Hello, A few weeks ago we started joining some remote servers to our AD domain as member servers. Several times now we have come back to them and found ownership settings missing like the following. [root at franks-dc1 opt]# ll total 72 drwxrws---+ 3 14505 10013 4096 Nov 28 2006 appinstalls drwxrws---+ 2 14505 10010 4096 Aug 3 2004 bldgshrs drwxrwsr-x+ 2 14505 10011 4096 Aug 3 2004 lessons drwx------ 2 root root 16384 Jul 8 2004 lost+found drwxrwsr-x+ 3 14505 10013 4096 Feb 27 2009 netapps drwxrwsr-x+ 3 14505 10013 4096 Mar 25 08:53 netlogon drwxrwsr-x+ 4 14505 10013 4096 Aug 2 2007 printers drwsrwsrwx+ 5 nobody 10005 4096 Apr 20 10:39 public They should be like: [root at franks-dc1 home]# ll /opt total 72 drwxrws---+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Nov 28 2006 appinstalls drwxrws---+ 2 LPSD+cisitadmin LPSD+franks-staff 4096 Aug 3 2004 bldgshrs drwxrwsr-x+ 2 LPSD+cisitadmin LPSD+franks-teachers 4096 Aug 3 2004 lessons drwx------ 2 root root 16384 Jul 8 2004 lost+found drwxrwsr-x+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Feb 27 2009 netapps drwxrwsr-x+ 3 LPSD+cisitadmin LPSD+enterprise admins 4096 Mar 25 08:53 netlogon drwxrwsr-x+ 4 LPSD+cisitadmin LPSD+enterprise admins 4096 Aug 2 2007 printers drwsrwsrwx+ 5 nobody LPSD+domain users 4096 Apr 20 10:39 public This problem is affecting ACL's too. [root at franks-dc1 home]# getfacl /opt/appinstalls/ getfacl: Removing leading '/' from absolute path names # file: opt/appinstalls # owner: LPSD+cisitadmin # group: LPSD+enterprise\040admins user::rwx group::rwx other::--- default:user::rwx default:user:14505:rwx default:group::--- default:group:10013:rwx default:mask::rwx default:other::--- I assume this must have something to do with idmap & winbind but does anyone know more about why this is happening and what to do about it? Thanks. our smb.conf [global] workgroup = LPSD netbios name = FRANKS-DC1 realm = LPSD.LOCAL server string = Samba PDC %v printcap name = CUPS load printers = yes printing = cups printcap = cups log file = /var/log/samba/log.%m log level = 1 max log size = 100 security = ADS syslog = 0 ldap ssl = no template shell = /bin/bash winbind separator = + winbind enum users = yes winbind enum groups = yes enable privileges = yes allow trusted domains = No idmap backend = idmap_rid:LPSD=500-500000000 idmap uid = 500-500000000 idmap gid = 500-500000000 winbind nested groups = Yes encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd passdb backend = tdbsam username map = /etc/samba/smbusers socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE deadtime = 5 os level = 63 preferred master = yes logon home logon path wins support = yes dns proxy = no [homes] comment = Home Directories browseable = no writable = yes create mask = 0770 directory mask = 0770 nt acl support = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no nt acl support = yes printable = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @"LPSD+domain users" write list = @"LPSD+domain users" [print$] comment = Printer Driver Download Area path = /opt/printers browseable = no guest ok = yes read only = yes nt acl support = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @"LPSD+domain users" write list = @"LPSD+enterprise admins", @LPSD+technicians, root, @adm [Public] comment = Public Stuff path = /opt/public public = yes guest ok = yes writable = yes create mask = 0777 directory mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 browseable = yes printable = no nt acl support = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @"LPSD+domain users" write list = @"LPSD+domain users" [NetApps] path = /opt/netapps comment = Applications Folder create mask = 0777 directory mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 writable = yes printable = no nt acl support = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @"LPSD+domain users" write list = @"LPSD+domain users" Lessons] path = /opt/lessons comment = Teacher Lessons create mask = 0777 directory mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 read only = yes printable = no nt acl support = yes acl map full control = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @LPSD+franks-students, @LPSD+franks-teachers, @LPSD+franks-staff, @"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs write list = @LPSD+franks-teachers, @LPSD+franks-staff, @"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs read list = @LPSD+franks-students [Bldgshare] path = /opt/bldgshrs comment = Building share create mask = 0777 directory mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 read only = yes printable = no nt acl support = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @LPSD+franks-teachers, @LPSD+franks-staff, @"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs write list = @LPSD+franks-teachers, @LPSD+franks-staff, @"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs [AppInstalls] path = /opt/appinstalls comment = network application install directory create mask = 0777 directory mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 read only = yes printable = no nt acl support = yes admin users = @"LPSD+enterprise admins", @"LPSD+domain admins" valid users = @"LPSD+Enterprise Admins", @LPSD+technicians, @LPSD+netmgrs write list = @"LPSD+Enterprise Admins", @LPSD+technicians -- Mike Rambo NOTE: In order to control energy costs the light at the end of the tunnel has been shut off until further notice...