[Samba] Settings ACLS from Windows via member server

John H Terpstra jht at samba.org
Tue Feb 22 13:05:47 MST 2011 

valuable if you would explain WHYOn 02/23/2011 03:46 AM, John Drescher
wrote:
> On Tue, Feb 22, 2011 at 11:04 AM, Mark Dieterich <mkd at cs.brown.edu> wrote:
>> I have a purely samba domain: samba PDC, BDC, and a collection of
>> clustered member servers that provide CIFS access to our underlying file
>> system.  Things are working fine, with the exception of users being able
>> to set ACLS from Windows workstations.  When they try to do so, they can
>> search for and properly find domain members, but when they try to apply
>> the changes, the settings simply vanish from the Window!  We setup a
>> test share from our PDC and users **can** set permissions properly on
>> this share, so I would think we are looking at a configuration problem
>> on our member servers.
>>
>> A couple generic questions about member servers:
>>
>> 1) Our password backend is stored in LDAP.  Currently, we only have the
>> LDAP configuration on the PDC and BDC samba setups.  My understanding is
>> that all other machines, including samba member servers, join the domain
>> and get their user information that way, correct?
>>
>> 2) With a non-AD environment, should our samba member servers run
>> winbind?  My understanding is not, but this could be part of the problem.
>>
>> I'm happy to provide any other information that may be of help, this
>> problem is driving us nuts!
>>
> 
> I believe the PDC/BDC does not need winbind but the member servers do.
> Also you need idmap to work on the member servers. I believe I use a
> nss backend for my idmap setup at work.
> 
> John

John,

It would help the list to understand WHY you believe that winbind is NOT
needed by the PDC/BDC, and WHY it is needed on member servers.

While subscribers keep explaining what they believe, and keep giving
advice based on their belief system, rather than on well reasoned fact,
confusion will continue to exist and complaints regarding Samba
documentation will continue also.

Are you willing to take a brave step to explain your reasoning?

Cheers,
John T.

More information about the samba mailing list