All the group mappings are in place: net groupmap list Domain Admins (S-1-5-21-1953726507-754737620-746616776-20000) -> admins Domain Guests (S-1-5-21-1953726507-754737620-746616776-20002) -> guests Domain Users (S-1-5-21-1953726507-754737620-746616776-20001) -> users getent passwd admin:*:0:20000:admin :/home/users/admins/in: gal_script$:*:30000:515:Computer:/dev/null:/bin/false ie-aqd-w089$:*:30001:515:Computer:/dev/null:/bin/false aqd-christian$:*:30002:515:Computer:/dev/null:/bin/false chris.boyd:*:1000:20000:Chris Boyd:/home/chris.boyd:/bin/bash emmett.sutton:*:1001:20000:Emmett Sutton:/home/emmett.sutton:/bin/bash bob.bobson:*:1002:20001:Bob Bobson:/home/bob.bobson:/bin/bash getent group admins:*:20000: guests:*:20002: users:*:20001: I changed the "valid users = USIT\%S" and "valid users = @USIT\admin, @USIT\users" Commented out the second path statement under profiles. Still whenever I log onto as say chris.boyd I can access the home drive and is mapped but still get the command prompt from the logon script saying "invalid password for usit-file <file://usit-file/> " and refuses to allow access to the share even with the admin logon. Strangely the profile folders show up in the home folder and there are no desktop icons showing? The machine log shows for that logon: [2007/07/04 10:52:35, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2007/07/04 10:59:23, 1] smbd/service.c:close_cnum(1150) aqd-christian (10.133.2.46) closed connection to service profiles [2007/07/04 10:59:23, 1] smbd/service.c:close_cnum(1150) aqd-christian (10.133.2.46) closed connection to service profiles [2007/07/04 10:59:57, 1] smbd/service.c:close_cnum(1150) aqd-christian (10.133.2.46) closed connection to service netlogon [2007/07/04 11:01:19, 1] smbd/service.c:close_cnum(1150) aqd-christian (10.133.2.46) closed connection to service chris.boyd -----Original Message----- From: Dale Schroeder [mailto:dale@BriannasSaladDressing.com] Sent: 03 July 2007 18:04 To: Chris Boyd Subject: Re: ham,[Samba] No access to share Chris, If your problem turns out to be ldap, I am not of much use. However, have you done all the group mapping? Did you take into account the ldap schema changes since 3.0.23? Are your groups domain groups? If yes, then it should be "valid users = DOMAIN\%S" and "valid users = @DOMAIN\admin, @DOMAIN\users". See http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html. You also have two "paths" listed under [profiles]. Can't think of anything more to suggest. If all this fails, provide an error log to the list. Good luck, Dale Chris Boyd wrote: Running Debian Etch with Samba-3.0.24 and ldap... I've set up a few users as part of the admin group and one in the users group. When I log onto the XP machine they can see their home drives but I get a command prompt asking for username and password for the server (usit-file). Not even admin can login though. Even if I log onto the XP machine as the domain admin I can't access the share. The relevant bits: smb.conf: workgroup = usit server string = %h server wins support = yes wins server = 10.133.1.21 dns proxy = yes name resolve order = lmhosts host wins bcast interfaces = 127.0.0.0/8 10.133.0.0/16 eth0 log file = /var/log/samba/log.%m max log size = 1000 syslog = 10 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = ldapsam:ldap://10.133.1.21 ldap suffix = dc=usit,dc=ie ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=usit,dc=ie ldap delete dn = no obey pam restrictions = yes ldap password sync = yes invalid users = root ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* domain logons = yes enable privileges = yes logon path = <file://\\%N\profiles\%U> <file://\\%N\profiles\%U> \\%N\profiles\%U logon path = \\%N\%U\profile logon drive = H: logon home = <file://\\%N\%U> <file://\\%N\%U> \\%N\%U logon script = logon.bat add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes preferred master = yes [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 valid users = %S inherit acls = Yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no share modes = no write list = "@admins" [profiles] comment = Users profiles path = /home/samba/profiles path = %H guest ok = no # browseable = no store dos attributes = Yes create mask = 0600 directory mask = 0700 [shared] comment = Shared folder path = /data/Shared # force group = users read only = no create mask = 0770 directory mask = 0770 valid users = @admin,@users Permissions: usit-file:~# ls -la /data/ total 16 drwxr-xr-x 4 root root 4096 2007-06-07 16:33 . drwxr-xr-x 25 root root 4096 2007-06-08 14:52 .. drwxr-xr-x 3 root root 4096 2007-06-07 16:33 AQ drwxrwx--- 15 root users 4096 2007-06-08 11:51 Shared Users: admin:*:0:20000:admin :/home/users/admins/in: gal_script$:*:30000:515:Computer:/dev/null:/bin/false ie-aqd-w089$:*:30001:515:Computer:/dev/null:/bin/false aqd-christian$:*:30002:515:Computer:/dev/null:/bin/false chris.boyd:*:1000:20000:Chris Boyd:/home/chris.boyd:/bin/bash emmett.sutton:*:1001:20000:Emmett Sutton:/home/emmett.sutton:/bin/bash bob.bobson:*:1002:20001:Bob Bobson:/home/bob.bobson:/bin/bash Logon.bat: net time \\usit-file /set /yes net use s: \\usit-file\Shared ----------------------------------------------------------------- This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyrighted. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. USIT has scanned this email for viruses and dangerous content and believes it to be clean. However, virus scanning is ultimately the responsibility of the recipient. ----------------------------------------------------------------- USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2. _____ No virus found in this incoming message. Checked by AVG. Version: 7.5.476 / Virus Database: 269.9.14/883 - Release Date: 7/1/2007 12:19 PM ----------------------------------------------------------------- This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyrighted. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. USIT has scanned this email for viruses and dangerous content and believes it to be clean. However, virus scanning is ultimately the responsibility of the recipient. ----------------------------------------------------------------- USIT Ireland Ltd. Company No. 377526. Registered Office 19/21 Aston Quay Dublin 2.