Hi, I'm running Ubuntu 12.04 server with Samba4 setup as a DomainController - following the OpenChange Cookbook. Everything works, except for file shares not using the user's group. All users view via smbstatus -v show group 'users' no matter what AD group they are in. I've also setup the box to use LDAP authentication using nslcd via nsswitch.conf and using kerberos, but it doesn't matter what, the smbstatus shows group 'users' (gid=100) for all users. Here's my smb.conf: Code: cat /usr/local/samba/etc/smb.conf # Global parameters [global] ### Configuration required by OpenChange server ### dcerpc endpoint servers = +epmapper, +mapiproxy dcerpc_mapiproxy:server = true dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr ### Configuration required by OpenChange server ### workgroup = SFPI-TEST realm = SFPI-TEST.local netbios name = OPENCHANGEDEV server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /usr/local/samba/var/locks/sysvol/sfpi-test.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [Homes] path = /var/openchange/users/%U read only = no [IT] path = /var/openchange/IT preserve case = yes browseable = yes read only = no hide special files = yes valid users = DanteBell,KateL [Profiles] path = /var/openchange/Profiles read only = no Connection using smbclient: Code: smbclient -d3 -U DanteBell%PASSWORD -W SFPI-TEST //192.168.4.110/IT lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface eth0 ip=fe80::de0e:a1ff:fe93:7b12%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.4.222 bcast=192.168.7.255 netmask=255.255.252.0 Client started (version 3.6.3). Connecting to 192.168.4.110 at port 445 Doing spnego session setup (blob length=112) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113522.214.171.124 got OID=126.96.36.199.4.1.3188.8.131.52 got [email protected] smbstatus while connected above: Code: /usr/local/samba/bin/smbstatus -v using configfile = /usr/local/samba/etc/smb.conf Samba version 4.1.0 PID Username Group Machine ------------------------------------------------------------------- 6768 DanteBell [B]users[/B] 192.168.4.222 (ipv4:192.168.4.222:39713) Opened /usr/local/samba/var/lock/connections.tdb Service pid machine Connected at ------------------------------------------------------- IT 6768 192.168.4.222 Mon Feb 3 14:30:21 2014 No locked files samba-tool listmembers of group "Unix Administrators": Code: PYTHONPATH=$PYTHONPATH /usr/local/samba/bin/samba-tool group listmembers "Unix Administrators" KateL DanteBell $64144BC-BE25C09EDAD68F17 /etc/nsswitch.conf: Code: # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis I can dump the LDAP/LDB and that looks fine, too! but I won't put that here since it's too big, but here's the command I utilized: Code: LDB_MODULES_PATH="/usr/local/samba/lib/ldb" /usr/local/samba/bin/ldbsearch -H ldap://openchangedev:389 -k yes -b dc=sfpi-test,dc=local cn='DanteBell' Not sure what else to check. I've also verified using wbinfo sid-to-group,etc and that all looks OK.