[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator

Rowland Penny rpenny at samba.org
Thu Aug 4 18:05:13 UTC 2022

On Thu, 2022-08-04 at 18:54 +0200, Oliver via samba wrote:
> Dear all,
> some research later, I did some queries on my PDC and secondary DC.

You do not have a PDC and secondary DC, you just have two DC's and one
of them holds all the FSMO roles. In all other things, they should be

> I figure out, that the LDAP queries works and the group membership
> for 
> LDAP is working.
> I found an error, when run samba-tool on the secondary DC. There is
> a 
> missing secrets.ldb and sam.ldb  .

If you do not have secrets.ldb and sam.ldb on a DC, then you have
really big problems. Have you checked if they exist or not ?

> You will find it at the end of this message.
> Can you help me to fix this?
> What did I wrong?
> Regards,
> Oliver
> General questionsmarks, may somebody could answer:
> - getent not works on Primary DC

Do you have libpam-winbind and libnss-winbind installed ?
Or if you complied Samba yourself, did you create the required links ?

> - wbinfo on Primary DC run with or without given Domain e.g. 

This is how it is supposed to work.

> - wbinfo on secondarys DC only runs with given Domain e.g.

Hmm, that isn't correct.

> - ldbsearch works only to remote host DC.

'ldbsearch' should work on both DC's

I do hope that '.local' is a replacement for your correct TLD

I think you need to compare your first DC with your second DC, they
should, apart from the hostname ipaddress etc, be identical.

I would also do some reading up on AD attributes (for instance, a group
will never have a primaryGroupID attribute).


More information about the samba mailing list