[Samba] Settings ACLS from Windows via member server

tms3 at tms3.com tms3 at tms3.com
Tue Feb 22 11:57:51 MST 2011




>
> X-SpamDetect-Info: ------------- End ASpam results -----------------
>
>
>>
>> If you want to set ACLs of domain users and groups, you have to run 
>> winbindd
>> regardless of  AD env. or not.
>>
>> # You can set ACLs of server local users and groups without running 
>> winbindd.
>
> Hmm... I was working from:
>
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553
>
> I have NSS setup to resolve via LDAP, which contains all of the
> appropriate user/group information that samba should need.  The second
> heading on this page, "Winbind is not used; users and groups resolved
> via NSS" seemed to read as though I didn't actually need winbind.  My
> concern here is that winbind appears to be necessary to create unix
> users for non-existent Windows NT domain users.  This isn't our 
> case...
> ever user available in the Windows NT domain (managed by the samba
> PDC/BDC) exist in LDAP and, therefore, unix as well.

Do you have acls set on the file system for the member servers? 
Winbind is for authentication purposes, not files system acls.
>
>
>
> Regardless... I enable winbind and the behavior is the same.  Once
> winbind is started, I can query most users (wbinfo -u) and groups
> (wbinfo -g).  For some reason, some groups don't show.  We have many
> groups and users, so I haven't checked them all, but a spot check
> suggests there are some missing.
>
> Mark
>
> --
> ----------
> I'd rather be burning carbohydrates than hydrocarbons
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba



More information about the samba mailing list