I have installed samba 3.0.23d on FreeBSD 6.1. It is running with "security = ads". Plan is to replace current server running Samba 3.0.14a on FreeBSD 5.3 in the Windows2003 domain. I have successfully joined the domain and can list users and groups (I did notice that when I review Computer Properties under Operating Systems tab it does not list Samba and the corresponding version like before (Windows DC box, Active Directory Users and Computers)). The problem is that for some groups, permissions are not honored when accessing share from Windows XP clients. If I ssh to the server permissions work as expected and I can access those files. For example: id testuser uid=11111(testuser) gid=11195(systems) groups=11195(systems), 0(wheel), 10512(domain admins), 10513(domain users), 11137(cpo), 11191(physical), 11194(records), 11205(vpn users), 11666(fao), 12023(webpages), 10000, 10001 pw group show wheel wheel:*:0:root,testuser pw group show records records:*:11194:testuser drwsrwx--- 4 root avc 512 Nov 23 2004 AVC drwsrwx--- 155 root analysis 5120 Dec 14 11:49 Analysis drwsrwx--- 45 root capital 2048 Dec 27 13:59 Capital drwxrwx--- 5 root community 512 Dec 27 13:59 Community drwxrwx--- 14 root wheel 512 Jun 8 2006 Financial drwxrwx--- 35 root physical 1024 Dec 27 13:59 Physical drwsrwx--- 10 root cpo 1024 Dec 27 13:59 Planning drwxrwx--- 24 root records 1024 Dec 27 13:59 Records drwxrwx--- 11 root systems 512 Dec 29 10:45 Systems If I try accessing Planning or Systems folder I have no problems. If I try accessing Records or Financial folders I get "...Records is not accessible. Access is denied" error even though I am member of both wheel and records group. Advanced Security Settings tab on the windows client displays proper access privileges. I can cd to both folders when I ssh in on the server using the testuser account. If I use Windows DC to change testuser's primary group to records I can get into Records folder. id testuser uid=11111(testuser) gid=11194(records) groups=11194(records), 0(wheel), 10512(domain admins), 10513(domain users), 11137(cpo), 11191(physical), 11195(systems), 11205(vpn users), 11666(fao), 12023(webpages), 10000, 10001 I've tried creating new account with membership only in records group, but the access fails unless I set the primary group as records. I've seen the post by Cameron Murdoch on Dec 06, so this might be FreeBSD related issue. Any help would be greatly appreciated. My smb.conf is as follows: [global] workgroup = XXX realm = XXX.YYY.ZZZ security = ads encrypt passwords = yes log file = /var/log/samba/log.%m max log size = 50 load printers = no socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 allow trusted domains = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template shell = /usr/local/bin/bash winbind cache time = 3600 winbind nested groups = yes winbind use default domain = yes syslog only = yes #===Share Definitions =============================[Files] browseable = yes writable = yes path = /usr/smbmnt/Files printable = no -- Thanks, Vladimir Orlic