I managed to fix the problem and thought I'd post it here as a reference for the next poor sod who needs to do this. The problem was two fold:
1) don't use + as a domain seperator as it can cause problems with samba resolving domain groups. (good 'ole testparm told me so) 2) domain groups are case sensitive (duh !) When referencing domain groups in samba be sure to enclose the group in double quotes if the group name includes spaces eg. @DOMAIN\"Domain Users" I love google groups and especially comp.protocols.smb ! :-) -- Rgds, Chris MacKenzie Either one of us, by himself, is expendable. Both of us are not. -- Kirk, "The Devil in the Dark", stardate 3196.1 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug