I believe I have a config problem, but let me first explain what I'm trying to accomplish and then I'll dump all the logs, etc. w2k3 r2 domain server: hilbert.math.purdue.edu samba server: gram.math.purdue.edu realm: MATH.PURDUE.EDU domain: MATH Currently my entire environment is all Solaris, with users stored in LDAP and home directories shared via NFS. I am using Sun's Identity Synchronization for Windows to populate my w2k3 r2 server with users and to ensure that the rfc2307 attributes are synced with my LDAP source. I only want to use Samba to share out home directories, but only for Domain Users that have rfc2307 attributes defined for them; i.e., in my current config "Administrator" cannot authenticate to my Samba server and that's fine by me. In addition to this, I want the home directory to be owned by MATH\username instead of GRAM\username. In my current config I'm using nss_winbind against my ADS source, though I would prefer to use nss_ldap against my LDAP source; otherwise, samba has to run in a zone on my NFS server (not a show stopper). Currently my home directory is showing in Windows with Owner: S-1-5-21-3626241743-3430010330-1169397157-2002 and with Group MATH\unix-other I think the root of the problem is that I can do uid->uidNumber but not uidNumber->uid on gram using winbind. root@gram samba-3.0.23a # cat lib/smb.conf [global] workgroup = MATH realm = MATH.PURDUE.EDU security = ads encrypt passwords = yes idmap backend = ad idmap uid = 1000-10000 idmap gid = 1000-10000 lanman auth = no ntlm auth = no winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 [homes] comment = Home Directories valid users = %S read only = No browseable = No root@gram samba-3.0.23a # bin/net getlocalsid SID for domain GRAM is: S-1-5-21-3626241743-3430010330-1169397157 root@gram samba-3.0.23a # getent passwd "MATH\nlucier" MATH\nlucier:*:501:1:Neal Antoine Lucier:/home/nlucier:/bin/tcsh root@gram samba-3.0.23a # getent passwd 501 root@gram samba-3.0.23a # root@gram samba-3.0.23a # getent group "MATH\unix-other" MATH\unix-other:x:1: root@gram samba-3.0.23a # getent group 1 other::1:root root@gram /home # ls -l /home total 2 drwxr-xr-x 16 501 other 512 Jul 25 11:40 nlucier/ root@gram samba-3.0.23a # grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind ****This is the log of the user nlucier connecting from HILBERT and selecting "properties" on a folder in the home directory****** root@gram samba-3.0.23a # cat var/log.smbd [2006/07/28 12:50:16, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/28 12:50:17, 0] smbd/server.c:main(881) standard input is not a socket, assuming -D option [2006/07/28 12:50:17, 0] auth/auth_util.c:create_builtin_administrators(763) create_builtin_administrators: Failed to create Administrators [2006/07/28 12:50:17, 0] auth/auth_util.c:create_local_nt_token(872) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:17, 0] auth/auth_util.c:create_builtin_users(729) create_builtin_users: Failed to create Users [2006/07/28 12:50:17, 0] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username MATH\HILBERT$ is invalid on this system [2006/07/28 12:50:23, 0] auth/auth_util.c:create_builtin_administrators(763) create_builtin_administrators: Failed to create Administrators [2006/07/28 12:50:23, 0] auth/auth_util.c:create_local_nt_token(872) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:23, 0] auth/auth_util.c:create_builtin_users(729) create_builtin_users: Failed to create Users [2006/07/28 12:50:23, 0] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:23, 1] smbd/service.c:make_connection_snum(941) 128.210.3.22 (128.210.3.22) connect to service nlucier initially as user MATH\nlucier (uid=501, gid=1) (pid 25797) [2006/07/28 12:50:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username MATH\HILBERT$ is invalid on this system [2006/07/28 12:50:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username MATH\HILBERT$ is invalid on this system [2006/07/28 12:50:35, 0] auth/auth_util.c:create_builtin_administrators(763) create_builtin_administrators: Failed to create Administrators [2006/07/28 12:50:35, 0] auth/auth_util.c:create_local_nt_token(872) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:35, 0] auth/auth_util.c:create_builtin_users(729) create_builtin_users: Failed to create Users [2006/07/28 12:50:35, 0] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username MATH\HILBERT$ is invalid on this system [2006/07/28 12:50:36, 0] auth/auth_util.c:create_builtin_administrators(763) create_builtin_administrators: Failed to create Administrators [2006/07/28 12:50:36, 0] auth/auth_util.c:create_local_nt_token(872) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:36, 0] auth/auth_util.c:create_builtin_users(729) create_builtin_users: Failed to create Users [2006/07/28 12:50:36, 0] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:37, 0] auth/auth_util.c:create_builtin_administrators(763) create_builtin_administrators: Failed to create Administrators [2006/07/28 12:50:37, 0] auth/auth_util.c:create_local_nt_token(872) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:37, 0] auth/auth_util.c:create_builtin_users(729) create_builtin_users: Failed to create Users [2006/07/28 12:50:37, 0] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:37, 0] auth/auth_util.c:create_builtin_administrators(763) create_builtin_administrators: Failed to create Administrators [2006/07/28 12:50:37, 0] auth/auth_util.c:create_local_nt_token(872) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2006/07/28 12:50:37, 0] auth/auth_util.c:create_builtin_users(729) create_builtin_users: Failed to create Users [2006/07/28 12:50:37, 0] auth/auth_util.c:create_local_nt_token(899) create_local_nt_token: Failed to create BUILTIN\Administrators group! ***LDIF dumps from ADS**** dn: CN=Neal Antoine Lucier,CN=Users,DC=math,DC=purdue,DC=edu objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Neal Antoine Lucier sn: Lucier givenName: Neal initials: A distinguishedName: CN=Neal Antoine Lucier,CN=Users,DC=math,DC=purdue,DC=edu instanceType: 4 whenCreated: 20060724205917.0Z whenChanged: 20060727203240.0Z displayName: Neal Antoine Lucier uSNCreated: 14046 memberOf: CN=Domain Users,CN=Users,DC=math,DC=purdue,DC=edu uSNChanged: 16654 name: Neal Antoine Lucier objectGUID:: KAc8FHeOlk+RCtOS+GU1LA=userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 127983163550937500 lastLogoff: 0 lastLogon: 127985790209218750 pwdLastSet: 127982483572031250 primaryGroupID: 1113 objectSid:: AQUAAAAAAAUVAAAA1d5KxJSOAsluXD4OVgQAAA=accountExpires: 9223372036854775807 logonCount: 37 sAMAccountName: nlucier sAMAccountType: 805306368 userPrincipalName: nlucier@math.purdue.edu objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=math,DC=purdue,DC=edu unixUserPassword: ABCD!efgh12345$67890 uid: nlucier msSFU30Name: nlucier msSFU30NisDomain: math uidNumber: 501 gidNumber: 1 unixHomeDirectory: /home/nlucier loginShell: /bin/tcsh dn: CN=unix-other,CN=Users,DC=math,DC=purdue,DC=edu objectClass: top objectClass: group cn: unix-other distinguishedName: CN=unix-other,CN=Users,DC=math,DC=purdue,DC=edu instanceType: 4 whenCreated: 20060727203057.0Z whenChanged: 20060727203240.0Z uSNCreated: 16634 uSNChanged: 16652 name: unix-other objectGUID:: 3bszP63jDkKjC//KPHoGWg=objectSid:: AQUAAAAAAAUVAAAA1d5KxJSOAsluXD4OWQQAAA=sAMAccountName: unix-other sAMAccountType: 268435456 groupType: -2147483646 objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=math,DC=purdue,DC=edu msSFU30Name: unix-other msSFU30NisDomain: math gidNumber: 1 dn: CN=gram,CN=Computers,DC=math,DC=purdue,DC=edu objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: gram distinguishedName: CN=gram,CN=Computers,DC=math,DC=purdue,DC=edu instanceType: 4 whenCreated: 20060725193722.0Z whenChanged: 20060725193723.0Z uSNCreated: 16454 uSNChanged: 16460 name: gram objectGUID:: Px81ZCjtw06s3gH53SsxuA=userAccountControl: 69632 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 127985792499843750 localPolicyFlags: 0 pwdLastSet: 0 primaryGroupID: 515 objectSid:: AQUAAAAAAAUVAAAA1d5KxJSOAsluXD4OWAQAAA=accountExpires: 9223372036854775807 logonCount: 122 sAMAccountName: gram$ sAMAccountType: 805306369 dNSHostName: gram.math.purdue.edu servicePrincipalName: HOST/gram.math.purdue.edu servicePrincipalName: HOST/GRAM objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=math,DC=purdue,DC=edu isCriticalSystemObject: FALSE Thanks, Neal