Hello together, I have: gentoo with samba-3.0.24 W2003 AD with SFU 3.5 uid and gid in SFU linux configured to use AD with ldap client for mapping users, groups and authentication winbind not configured. Everyting works fine except ACL in the linux filesystem: I receive this error when I want to add an user access to a file: [2006/10/18 09:38:28, 0] (1399) create_canon_ace_lists: unable to map SID to uid or gid. Is it possible to manage ACL without winbind configured? I have just found some information about using winbind for this one. I have set up an test: smb.conf: [global] log level = 2 dns proxy = no domain master = no preferred master = no workgroup = DOMAIN security = ADS realm = DOMAIN.LOCAL password server = win2003ads.domain.local host msdfs = no idmap backend = ad winbind nss info = sfu #idmap uid = 100-70000 #idmap gid = 100-70000 winbind trusted domains only = no winbind enum groups = yes winbind enum users = yes winbind separator = + winbind nested groups = yes winbind use default domain = yes With winbind I have the following problem: When I activate idmap uid / gid winbind returns an own uid/gid, not the ADS-stored uid/gid. When I deactivate this option, winbind tells me, that its not possible to convert an S-ID to uid: a.) gentooads ~ # wbinfo -S S-1-5-21-2754069521-2579576118-433682804-1204 100 b.) gentooads ~ # wbinfo -S S-1-5-21-2754069521-2579576118-433682804-1204 Could not convert sid S-1-5-21-2754069521-2579576118-433682804-1204 to uid If winbind is necessary, how can I use the SFU-attributes? Thanks a lot!!