[Samba] why is idmap uid / gid needed for ACLs?

Mark Proehl M.Proehl at science-computing.de
Thu May 18 11:29:50 GMT 2006


why do I have to specify idmap uid and idmap gid ranges to have
filesystem ACLs working?

My environment is a samba controlled domain. All Unix account
information is stored in LDAP. 

In samba-3.0.14a it was possible to use winbind in "netlogon proxy
only" mode (i.e. no ranges for idmap uid / gid) so that filesystem
acls could be set from XP. 3.0.22 refuses to set ACLs until I
configure a dummy range. That dummy range is never used. I actually
made the following settins:

        idmap uid = 80000-80000
        idmap gid = 80000-80000


More information about the samba mailing list