Итак имеется связка samba + ldap, казалось бы все настроено, машинки windows xp sp3, успешно входят в домен, пользователи заходят в систему, но вылез такой прикол ... создаю группу доменную, создаю доменного пользователя, соответственно включаю пользователя в группу, создаю под xp папку и в безопасности даю права для данной группы, ОДНАКО пользователь так и не получает прав на эту папку!
Люди добрые помогите куда копать ...

os GENTOO

samba ver 3.0.34

smb.conf

[global]
        workgroup = OFFICE
        realm = OFFICE.LOCAL
        server string = Samba Server %v
        interfaces = eth1
        bind interfaces only = Yes
        passdb backend = ldapsam:"ldap://127.0.0.1/"
        passwd program = /usr/sbin/smbldap-passwd "%u"
        passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
        log level = 3
        log file = /var/log/samba/log.%m
        max log size = 500
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        add user script = /usr/sbin/smbldap-useradd -n -a "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-userdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        logon path =
        logon home =
        domain logons = Yes
        os level = 255
        preferred master = Yes
        domain master = Yes
        ldap admin dn = cn=Manager,dc=office,dc=local
        ldap delete dn = Yes
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Computers
        ldap suffix = dc=office,dc=local
        ldap user suffix = ou=Users
        idmap backend = ldapsam:ldap://127.0.0.1/
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        admin users = Administrator, root, admin
        hosts allow = 192.168.13., 127.

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes
        browseable = No
        share modes = No

[Profiles]
        path = /var/lib/samba/profiles
        read only = No
        guest ok = Yes
        browseable = No

openldap ver 2.3.43-r1
slapd.conf

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

access to dn.base=""
                by self write
                by * auth
access to attrs=userPassword
                by self write
                by * auth
access to attrs=shadowLastChange
                by self write
                by * read
access to *
                by * read
                by anonymous auth
#loglevel 1
database        bdb
suffix          "dc=office,dc=local"
rootdn          "cn=Manager,dc=office,dc=local"
# Пароль rootpw лучше всего указывать в зашифрованном виде.
# Для генерации шифрованного пароля используйте утилиту slappasswd
# Например: slappasswd -h {MD5}
rootpw          *******
directory       /var/lib/openldap-data
index objectClass           eq
index cn                    eq,subinitial
index sn                    eq,subinitial
index uid                   eq,subinitial
index displayName           eq,subinitial
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq