When "authticated users" are denied read access on (or removed entirely from) a windows 20003R2-sp2 active directory OU, users in that OU are no longer accessible to winbind, Example : getent passwd -u <username i said OU> does no longer work : chown <username i said OU> does no longer work : users in said OU can no longer access domain-member-samba-servers' shares from their windowsXP/2003R2 workstaitions (they have no problem loggging on to the domain with thier workstaitions and access shares on windows file servers). Windows XP/2003R2 -clients and -fileservers are fully able to access user in that OU, even with "authenticated users" removed. Is this a bug in SAMBA, since it works from windows? Or is it a bug in windows or something else? We are not able to reproduce the problem in a windows2003 (not R2) sp1 domain, but we dont know if this has to do with sp1/sp2 or windows2003/windows2003R2 (or maby something else -- the windows2003 domain are in forrest mixed mode, while windows2003R2 are in forrest native mode). -kind regards Erik
Our linux servers are all joined to the domain with "net ads join" (kerberos/ads)