diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/libjs/provision.js | 2 | ||||
-rw-r--r-- | source4/setup/named.conf | 10 |
2 files changed, 7 insertions, 5 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index ca0fedf97b..fd6de2695f 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -380,6 +380,7 @@ function provision_default_paths(subobj) paths.secrets = lp.get("secrets database"); paths.keytab = "secrets.keytab"; paths.dns_keytab = "dns.keytab"; + paths.dns_keytab_abs = lp.get("private dir") + "/" + paths.dns_keytab; paths.dns = lp.get("private dir") + "/" + dnsdomain + ".zone"; paths.named_conf = lp.get("private dir") + "/named.conf"; paths.winsdb = "wins.ldb"; @@ -478,6 +479,7 @@ function provision_fix_subobj(subobj, paths) subobj.SAM_LDB = "tdb://" + paths.samdb; subobj.SECRETS_KEYTAB = paths.keytab; subobj.DNS_KEYTAB = paths.dns_keytab; + subobj.DNS_KEYTAB_ABS = paths.dns_keytab_abs; subobj.LDAPDIR = paths.ldapdir; var ldap_path_list = split("/", paths.ldapdir); diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 6f97adf644..17beb7a2d7 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -22,15 +22,15 @@ zone "${DNSDOMAIN}." IN { # for named: KRB5_KTNAME so that it points to the keytab generated. # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following # line to the /etc/sysconfig/named file: -# export KRB5_KTNAME=${DNS_KEYTAB} +# export KRB5_KTNAME=${DNS_KEYTAB_ABS} # # Please note that most distributions have BIND configured to run under # a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as # the user "named" once the daemon relinquishes its rights. Therefore, -# the file "dns.keytab" must be readable by the user that BIND run as. -# If BIND is running as a non-root user, the "dns.keytab" file must have its +# the file "${DNS_KEYTAB}" must be readable by the user that BIND run as. +# If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its # permissions altered to allow thge daemon to read it. In the FC6 # example, execute the commands: # -# chgrp named /usr/local/samba/private/dns.keytab -# chmod g+r /usr/local/samba/private/dns.keytab +# chgrp named ${DNS_KEYTAB_ABS} +# chmod g+r ${DNS_KEYTAB_ABS} |