I would like to have multiple Samba Domain Member servers, acting as file servers, in my Active Directory domain. I've used the Samba-3 By Example and the Official Samba-3 reference to get my first server running, authenticating users to my AD domain, and mapping uid/gid using idmaps through winbind. My problem is that, when I setup a second member server, its idmaps aren't guaranteed to be identical to the first server. I know the books mentin using ldap backends when I'm using a samba PDC, but what about when I'm using AD servers for my backend? Should I force Samba to use ldap to access AD instead of winbind? Does Services For Unix (SFU) extend my AD schema (Win2003) to support uid/gids that can be accessed by winbind? Should I just rsync my mapping database to my secondary servers? Any suggestions (other than replacing my AD environment with a Samba PDC) would be appreciated. Steve [global] unix charset = LOCALE workgroup = MYDOMAIN realm = MYDOMAIN.INT server string = Samba File Server security = ADS client use spnego = yes username map = /etc/samba/smbusers log level = 1 syslog = 0 logfile = /var/log/samba/%m max log size = 50 printing = cups printcap name = cups printcap cache time = 750 cups options = raw ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash wins server = 10.0.0.2 winbind separator = + enable privileges = yes