[snip...] This must be on the clients. (Please don't say you're trying that on the server...) --> yes, this is on clients So how do the clients' password and group files compare to the server's files? --> via winbind? i tell the clients (via gui - system-config-auth) to authenticate on the samba-server and use winbind. this works fine. I understand that Samba and the kernel spot if there's suitable software at either end of the link, and negotiate to keep more of the Unix context. Is there a samba group on the clients? Does it have the same GID? Are the users listed as members of the samba group on the clients? --> there is a samba-group on the clients-side. i have to check, wheather they have the same group. Are you using some sort of centralised user/password scheme? (NIS, LDAP, Active Directory...) --> smbpasswd on the domain-server You could try temporarily chmodding the public shares to 777, letting a client write a file, and note the user, group, and permissions of that file. --> i did this temporarily, but it's not what i am looking for long term... Hope this gives you something to think about, Yes, it did! gonna check with a separate group samba with a unique group# on all clients. James.
