I have a samba4 domain with two r/w directory controllers. Second servers sysvol share doesn't allow access to normal users, only admin users can access share. Problem is same with both: ntvfs and s3fs. Sysvolreset doesn't help and sysvolcheck doesn't complain anything. posix file acls are identical with the first server which works ok. I have granted rights for Everyone, specific user and Domain Users group, but the result is always same. Here is log for admin user accessing the share: ----------------- Successfully converted security token to a unix token:Security token SIDs (17): SID[ 0]: S-1-5-21-xxx-xxx-xxx-1005 SID[ 1]: S-1-5-21-xxx-xxx-xxx-513 SID[ 2]: S-1-5-21-xxx-xxx-xxx-1010 SID[ 3]: S-1-5-21-xxx-xxx-xxx-1747 SID[ 4]: S-1-5-21-xxx-xxx-xxx-1011 SID[ 5]: S-1-5-21-xxx-xxx-xxx-2612 SID[ 6]: S-1-5-21-xxx-xxx-xxx-1026 SID[ 7]: S-1-5-21-xxx-xxx-xxx-512 SID[ 8]: S-1-5-21-xxx-xxx-xxx-572 SID[ 9]: S-1-5-21-xxx-xxx-xxx-1181 SID[ 10]: S-1-5-21-xxx-xxx-xxx-520 SID[ 11]: S-1-5-32-550 SID[ 12]: S-1-5-32-545 SID[ 13]: S-1-5-32-544 SID[ 14]: S-1-1-0 SID[ 15]: S-1-5-2 SID[ 16]: S-1-5-11 Privileges (0x 1FFFFF00): Privilege[ 0]: SeTakeOwnershipPrivilege Privilege[ 1]: SeBackupPrivilege Privilege[ 2]: SeRestorePrivilege Privilege[ 3]: SeRemoteShutdownPrivilege Privilege[ 4]: SeSecurityPrivilege Privilege[ 5]: SeSystemtimePrivilege Privilege[ 6]: SeShutdownPrivilege Privilege[ 7]: SeDebugPrivilege Privilege[ 8]: SeSystemEnvironmentPrivilege Privilege[ 9]: SeSystemProfilePrivilege Privilege[ 10]: SeProfileSingleProcessPrivilege Privilege[ 11]: SeIncreaseBasePriorityPrivilege Privilege[ 12]: SeLoadDriverPrivilege Privilege[ 13]: SeCreatePagefilePrivilege Privilege[ 14]: SeIncreaseQuotaPrivilege Privilege[ 15]: SeChangeNotifyPrivilege Privilege[ 16]: SeUndockPrivilege Privilege[ 17]: SeManageVolumePrivilege Privilege[ 18]: SeImpersonatePrivilege Privilege[ 19]: SeCreateGlobalPrivilege Privilege[ 20]: SeEnableDelegationPrivilege Rights (0x 403): Right[ 0]: SeInteractiveLogonRight Right[ 1]: SeNetworkLogonRight Right[ 2]: SeRemoteInteractiveLogonRight ---------------- And as normal user: ---------------- Successfully converted security token to a unix token:Security token SIDs (6): SID[ 0]: S-1-5-21-xxx-xxx-xxx-1345 SID[ 1]: S-1-5-21-xxx-xxx-xxx-513 SID[ 2]: S-1-5-32-545 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 Privileges (0x 0): Rights (0x 0):