[Samba] Settings ACLS from Windows via member server

Mark Dieterich mkd at cs.brown.edu
Tue Feb 22 11:53:50 MST 2011

> If you want to set ACLs of domain users and groups, you have to run winbindd
> regardless of  AD env. or not.
> # You can set ACLs of server local users and groups without running winbindd.

Hmm... I was working from:


I have NSS setup to resolve via LDAP, which contains all of the
appropriate user/group information that samba should need.  The second
heading on this page, "Winbind is not used; users and groups resolved
via NSS" seemed to read as though I didn't actually need winbind.  My
concern here is that winbind appears to be necessary to create unix
users for non-existent Windows NT domain users.  This isn't our case...
ever user available in the Windows NT domain (managed by the samba
PDC/BDC) exist in LDAP and, therefore, unix as well.

Regardless... I enable winbind and the behavior is the same.  Once
winbind is started, I can query most users (wbinfo -u) and groups
(wbinfo -g).  For some reason, some groups don't show.  We have many
groups and users, so I haven't checked them all, but a spot check
suggests there are some missing.


I'd rather be burning carbohydrates than hydrocarbons

More information about the samba mailing list