[Samba] samba4 MAC OS X Workstations Problem

[Ghislain Hachey]

Hi,

This past week I deployed samba4 on a test server running Debian Wheezy.
I use samba4 with bind9 for DNS. The installation was very straight
forward. I also did a test upgrade of an existing samba3 setup which
also worked nicely after I dealt with a few hiccups (mainly all DNS
related). I tested with a Windows XP Pro workstation and it seems to
work flawlessly. I have two things I would like to ask:

1) It's my understanding that permissions on shares are not set like
they were with samba3: they are done mainly through Windows. So what
would be the correct permissions to use on the Unix filesystem (i.e.
dirs/files). At the moment, I have ownership to root with 755 on
directories and 644 on files. Setting ACL through windows seems to work
fine. Is there anything special I need to do on the Unix side of things?
Once I migrate samba3 to samba4 can I safely remove all Unix users and
groups?

2) samba4 is being deployed in a all MAC OS X shop (except servers which
running Debian Wheezy). Unfortunately, I get weird problems when trying
to get the MAC to play with samba4. The version of MAC OS X I used is
10.7.5. It can successfully join the AC DC. I can then switch user to
any of the AC users. However, when I login with an AC user I get an
unusable MAC desktop: I can't open applications and create
files/directories. It's clearly a permission issue, but I don't know why
nor how to fix it. Even more confusing, when I reboot, I can no longer
login using AD users: they are immediately rejected. If I unbind and
rebind to the AD, login using AD users works again but with the same
problem just repeating over again.

I would be grateful for any help, thank you.

-- 
Ghislain Hachey