During the last two years our fileserver was a VERITAS Samba-2.0.10-VRTS server. This Veritas version of samba contains a special ACL component for the uid <-> sid and gid <-> sid mapping. It also transparently converts Windows access rights to Unix access rights and vice versa. The recent changes in the Windows mbx driver forced us to move to Samba3. The uid mapping works without problems because our Unix and Windows accounts are identical. For the gid mapping the net groupmap command has the same functionality as the Veritas vmapadm command. The Windows ACL's are correctly converted into the Unix ACL's, but now we have a problem with the group membership: If a Windows account is a member of some Windows group and the corresponding Unix account is not a member of the corresponding Unix group, the Windows account cannot use the Windows group rights. This means that have to synchronize the group membership between Windows and Unix. But this is not the behavior I was used to have with the Veritas Samba. How can I reach that the Windows group membership is recognized without converting all these memberships into Unix group memberships ? I know that one possibility to avoid this problem is the use of winbind instead of NIS, but at the moment we are not ready to change our NIS environment. I hope somebody from the Samba team will have time to explain me how the access rights of an account are checked. I spent a lot of time to read all available Samba documentation, but about this topic I couldn't find anything yet. Regards M.Schlett