hi, in the beginning i want to say you that i have a working samba-ldap PDC (samba 3.0.2a, openldap 2.1.27, redhat linux 9, why redhat ? because slackware don't use pam and i didn't find a way to make samba-ldap work without pam). i want to make a synchronization between user password from samba (this is mail password, too. i use qmail-ldap) and user password from a database server (user is the same). i work at this by a week. for this i make a script with perl and when i change samba(mail, too) password i want to execute this script and change password in database. if i don't want this synchronization all this works great. i was thinking that if i use attributes "unix password change", "passwd program" and "passwd chat" i can do this thing. but when the attributes "unix password sync" is activated and trie changing samba password from windows (98/2K/XP) didn't work, i receive this messaje "You do not have permission to change your password". in my test i use even a verry common script (create some file, and write user+password) and i was drawing a conclusion: dosn't matter what scrip i use, "unix password sync attribute is my problem" :)) don't want to make and use some cgi(perl) script and change passwords from a web interface. don't want that my users be confused when use more that one methods to change their password. thanks, Mihai ------------------------------------- Register for your free domain name! Plus free email and a personal portal http://www.namedemo.com