Believe it or not, this does not fall under the wide variety of Win9x FAQs. At least if it does I am missing something... Am working in an environment based on Win98 machines. I previously wrote an explorer replacement to do secure logins to \\server\username, which of course only works under share-level security. The computer names are set to unique per-machine identifiers, and the whole mess is protected by low-level software to reset the hard drive contents on reboot. As we are starting to encounter some XP-capable machines, I also want to support proper domain authentication for those systems. Unfortunately I believe this requires user-level security to work properly (at least testparm certainly feels it is required for domain logons). Any suggestions? If there were a configuration option somewhere to change security levels per-client, it would solve the problem. Two Samba instances and firewall rules are possible but somewhat less than clean. I would prefer either having Win98 send session setup messages with programmatically-specified username and password or modifying Samba again (have already been through the source for a few minor authentication changes). How hard would it be for me to tweak Samba so that only some sessions are shunted to share-level security? Obvious selectors would seem to be triggering "map to guest", or a list of computer names/addresses/protocol versions. Thanks, Chris