I have installed a Samba 3.025a PDC and 2 member servers. All on
solaris. (The Samba PDC replaced a NT4 PDC. Account data was
migrated with the "net vampire" command.) All solaris machines use
NIS. On the PDC i created group mappings between the NIS groups and
the Windows groups.
I can access file shares on all machines from Win XP or Win 2000
clients. On the security properties of a directory on the PDC , I can
view and set user and group permissions. The users and groups show
the correct doman. For example, assuming the domain is "ACME",
"johnsmith (ACME\johnsmith)"
"sales (ACME\sales)"
On the member server shares, I can attempt to add users and groups
from the "ACME" domain, but they don't stick. Permissions set on
the
unix level show up as
"johnsmith (unix user\johnsmith)"
"sales (unix group\sales)"
This is the sunfreeware build of samba, with acl support enabled by
default. Solaris supports acl's so I can add multiple groups or users
on the solaris level. And I do seem to have the proper access.
Logs on the member servers show
[2007/09/17 16:02:17, 0] smbd/posix_acls.c:create_canon_ace_lists(1423)
create_canon_ace_lists: unable to map SID S-xyzxyz--xyzxyz-xyzxyz to
uid or gid.
)
When I created the group mappings, I explicitly set RID's. (Domain
Admins = 512, sales=10001 etc)
I am not running Winbind on any machine since I am not attempting to
do unix level authentication against the samba accounts.
Advice is appreciated
Thanks
