On Tue, Feb 22, 2011 at 11:04 AM, Mark Dieterich <[email protected]> wrote: > I have a purely samba domain: samba PDC, BDC, and a collection of > clustered member servers that provide CIFS access to our underlying file > system. Things are working fine, with the exception of users being able > to set ACLS from Windows workstations. When they try to do so, they can > search for and properly find domain members, but when they try to apply > the changes, the settings simply vanish from the Window! We setup a > test share from our PDC and users **can** set permissions properly on > this share, so I would think we are looking at a configuration problem > on our member servers. > > A couple generic questions about member servers: > > 1) Our password backend is stored in LDAP. Currently, we only have the > LDAP configuration on the PDC and BDC samba setups. My understanding is > that all other machines, including samba member servers, join the domain > and get their user information that way, correct? > > 2) With a non-AD environment, should our samba member servers run > winbind? My understanding is not, but this could be part of the problem. > > I'm happy to provide any other information that may be of help, this > problem is driving us nuts! >
I believe the PDC/BDC does not need winbind but the member servers do. Also you need idmap to work on the member servers. I believe I use a nss backend for my idmap setup at work. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
