[Samba] security = user, LDAP, and adding users to ACLs

Shammah Chancellor shammah at dri.edu
Thu Dec 6 20:29:37 GMT 2007



I seem to be able to add users to ACLs from windows due to an "Name Not 
Found" error when looking up a username.  According to what I have been 
able to find, you cannot browse users on a samba server from windows 
without winbind and "security = domain/ads".   However, winbind does not 
have any place in my environment aside from remedying this problem.   Is 
there some alternative to enable this feature, or method of setting up 
winbind that is innocuous in my environment while maintaining "security 
= user"?

Background on the Environment:

I am running Samba 3.0.25c on Solaris 10u4 with "security = user".    I 
am using the vfs object "zfsacl" to enable ACL support on my zfs 
filesystem.  We use LDAP as a password backend, which also stores 
sambaSIDs for every user.  SIDs and unix UIDs are synchronized across 
all the samba servers because they all use the same LDAP backend.

Thanks in advance!

More information about the samba mailing list