Hi,
> > with samba WITHOUT using winbind. Sorry, but this is not acceptible > > for me (and for sure quite a few other people). > > You are incorrect. ACLs in Samba work without winbindd. > The problem occurs when you want to use the Domain SIDs > from a different authority than the Samba server in an > ACL. OK, I had understood this. But: My samba server _is not_ the authority in our net, it is just an ordinary domain member. So it _has_ to ask an authority, so to say a PDC or BDC. > To boil it down. Imagine you have 2 unix systems using > /etc/passwd. You have a user "jill" in both systems with > a different uid - both of which are in use on the other > system. Explain how to set up a POSIX ACL on either machine > which contains both "jill" users. That is the problem you > are trying to describe - no Windows or Samba involved. No, no. The situation you describe includes two user databases which partially the same usernames but different uids. Is is absolutely clear that I cannot mix them up to say one ACL entry which only contains uids, or names. On the other side in my case I also have two user databases, unix passwd (or yp) and NT SAM. BUT: there is a clear mapping between them! Each user on NT also exists on unix with the same username. So there is a translation from one user database to the other - the name. To get the ids (uid or sid) one has to request the authority of each of these databases (UNIX: YP-Server, NT: PDC or BDC). This should not be too difficult, so I don't understand why you didn't design it this way in the first case. :-) > winbindd is one solution to this. Yes - if you give up yp or nis+ or ldap or /etc/passwd ... > If you don't try and do this, you don't have problems with > ACLs. But can I make a samba server a domain master without totally screwing up my NT servers? This does not sound really correct to me. Hey, I am sucking up every advice I can to get this running, so thank you for the discussion! :-) Christopher -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba