You don't care, 'cos your server is working with ldap. If your server do by ldap, you will modify only /etc/nsswitch.conf like that:
file /etc/nsswitch.conf passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind The system is going to search users in /etc/passwd, then ldap db, then winbind (in other domains). 'winbind trusted domains only = yes' will give you a way to map domain users from local users, 'cos the ; so ldap will search the users in ldap db. Don't forget: your shares must have 'profile acls = no'. I do hope my explanation make clear your question. u. Il ven, 2004-07-30 alle 00:36, Sean Kennedy ha scritto: > Umberto Zanatta wrote: > > > You should set up smb.conf like that: > > > > winbind trusted domains only = yes > > winbind use default domain = no > > > > When you change acl in files server, you will do: > > > > setacl -m u:skennedy:rwx,d:u:skennedy:rwx vattelapesca.doc > > > > u. > > > I am so confused. :) I tried it out on my test server, and your advice > worked flawlessly! Then...I tried it on my work server, and it failed, > displaying the domains as well. So then, after I fixed that, I checked > out the man page, and found this: > > winbind trusted domains only (G) > This parameter is designed to allow Samba servers that > are mem- > bers of a Samba controlled domain to use UNIX > accounts dis- > tributed via NIS, rsync, or LDAP as the uidâs for winbindd > users > in the hosts primary domain. Therefore, the user > DOMAIN\user1 > would be mapped to the account user1 in /etc/passwd > instead of > allocating a new uid for him or her. > > Default: winbind trusted domains only = no > > Given my setup, I have no users in /etc/passwd, beyond what the system > is installed with, so it shouldn't have worked, even on my test system. > > I mean, if that's what I need to do, then that's what i need to do, but > I want to understand what this is doing before I jump into it. :) > Thank you for your help thus far! > > Sean > > > Il gio, 2004-07-29 alle 23:06, Sean Kennedy ha scritto: > > > >>/Hi folks, > >> > >>For the longest time, I've had a problem changing or modifying ACLs from > >>my window clients. Whenever I tried, I'd get this in the logs: > >> > >>[2004/07/29 12:36:26, 0] smbd/posix_acls.c:create_canon_ace_lists(823) > >> create_canon_ace_lists: unable to map SID > >>S-1-5-21-1292428093-651377827-xxxxxxxxx-1333 to uid or gid. > >> > >>I could change the ACLs using getfacl/setfacl, btw. > >> > >>After a little investigation, I think I've found the problem. I'm using > >>winbind here, but I'm using this option: > >> > >>winbind use default domain = yes > >> > >>Which, for the sake of completeness, strips out domain info out of the > >>username. So instead of `BOCA/skennedy`, it comes out as `skennedy`. > >>This is where I think my problem is. Using wbinfo, I resolved that SID > >>to BOCA/skennedy, who happens to be a completely different user name. > >> > >>My question is this: Does my logic seem correct to everyone else? Is > >>there anything else I should be looking at? Further, does anybody have > >>a solution to this problem? This server is also a web/email server for > >>the intranet, and I am trying to avoid setting up a new server ( we have > >>4 going already, mainly for window crap ) if at all possible. > >> > >>Any help is greatly apprecaited. > >> > >>Sean/ > >> > > > > _______________________ Umberto Zanatta linuxDidattica tel: +39 (335) 54 71 385 email: [EMAIL PROTECTED] web: http://linuxdidattica.org _______________________ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba