hi, i'm having big problems on integrating my samba-server to use the AD for authentication. I am running a Debian Linux (Sarge) box with Samba 3.0.14a and want to share some folders. Winbind is not running yet. Now with "valid users" I want to restrict the access to an specific user. That user should checked against a AD from Samba instead of smbpasswd. First of all, do I need winbind for that purpose? Or is a ldap-configuration in smb.conf enough? Here are the lines of interest: ########### smb.conf ... # LDAP passdb backend = ldapsam:ldap://<AD server>:389/ ldap suffix = "cn=...,dc=..." ldap admin dn = "cn=...,dc=..." ldap filter = (&(objectclass=User)(uid=%u)) ldap ssl = no idmap backend = ad:ldap://<AD server> obey pam restrictions = yes invalid users = root valid users = user1 ########### And second, should the samba-server be member of the AD domain? At the moment he isn't. Btw, UNIX Login against the same AD is working fine on that client (with pam_ldap, nss_ldap). Another question that i have belongs to the idmap_ad plugin from padl. On our AD we integrated the RFC2307 schema. I've compiled the patch successfully and copied it to /usr/lib/samba/idmap/ad.so Do I have to recompile samba, or can I use the already installed one? And is the entry "idmap backend = ad:ldap://<AD server>" in smb.conf the only change to make, so that samba uses ad.so ?? On the logs i can't see anything about ad.so - well it may lie on the problem showed above, so that he didn't come so far?! But I'm not sure. Any help would be appreciated. Over a week of google didn't helped me, neither the reading of many docs. thanks in advance Jan Dworschak