root user, the "dns.keytab" file must have its
+# the file "${DNS_KEYTAB}" must be readable by the user that BIND run as.
+# If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its
# permissions altered to allow thge daemon to read it. In the FC6
# example, execute the commands:
#
-# chgrp named /usr/local/samba/private/dns.keytab
-# chmod g+r /usr/local/samba/private/dns.keytab
+# chgrp named ${DNS_KEYTAB_ABS}
+# chmod g+r ${DNS_KEYTAB_ABS}