[Samba] Settings ACLS from Windows via member server

John Drescher drescherjm at gmail.com
Tue Feb 22 09:46:33 MST 2011

On Tue, Feb 22, 2011 at 11:04 AM, Mark Dieterich <mkd at cs.brown.edu> wrote:
> I have a purely samba domain: samba PDC, BDC, and a collection of
> clustered member servers that provide CIFS access to our underlying file
> system.  Things are working fine, with the exception of users being able
> to set ACLS from Windows workstations.  When they try to do so, they can
> search for and properly find domain members, but when they try to apply
> the changes, the settings simply vanish from the Window!  We setup a
> test share from our PDC and users **can** set permissions properly on
> this share, so I would think we are looking at a configuration problem
> on our member servers.
> A couple generic questions about member servers:
> 1) Our password backend is stored in LDAP.  Currently, we only have the
> LDAP configuration on the PDC and BDC samba setups.  My understanding is
> that all other machines, including samba member servers, join the domain
> and get their user information that way, correct?
> 2) With a non-AD environment, should our samba member servers run
> winbind?  My understanding is not, but this could be part of the problem.
> I'm happy to provide any other information that may be of help, this
> problem is driving us nuts!

I believe the PDC/BDC does not need winbind but the member servers do.
Also you need idmap to work on the member servers. I believe I use a
nss backend for my idmap setup at work.


More information about the samba mailing list