The bind_dlz config should not be stored in the private directory.
The private directory should have permissions 0700 and only samba (root) should have access to it.
bind_dns should have its own directory and so we can give named access to it.
(In reply to Andreas Schneider from comment #0)
Don't we already have a directory for this? The one where we store the hardlinks
of the sam.ldb* files. So we just need to move the config files to the same directory?
That directory is inside the private directory! So it doesn't really help.
My WIP branch is here:
Will be fixed with 4.8.0
Fixed in master with 2d0e13837d8c6fab3fb296aafcabdf2a2973b96d