What do you mean with acl's. Did you do the acl' s from windows. My attempts to do this failed every time. The only way make this work is under samba4. With samba3 I had to tune it within my share definitions in my smb.conf. create mask and so on..... Now with this it is nearly impossible to have by ex. two different groups manage their files (as in windows) on one share. So you have to make a large group with all the users having write perms and on the other side a group to have read perms. You may test #vfs objects = acl_xattr
----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: [email protected] Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: Aleix Dorca [mailto:[email protected]] Gesendet: Montag, 21. Februar 2011 09:33 An: [email protected] Cc: [email protected] Betreff: Re: AW: [Samba] Please, help me clarify (winbind). Daniel, thanks for your answer. What you say it is absolutely true. That was my first attempt to get things woking, avoid if possible Winbind, and IT DID work UNTIL I added ACL's on shares. After that it seems winbind was unavoidable. Then all the confusion began. Still stuck, I'm afraid. Aleix. El 21/02/2011, a las 9:11, Daniel Müller escribió: > If I have understood right:you have a PDC/LDAP-Samba!!! And no Windows > Server and no Windows ADS so you do not need winbind at all. > Just make the Windows Server a member of your Samba-Server thats it. > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: [email protected] > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:[email protected]] Im > Auftrag von Aleix Dorca > Gesendet: Samstag, 19. Februar 2011 21:40 > An: [email protected] > Betreff: [Samba] Please, help me clarify (winbind). > > Hi again, > > still struggling with winbind and trying to understand how it is supposed to > work. Let's see if someone can answer a simple resolution question so I can > see if something is wrong with my setup. > > One PDC/LDAP (no winbind), nss with ldap. This works fine as far as I can > tell. > > The other machine is a DMS. Let's say I have an entry like this on my > 'getent passwd' (via LDAP): > > adorca:x:10033:513:Aleix Dorca:/home/adorca:/bin/bash > > As far as I can tell this user's uid is 10033. > > So, now the question: If a windows machine should connect to this server > what would winbind return as uid number? 10033 via NSS_LDAP or a new mapping > stored/created on my LDAP Server. And would this user be treated as a > 'Domain User' or as a 'Unix User'? > > The Samba How-To Collections states on 'Winbind with NSS to resolve > UNIX/Linux user and group IDs': > > "The use of the LDAP-based passdb backend requires use of the PADL nss_ldap > utility or an equivalent. In this situation winbind is used to handle > foreign SIDs, that is, SIDs from standalone Windows clients (i.e., not a > member of our domain) as well as SIDs from another domain. The foreign > UID/GID is mapped from allocated ranges (idmap uid and idmap gid) in > precisely the same manner as when using winbind with a local IDMAP table." > > As I understand this having NSS with Ldap an winbind running a query to user > 'adorca' should return uid=10033 and not a new idmap mapping. Is this > correct? > > Please someone answer... I'm about to loose it trying to understand how this > should work. > > Thanks, > > Aleix. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
