I may have been asking the wrong questions and/or not providing enough information, so I'm going to re-ask my prior questions, I hope a little more lucidly. My situation is that I have a domain controlled (currently) by Windows NT 4.0, which will eventually become an Active Directory domain. I can keep the NT4 compatibility running on my Active Directory domain when I do get around to converting, however. I have a Redhat Linux 6.2 system which I've locked down to a certain degree; The only remotely-connectable services running on the system are proftpd, sshd, samba, and swat. Swat will probably be removed at a later date, or at least protected via wrappers or xinetd so that it can only be connected to from certain addresses. The purpose of this system is for outside users to be able to FTP into it, and upload or download files. We have some employees who work outside of the office, and VPN is not a reasonable solution for us. Hence, we need these users to be able to upload their files to an FTP server, and then the files should be copyable via windows networking once they're inside the network here. I don't want to maintain seperate passwords for everyone on the FTP server, as it would be a big pain in my backside. Consequently, I want to use domain security to allow users to log in with their domain username and password, being mapped to a unix user and/or group if necessary, and then able to manipulate files inside the pub and incoming directories of the FTP servers to varying degrees; All users should have full control over all files in incoming, and write access to pub. I will delete any files which have been present for longer than N days by virtue of some seperate process. Is there any way, with any combination of free software, to allow this scenario? I have samba 2.0.7 installed, and have been playing with the latest pam_smb module. I haven't yet been able to come up with the results I'm looking for. A number of the options in the body of samba documentation which indicate that they should be able to give me the results I'm looking for either no longer exist, or do not yet exist, so I can't use them. I don't even mind mapping all usernames to a single username (since all users will have the same rights) if that's what it takes; So what does it take?