I?m trying to get an AIX + samba + ADS system working properly. The samba server is a domain member and I can use the wbinfo ?u and wbinfo ?g commands with no problem. We?re running pware64 version 3.5.11 on AIX 6.1. I need to know if as a group member of the ADS, do I still need to do a net groupmap to map ADS groups to AIX groups or does this happen automatically with this version of samba? The users can log in, but can?t access their shares. The only way they?ve been able to access their shares is if I change the directory permissions to 777. Here?s our configuration: Smb.conf #======================= Global Settings ====================================[global] workgroup = CINTASFIT server string = CINSD20 Samba Server netbios name = CINSD20 security = ADS encrypt passwords = yes password server = * realm = CINTAS.FIT local master = no domain master = no wins support = no dns proxy = no load printers = no admin users = root allow trusted domains = yes map untrusted to domain = yes client use spnego = yes log file = /var/log/samba/%m.log max log size = 1000 log level = 3 nmbd bind explicit broadcast = no winbind enum users = no winbind enum groups = no winbind separator = + winbind nested groups = yes winbind use default domain = yes nt acl support = yes inherit acls = yes map acl inherit = yes map to guest = Never store dos attributes = yes inherit permissions = yes idmap uid = 200000 - 500000 idmap gid = 200000 - 500000 #============================ Share Definitions =============================[don] comment = Sample share path = /tmp create mask = 0644 directory mask = 0775 writeable=yes guest ok = no valid users = CINTASFIT+aixuser, root admin users = root [BISHAREDDEV] path = /BI_SHARED create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+c_acct_cptr_app_g, @CINTAS+sap_cintas_pp, @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G, @CINTAS+C_Payroll_G write list = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G, @CINTAS+C_Payroll_G admin users = root [FIFTHTHDEV] path = /interface_secure/FifthThird create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G admin users = root [NOVASCOTDEV] path = /interface_secure/NovaScotia create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G admin users = root [HEWITTDEV] path = /interface_secure/Hewitt create mask = 0644 directory mask = 0c = yes public = no writeable = no guest ok = no valid users = @CINTAS+c_sap_hewitt_u, @CINTAS+C_MIS_Finance_G, @CINTAS+C_Payroll_G write list = @CINTAS+c_sap_hewitt_u, @CINTAS+C_MIS_Finance_G, @CINTAS+C_Payroll_G admin users = root [INTSECUREDEV] path = /interface_secure create mask = 0644 directory mask = 0775 writeable = no guest ok = no valid users = @CINTAS+C_MIS_Finance_G admin users = root [INOVISDEV] path = /interface/Inovis create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_MIS_EDI write list = @CINTAS+C_MIS_EDI admin users = root [OPTIPLANDEV] path = /interface/Optiplan create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+SAPITTech, @CINTAS+SAP_Cintas_PP write list = @CINTAS+SAPITTech, @CINTAS+SAP_Cintas_PP admin users = root [CONCURDEV] path = /interface_secure/Concur create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G admin users = root [INTERFACEDEV] path = /interface create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_MIS_Finance_G admin users = root [PITNEYBOWDEV] path = /interface_secure/PitneyBowes create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G admin users = root [IRSAUDITDEV] path = /interface_secure/IRSAUDITDEV create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Cptr_App_G, @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_Acct_Cptr_App_G, @CINTAS+C_MIS_Finance_G admin users = root [PNCDEV] path = /interface_secure/PNCDEV create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G write list = @CINTAS+C_Acct_Alchemy_AP, @CINTAS+C_MIS_Finance_G admin users = root [PROJDEVARCH] path = /interface_secure/Projections/I-780683-1-ECC/Archive create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_Acct_Alchemy_AP write list = @CINTAS+C_Acct_Alchemy_AP admin users = root [PROJECTNDEV] path = /interface_secure/Projections create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_MIS_Finance_G, @CINTAS+C_Acct_Cptr_App_G write list = @CINTAS+C_MIS_Finance_G, @CINTAS+C_Acct_Cptr_App_G admin users = root [RYANDEV] path = /interface_secure/Ryan create mask = 0644 directory mask = 0775 public = no writeable = no guest ok = no valid users = @CINTAS+C_MIS_Finance_G, @CINTAS+C_Acct_Cptr_App_G write list = @CINTAS+C_MIS_Finance_G, @CINTAS+C_Acct_Cptr_App_G admin users = root krb5.conf [logging] default = /var/log/samba/krb5.log kdc = /var/log/samba/krb5.log kdc_rotate = { period = 1d version = 5 } [libdefaults] ticket_lifetime = 1d default_realm = CINTAS.FIT dns_lookup_kdc = true verify_ap_req_nofail = false default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 clockskew = 1000 [realms] cintas.fit = { kdc = cinw08v100.cintas.fit kdc = cinw09v101.cintas.fit default_domain = cintas.fit } [domain_realm] cintas.fit = CINTAS.FIT .cintas.fit = CINTAS.FIT [appdefaults] pam = { debug = false ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 500 try_first_pass = true } /etc/pam.conf #Added for Samba auth sufficient pam_winbind.so use_first_pass account sufficient pam_winbind.so use_first_pass password sufficient pam_winbind.so use_first_pass session optional pam_winbind.so use_first_pass /etc/security/user Changed SYSTEMSYSTEM = "compat" to SYSTEM = "DCE OR DCE[UNAVAIL] AND compat" /usr/lib/security/methods.cfg WINDBIND: program = /opt/pware64/lib/security/WINBIND program_64 = /opt/pware64/lib/security/WINBIND options = authonly LDAP: program = /usr/lib/security/LDAP program_64 = /usr/lib/security/LDAP_64 I?ve been combing the documentation to try and figure this out, but my head is spinning right now and I just haven?t been able to put things together to get this to work. Thanks for any help? -- Jim Thompson needgod.com