X-SpamDetect-Info: ------------- End ASpam results -----------------
If you want to set ACLs of domain users and groups, you have to run
winbindd
regardless of AD env. or not.
# You can set ACLs of server local users and groups without running
winbindd.
Hmm... I was working from:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553
I have NSS setup to resolve via LDAP, which contains all of the
appropriate user/group information that samba should need. The second
heading on this page, "Winbind is not used; users and groups resolved
via NSS" seemed to read as though I didn't actually need winbind. My
concern here is that winbind appears to be necessary to create unix
users for non-existent Windows NT domain users. This isn't our
case...
ever user available in the Windows NT domain (managed by the samba
PDC/BDC) exist in LDAP and, therefore, unix as well.
Do you have acls set on the file system for the member servers?
Winbind is for authentication purposes, not files system acls.
Regardless... I enable winbind and the behavior is the same. Once
winbind is started, I can query most users (wbinfo -u) and groups
(wbinfo -g). For some reason, some groups don't show. We have many
groups and users, so I haven't checked them all, but a spot check
suggests there are some missing.
Mark
--
----------
I'd rather be burning carbohydrates than hydrocarbons
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
