[Samba] Settings ACLS from Windows via member server
Mark Dieterich
mkd at cs.brown.edu
Tue Feb 22 11:53:50 MST 2011
> If you want to set ACLs of domain users and groups, you have to run winbindd
> regardless of AD env. or not.
>
> # You can set ACLs of server local users and groups without running winbindd.
Hmm... I was working from:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553
I have NSS setup to resolve via LDAP, which contains all of the
appropriate user/group information that samba should need. The second
heading on this page, "Winbind is not used; users and groups resolved
via NSS" seemed to read as though I didn't actually need winbind. My
concern here is that winbind appears to be necessary to create unix
users for non-existent Windows NT domain users. This isn't our case...
ever user available in the Windows NT domain (managed by the samba
PDC/BDC) exist in LDAP and, therefore, unix as well.
Regardless... I enable winbind and the behavior is the same. Once
winbind is started, I can query most users (wbinfo -u) and groups
(wbinfo -g). For some reason, some groups don't show. We have many
groups and users, so I haven't checked them all, but a spot check
suggests there are some missing.
Mark
--
----------
I'd rather be burning carbohydrates than hydrocarbons
More information about the samba
mailing list