We have Samba 2.2.7 (the RPM for Red Hat 6.2 built by the Samba Team) running on Red Hat 7.0. It's set up as a PDC, with the config. file as follows: # Global parameters [global] workgroup = ESPL server string = GenaWare Sydney main file server interfaces = 192.168.20.2/24 encrypt passwords = Yes smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successfull* unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = host wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = Yes logon script = espl.bat os level = 60 preferred master = Yes time server = Yes domain master = Yes dns proxy = No wins proxy = Yes wins support = Yes add user script = /usr/sbin/useradd -c 'Machine trust account' -d /dev/null -s /bin/false -M -g winboxes %u On an NT Workstation 4 with Service Pack 5: The system is a member of the domain, and I can log on to the domain on this system. When using the Windows Explorer Properties applet to try to add permissions to a file on a local disk, I can only see domain users in the list, plus default domain groups (e.g Domain Users) but I can enter a known domain group, and this is added successfully to the file's ACLs. On Windows 2000 (Workstation + Service pack 2, or Server + Service Pack 3) The system is a member of the domain, and I can log on to the domain on this system. When using the Windows Explorer Properties applet to try to add permissions to a file on a local disk, I can only see domain users in the list, plus default domain groups (e.g Domain Users). If I enter a known domain group, I get the response "Invalid Name". If I select a domain user and add permissions for that user, It appears to succeed, but when I come back to view the security information for the file, all I see is a long user ID string, not the user name. Curiously, on all three client systems, I can see the domain groups when trying to add permissions to file on a Samba share. Is it possible to see list of domain groups when adding permissions to a local file? Is there something I need to change to achieve this? More importantly, can Windows 2000 apply domain group permissions to local files? If so, how can this be enabled? -- Jonathan Gowland | GenaWare Pty Limited