[Samba] Settings ACLS from Windows via member server

TAKAHASHI Motonobu monyo at monyo.com
Tue Feb 22 10:35:12 MST 2011

2011/2/23 Mark Dieterich <mkd at cs.brown.edu>:
> Things are working fine, with the exception of users being able
> to set ACLS from Windows workstations.

> 1) Our password backend is stored in LDAP.  Currently, we only have the
> LDAP configuration on the PDC and BDC samba setups.  My understanding is
> that all other machines, including samba member servers, join the domain
> and get their user information that way, correct?

Yes. Samba member servers does not need LDAP configurations.

> 2) With a non-AD environment, should our samba member servers run
> winbind?  My understanding is not, but this could be part of the problem.

If you want to set ACLs of domain users and groups, you have to run winbindd
regardless of  AD env. or not.

# You can set ACLs of server local users and groups without running winbindd.

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list