On ma, 09 maalis 2020, Dario Lesca wrote:
Il giorno lun, 09/03/2020 alle 13.17 +0200, Alexander Bokovoy ha
scritto:
It is independent of Kerberos implementation, so affects both types
of
deployment.
Ok, it's a generic samba problem.
It's right if I fill a bug on samba bugzilla?
Yes.
I tried to create a configuration where named.conf is used to supply an
update ACL to a zone hosted by Samba DLZ module and it didn't work
because for a master zone specified explicitly in named.conf Bind
expects a full definition, including 'file ..' statemenet. Since the
zone is stored in DLZ database plugin, it directly overlaps with that.
As result, it looks like it is impossible to specify ACL to DLZ-provided
DNS zone other than through DLZ itself.
You can add rules in the named.conf but they would be static,
effectively. They are typically static anyway, so this is not a big
loss.
Ok, thanks, but what kind of rule and where I must add in named.conf?
In options session or zone session?
Note that there is not a zone called "fedora.loc" in my named.conf, but
only a include "/var/lib/samba/bind-dns/named.conf", witch contain.
dlz "AD DNS Zone" {
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_11.so";
};
See above, it is not going to work, as I found out.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx