[Samba] getting error with setfacl

Bruce Richardson itsbruce at workshy.org
Fri Nov 5 07:58:47 MDT 2010

On Thu, Nov 04, 2010 at 11:50:03AM -0700, James D. Parra wrote:
> Hello Bruce, 
> Still can't get setfacl to get group or user info from the AD (Windows 2003)
> I have the following in nsswitch.conf;
> passwd: compat ldap
> group:  files ldap

Have you put the correct details into the nss_ldap configuration file?
On RedHat and Centos, this is /etc/ldap.conf (NOT /etc/ldap/ldap.conf),
while on Debian-derived distributions it is /etc/libnss-ldap.conf.  You
will need to set the "uri" and "basedn" configuration options.  You will
also either have to enable anonymous LDAP searches on your domain
controllers or (the more secure route) create a user with read-only
access to the relevant parts of your active directory tree and add their
details to the nss_ldap configuration file ("binddn" and "bindpw").


I must admit that the existence of Disneyland (which I know is real)
proves that we are not living in Judea in AD 50. -- Philip K. Dick

More information about the samba mailing list