lookup_local_sid) and some creative use of the new smbgroupedit tool. You might also need to hack that, to never use the formula. I'm willing to look at a patch that adds yet another smb.conf option to allow this behaviour - as its a mandetory requirement for NT conversion sites. When adding the users, do it with the raw LDIF files an a perl script, rather than the samba tools (so you can set the rid etc manually). Once you are done with that it *should* work - then all you have to do is test it :-) Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net