Having some trouble setting permissions on folders on my filserver running

Samba 3.0.23d on a Debian4.0 2.6.8-2-686 installation.
Wich is a member server to a Win2k3 active directory.

Have this DFS setup with

drwxrwx--- 4 administrator domain users 4096 Nov 10 16:35 DFS

Under it i Have Documents with same perms.

Under that i have all the BranchOffic folders, and this is where my problem starts.

User test1 has the following groups

"groups test1
test1 : domain users inter-users testgrp
"

Lets say i have the folder test under Documents

With the permissions

drwxrwx--- 4 administrator testgrp 4096 Jan 11 03:05 test

The problem is i cant access this folder, though the user test1 has the group testgrp in his grouplist.

if i instead switch order of the groups for user test1 to:

"groups test1
test1 : domain users testgrp inter-users
"

Notice i put testgrp as secondary grp now
and test1 will be able to access this folder without problems, so it seems theres some problem with getting the samba/linux server to understand that test1 user has the third group added.

Any1 have any suggestions on how to solve this ? Would be very appreciated as ive been battleing with this problem for a few days now, and really cant find any anwears.

Kind regards, Jonas

Your post was confusing (especially on an early Monday morning) but, file permsissions are inherited. That is if you have a folder tree and want to give a group access to the third folder down, they must also have access to the root folder. Otherwise they can't access the share. A workaround is to simply set up the groups and let them have their own share and folders.

If I'm not mistaken-and I could be since it's been awhile since I studied this-the user will access a share as his primary group. Since domain users is a default domain group he was hitting it as inter-users group the first time and testgrp the second.

Try setting ACLs on the folders that make up the shares as in:
where -R is recursive, -m is modify the acl, g is group, rwx is read-write-execute and testgrp is well, the group.

ok, ive solved this by just removing, the "winbind seperator = +"
from the samba conf so it uses \ as seperator instead.

I just came across this solution while running testparm and it outputted that "winbind seperator = +" could cause group permission problems.
It now works when i just used the default setting, thanks for all the replies