I have had a few replies and it looks that I am on a no win solution. I either set up LDAP and delete local UID on our UNIX boxes and let samba convert SID to UID, or just leave thinks as they are.
I still don't under stand why it is so difficult to do what I want when all the information seems to be at hand. 1) User changes security of a file on a samba share to allow DCSNT\andrew access. 2) samba returns an error: smbd/posix_acls.c:create_canon_ace_lists(1405) create_canon_ace_lists: unable to map SID S-1-5-21-1984182827-583073959-8547516-2056 to uid or gid. 3) run wbinfo and I can get this user name: # /usr/local/samba/bin/wbinfo -s S-1-5-21-1984182827-583073959-8547516-2056 DCSNT\andrew 1 4) Just see if it works in reverse: # /usr/local/samba/bin/wbinfo -n andrew S-1-5-21-1984182827-583073959-8547516-2056 User (1) 5) I have "winbind trusted domains only = yes" set in smb.conf, so I would it expect it to know that andrew(SID) = andrew(uid) 6) Samba to set the acl on the unix file...., but that is not going to happen. Before I give up and leave things as they are with users having 2 file systems (samba share and a Windows Share) and of course more Windows File Servers ;-( Can some one inform me how to populate I guess an LDAP server so that I place all the UID/SID into and only let samba query it. I don't want samba to build it since my UID already exist. Thanks again, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba