I'm setting up a new samba server under CentOS6.3, samba-3.5.10-125.el6.x86_64, and am running into a strange problem I am unable to solve. There's actually a bunch of problems, but I think they can be solved once this particular issue is fixed. Samba is set up as a PDC for WinXP clients. The old samba server bit the dust and I had many problems trying to migrate. So I started from scratch with a very basic configuration, straight from the RHEL6 documentation ("Primary Domain Controller (PDC) using tdbsam"), but even with this setup, I keep running into the same issue. The logs (log level 2) are littered with lines like these: [2012/12/18 12:39:35.740861, 2] smbd/service.c:587(create_connection_server_info) guest user (from session setup) not permitted to access this share (MYID) [2012/12/18 12:39:35.740893, 1] smbd/service.c:678(make_connection_snum) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED So, despite success login as MYID, samba only grants guest-level access to this share. One consequence is that software like Office cannot save to the share because it's "in use by another user". I can fix this bit with various locking related options. In order to discount issues with other network services, I have created MYID and the corresponding home directory locally on the samba server. Yet, the issue persists. testparm output: Server role: ROLE_DOMAIN_PDC [global] workgroup = MYGROUP netbios name = SAMBA server string = Samba Server Version %v interfaces = lo, eth0, 10.20.11.131/24, 127.0.0.1 bind interfaces only = Yes log level = 2 log file = /var/log/samba/log.%m max log size = 50 add user script = /usr/sbin/useradd "%u" -n delete user script = /usr/sbin/userdel "%u" add group script = /usr/sbin/groupadd "%g" -n delete group script = /usr/sbin/groupdel "%g" delete user from group script = /usr/sbin/userdel "%u" "%g" add machine script = /usr/sbin/useradd -n -g machines -c "Machines (%M)" -M -d /nohome -s /bin/false "%u" domain logons = Yes preferred master = Yes domain master = Yes wins support = Yes hosts allow = 127., 10.20.11. cups options = raw posix locking = No [homes] comment = Home Directories read only = No veto oplock files = /*.msf/Inbox/*.xls/*.csv/ browseable = No