The key tool is nsswitch. Winbind may or may not be necessary, depending on your precise set up. It's the nsswitch libraries and configuration file which tell Linux where to fetch user and group information. ~~~~~~~~~~~~~~~~~~~~~~~~~ Hello Bruce,
Still can't get setfacl to get group or user info from the AD (Windows 2003) I have the following in nsswitch.conf; passwd: compat ldap group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files ldap protocols: files rpc: files ethers: files netmasks: files netgroup: files ldap publickey: files bootparams: files automount: files nis aliases: files ldap passwd_compat: ldap <snip> And the linux box is joined to the domain; # net ads testjoin Join is OK <snip> I can get details from 'wbinfo' fmt-mwr:~ # wbinfo -g DOMAIN+pg_out_test <snip> Somewhere is the magic to get setfacl to see the AD groups and users. Many thanks, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba