> I believe the PDC/BDC does not need winbind but the member servers do. > Also you need idmap to work on the member servers. I believe I use a > nss backend for my idmap setup at work.
So is idmap separate from winbind? I thought the two went hand in hand. This may be another clue as to what's going on. When I bump up the log level for acls, it reports back: [2011/02/22 14:04:21.247390, 0] smbd/posix_acls.c:1755(create_canon_ace_lists) create_canon_ace_lists: unable to map SID S-1-5-21-2830206405-3223145701-231191277-62564 to uid or gid. This was the result of an operation from a Windows client trying to grant a user permissions to a folder. The SID is correct for the user in question, so obviously something is able to look up information from LDAP. However, some other piece can't seem to later resolve it. Is this of any help? I should add... the above is without winbind running on the member server. Thanks! Mark -- ---------- I'd rather be burning carbohydrates than hydrocarbons -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
