Hello. I am not sure if I report in the correct component. I have a WORKGROUP domain with a STORAGE server member (security = domain). Winbind with NSS is running. I have a share on /storage/hourly ls -l /storage/hourly/ drwxr-xr-x 14 root root 4096 25 mai 07:34 h0 drwxr-xr-x 14 root root 4096 25 mai 07:34 h1 ... ls -l /storage/hourly/h1 ... drwxrws--- 2 root service_technique 4096 25 mai 08:28 technique ... Winbind reports the following users and groups: wbinfo -u systech wbinfo -g service technique Group service_technique has the following members: getent group service_technique service_technique:*:489685999:mrechte,systech User systech is seen OK getent passwd systech systech:*:489686002:489685505:System Service Technique:/home/WORKGROUP/systech:/bin/bash I can connect to /storage/hourly OK: smbclient //storage/horaire -U systech Enter systech's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.10-116.el6_2] smb: \> cd h1 smb: \h1\> ls technique D 0 Wed May 30 07:47:33 2012 smb: \h1\> cd technique smb: \h1\technique\> ls . D 0 Wed May 30 07:47:33 2012 .. D 0 Fri May 25 07:34:32 2012 Mozilla Firefox.lnk 724 Fri Dec 23 17:30:02 2011 Nouveau dossier D 0 Wed May 30 07:47:33 2012 If the logon server is down I cannot connect anymore: smbclient //storage/horaire -U systech Enter systech's password: session setup failed: NT_STATUS_NO_LOGON_SERVERS The windbind has been configured with winbind offline logon = yes, so despite logon server is down I still have access to my user/group (getent passwd and group are still reporting the same lists) Everything is OK so far. I would like now to reconfigure the member server to a standalone server to allow access to the above share. I just changed the security = user and add the systech user to tdbsam: pdbedit -a systech I restart the standalone server and try to connect to the share: smbclient //storage/horaire -U systech Enter systech's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.10-116.el6_2] smb: \> cd h1 smb: \h1\> ls technique D 0 Wed May 30 07:47:33 2012 smb: \h1\> cd technique smb: \h1\technique\> ls NT_STATUS_ACCESS_DENIED listing \h1\technique\* This is THE problem. I noticed that wbinfo -u now reports an extra user: STORAGE\systech systech The samba log shows: [2012/05/30 08:36:31.188601, 5] smbd/filename.c:169(unix_convert) unix_convert called on file "h1/technique/*" [2012/05/30 08:36:31.188644, 5] smbd/filename.c:328(unix_convert) unix_convert begin: name = h1/technique/*, dirpath = h1/technique, start = * [2012/05/30 08:36:31.188682, 5] smbd/filename.c:653(unix_convert) New file * [2012/05/30 08:36:31.188713, 3] smbd/vfs.c:881(check_reduced_name) check_reduced_name [h1/technique/*] [/storage/hourly] [2012/05/30 08:36:31.188765, 3] smbd/vfs.c:962(check_reduced_name) check_reduced_name: couldn't get realpath for h1/technique/* [2012/05/30 08:36:31.188796, 5] smbd/filename.c:864(check_name) check_name: name h1/technique/* failed with NT_STATUS_ACCESS_DENIED [2012/05/30 08:36:31.188833, 3] smbd/filename.c:1184(filename_convert) filename_convert: check_name failed for name h1/technique/* with NT_STATUS_ACCESS_DENIED [2012/05/30 08:36:31.188866, 3] smbd/error.c:80(error_packet_set) error packet at smbd/trans2.c(2305) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED Could this be a bug in the vfs.c (or engine backend) not getting the proper gid that enables access to "technique" sub-directory ? Thanks for reading.