Hi all, In short my question is: Is it possible/viable to make Samba 3 server running on Solaris 8 a BDC to an Win2000 or NT4 PDC with the only purpose to automatically update /etc/passwd and /etc/shadow information when the user password is changed. Updating group memberships would also be nice but not necessary. The long question is: Below I am describing a set of problems we are facing. I will be grateful to anyone who finds the time to read this long question and even more grateful if anybody shares their opinion. If I get enough response I will summarize and send it back to the list. Thanks to all, Olga Posnyak Australian Clearing Services The current setup: We have a number of Unix (Solaris8) machines. Some of the machines are running instances of a financial application accessed via telnet, and some are (and have been historically) running Samba for Windows file Sharing. An application is a Progress database with a wide range of reports (mainly csv files or plain text files) started from the application(solaris). The resulting files are written into directories ?shared? by Samba. The files are then accessed by users from their Windows workstations.Some files are transferred to outside companies using third party PC based software. Then there files that are created using Windows applications and then loaded into Unix application as well. There is also a big chunk of files that are MS Excel/Word files accessed only from Windows. These files also live on ?Samba shared? disk. Access to files has been traditionally controlled using Unix (Solaris) means. I.e. group memberships and lately ACLs. Access to a large number of files is strictly limited, as they are files containing banking information. Access from windows is also controlled using Samba ?hosts allow? settings in smb.comf. There are NT domain controllers for NT authentication Unix/NT logons are kept in sync manually. NT groups a almost not used (only a few groups for setting up restrictions for user profiles). Samba is using NT domain controllers for authentication. Passwords on Unix and NT are the same. This is also kept in sync manually. A subset of users are external users (clients). They only access systems via telnet, access to files is also strictly limited. This subset of users do not users Windows based access to files. Requirements: One place to manage user accounts be it NT or Unix. One place to manage user groups. And very importantly password synchronization between NT and Unix. One way to go which will require the least changes is making Samba a PDC and print server (NT domain controllers are currently used as print servers for Windows printing). However, no active directory and can?t do Ms Exchange makes this option not attractive at all to the management. Second way is to use winbindd on all Unix boxes and use Windows2000 authentication for all Solaris servers access. From what I?ve read so far I understand that would be a viable option. However if we move all authentication and file access control to Windows2000 it will require to authenticate external users via Windows2000 as well. Some (in fact most) groups that are used consist from both internal and external users.m It will also require changing file user and group ownerships on a very large number of files (cannot be done durin working hours either). And as I understand we cannot really tell winbindd to use a certain group id or user id, it will just pick one from the range of the ones given to her randomly? Third way I am thinking about is to make Samba BDC to an Win2000 PDC running in a NT4 compatible mode with an only purpose to automatically update /etc/passwd and /etc/shadow information at least when the user password is changed. Updating group memberships would also be nice. However I do not know if it is possible? Thanks to anyone who read that far. Also big thanks to anyone who can point me in the right direction. Olga Posnyak Australian Clearing Services oxp@austclear.com.au