I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 Server. I have Groups : Finance HR Legal Audit on the windows Server, and i have folders on my FileServer corsponding to those groups. I created users on Windows and joined them to the various groups, so i want to restrict access to files on file server using group membership. i used http://wiki.samba.org/index.php/Samb...tive_Directory to do the installation. wbinfo -u and wbinfo -g are giving me the results that i want e.g Code: [root@fileserver ~]# wbinfo -g domain computers domain controllers schema admins enterprise admins cert publishers domain admins domain users domain guests group policy creator owners ras and ias servers allowed rodc password replication group denied rodc password replication group read-only domain controllers enterprise read-only domain controllers dnsadmins finance hr legal audit im able to browse and view files that are already on the server, but i cannot create a new file or folder, my /etc/samba/smb.conf is as follows [global] workgroup = LAN server string = FILE-SERVER security = ads realm = LAN.LOCAL encrypt passwords = yes preferred master = no template shell = /bin/bash template homedir = /home/%D/%U winbind separator = + winbind uid = 600-20000 winbind gid = 600-20222 winbind use default domain = true winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes enhanced browsing = yes winbind offline logon = false password server = dc.lan.local [LEGAL] comment = Shared Folder path = /home/legal writeable = yes valid users = @NETWORK+legal @NETWORK+directors writelist = @NETWORK+legal create mask = 0777 force create mode = 0777 browseable = yes guest ok = no [HR_ADMIN] comment = Shared Folder path = /home/hr_admin writeable = yes valid users = @NETWORK+directors @NETWORK+hr_admin writelist = @NETWORK+hr_admin create mask = 0777 force create mode = 0777 browseable = yes guest ok = no [FINANCE] comment = Shared Folder path = /home/finance writeable = yes valid users = @NETWORK+directors @NETWORK+finance writelist = @NETWORK+finance create mask = 0777 force create mode = 0777 browseable = yes guest ok = no has anyone used this kind of setup to work? i also want someone who will be a member of group 'Domain Admins' to have read and write access to all the folders and files on the server. thanks in advance.