Here's the scenario we often run into; we have machines with multiple user accounts, which all authenticate to our kerberos servers. Depending on the group, these accounts could be local, nis, ldap, etc. They often want to provide samba services, but binding the machine to AD isn't always feasible, so they have to manually create the samba users and password database. Is there any way for samba to use our kerberos servers directly for authentication, without having an AD domain controller as the middleman, and without using plaintext authentication? Thanks -jim