Hi all, I have a Samba PDC running OpenLDAP 2.3.6 and Samba 3.0.20. I've followed the scheme laid down in the smb/ldap document at www.idealx.org and have used the smbldap-tools from the same site to configure the Samba groups and base accounts. Using smbldap-useradd -a <user> I've set up 700 user accounts (300 max active at a time) and have the home directories on the PDC and a seperate apps share on a second Samba server (same versions) configured as a domain member. On the PDC, I've got nss_ldap and pam_ldap configured and can log into the Samba accounts even though there are no equivalent UNIX accounts for the Samba users. On the user's Samba shares, I have set the permissions to rwx r-x --- for the owner and the group "Domain Admins" so I can use a Domain Admin account to perform backups via NFS to a live backup server. On the second server I have winbind running and executing wbinfo -u lists the domain users and wbinfo -g lists the domain groups. I can authenticate on the server using a Domain User login but I can't set the group ownership of a folder or file to Domain Users in the same way I can the set the shares on the PDC for Domain Admins. I have mapped the Domain Users group to a local group called users on the second server and set the group ownership of the share to to use it but I get access denied. I can run chgrp 513 on the folder and I get access for Domain Users but the group ownership appears as 513. If i run net groupmap list, I get an entry that says: Domain Users -> S-1-xxxxxxxxxxxxx -> users I'm obviously missing something obvious. Any clues? Cheers, jools