[Samba] Settings ACLS from Windows via member server

Mark Dieterich mkd at cs.brown.edu
Tue Feb 22 09:04:39 MST 2011

I have a purely samba domain: samba PDC, BDC, and a collection of
clustered member servers that provide CIFS access to our underlying file
system.  Things are working fine, with the exception of users being able
to set ACLS from Windows workstations.  When they try to do so, they can
search for and properly find domain members, but when they try to apply
the changes, the settings simply vanish from the Window!  We setup a
test share from our PDC and users **can** set permissions properly on
this share, so I would think we are looking at a configuration problem
on our member servers.

A couple generic questions about member servers:

1) Our password backend is stored in LDAP.  Currently, we only have the
LDAP configuration on the PDC and BDC samba setups.  My understanding is
that all other machines, including samba member servers, join the domain
and get their user information that way, correct?

2) With a non-AD environment, should our samba member servers run
winbind?  My understanding is not, but this could be part of the problem.

I'm happy to provide any other information that may be of help, this
problem is driving us nuts!



I'd rather be burning carbohydrates than hydrocarbons

More information about the samba mailing list