Hi, why do I have to specify idmap uid and idmap gid ranges to have filesystem ACLs working? My environment is a samba controlled domain. All Unix account information is stored in LDAP. In samba-3.0.14a it was possible to use winbind in "netlogon proxy only" mode (i.e. no ranges for idmap uid / gid) so that filesystem acls could be set from XP. 3.0.22 refuses to set ACLs until I configure a dummy range. That dummy range is never used. I actually made the following settins: idmap uid = 80000-80000 idmap gid = 80000-80000 Mark