[Samba] Settings ACLS from Windows via member server
tms3 at tms3.com
tms3 at tms3.com
Tue Feb 22 11:57:51 MST 2011
>
> X-SpamDetect-Info: ------------- End ASpam results -----------------
>
>
>>
>> If you want to set ACLs of domain users and groups, you have to run
>> winbindd
>> regardless of AD env. or not.
>>
>> # You can set ACLs of server local users and groups without running
>> winbindd.
>
> Hmm... I was working from:
>
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553
>
> I have NSS setup to resolve via LDAP, which contains all of the
> appropriate user/group information that samba should need. The second
> heading on this page, "Winbind is not used; users and groups resolved
> via NSS" seemed to read as though I didn't actually need winbind. My
> concern here is that winbind appears to be necessary to create unix
> users for non-existent Windows NT domain users. This isn't our
> case...
> ever user available in the Windows NT domain (managed by the samba
> PDC/BDC) exist in LDAP and, therefore, unix as well.
Do you have acls set on the file system for the member servers?
Winbind is for authentication purposes, not files system acls.
>
>
>
> Regardless... I enable winbind and the behavior is the same. Once
> winbind is started, I can query most users (wbinfo -u) and groups
> (wbinfo -g). For some reason, some groups don't show. We have many
> groups and users, so I haven't checked them all, but a spot check
> suggests there are some missing.
>
> Mark
>
> --
> ----------
> I'd rather be burning carbohydrates than hydrocarbons
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list