diff --git a/roles/samba-dc/vars/main.yml b/roles/samba-dc/vars/main.yml
index c19c8b5..9f74cd8 100644
--- a/roles/samba-dc/vars/main.yml
+++ b/roles/samba-dc/vars/main.yml
@@ -1,10 +1,16 @@
 samba_selinux_contexts:
 - path: /var/lib/samba/bind-dns/dns.keytab
   setype: named_conf_t
+- path: /var/lib/samba/private/dns.keytab
+  setype: named_conf_t
 - path: /var/lib/samba/bind-dns/named.conf.*
   setype: named_conf_t
 - path: /var/lib/samba/bind-dns/dns(/.*)?
   setype: named_var_run_t
+- path: /var/lib/samba/private/sam.ldb.d/metadata.tdb
+  setype: named_var_run_t
+- path: /var/lib/samba/private/sam.ldb.d/.*DNSZONES.*\.ldb
+  setype: named_var_run_t
 samba_firewall:
 - dns
 - kerberos