[Samba] Samba AD domain member with SSSD: ACL not work

Rowland Penny rpenny at samba.org
Tue Feb 14 16:13:42 UTC 2017

On Tue, 14 Feb 2017 16:57:24 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:

> On a Centos 7 minimal fresh install and samba 4.4.4 I have follow this
> howto:
> http://www.hexblot.com/blog/centos-7-active-directory-and-samba
> and I have Joining to an Active Directory server and login to it with
> domain user without problem.
> My problem occur when I try from windows to modify some new rights
> (ACL's) to new folder on samba share.

Have you modified /etc/nsswitch.conf ?

If you haven't, then you are not using winbind, you are using sssd. In
which case you should remove the 'idmap config' lines from smb.conf.

You should also try asking on the sssd users mailing list for help,
because if you are not using winbind for authentication, this is
probably where your problem lies.

If you want use winbind instead of sssd, you will need to turn sssd off.


More information about the samba mailing list