[Samba] Settings ACLS from Windows via member server

Mark Dieterich mkd at cs.brown.edu
Tue Feb 22 12:17:53 MST 2011

> I believe the PDC/BDC does not need winbind but the member servers do.
> Also you need idmap to work on the member servers. I believe I use a
> nss backend for my idmap setup at work.

So is idmap separate from winbind?  I thought the two went hand in hand.

This may be another clue as to what's going on.  When I bump up the log
level for acls, it reports back:

[2011/02/22 14:04:21.247390,  0]
  create_canon_ace_lists: unable to map SID
S-1-5-21-2830206405-3223145701-231191277-62564 to uid or gid.

This was the result of an operation from a Windows client trying to
grant a user permissions to a folder.  The SID is correct for the user
in question, so obviously something is able to look up information from
LDAP.  However, some other piece can't seem to later resolve it.  Is
this of any help?

I should add... the above is without winbind running on the member server.



I'd rather be burning carbohydrates than hydrocarbons

More information about the samba mailing list