Hi folks, I have a Solaris 8 machine, running Samba 2.2.2, acting as a domain controller. Several different people in the Department do administrative work, such as adding client machines to the network. Rather than a single shared root password we've historically given each sysadmin a root equivelent account, so that in addition to root account there are several other administrator accounts in the /etc/passwd / /etc/shadow file, with different usernames but with UID 0. This has the advantage that the various admins get to choose their own root password, can change it whenever they feel it is appropriate to do so, etc, without disrupting their colleagues access to the system. Since we started joining Windows 2000 workstations to our Samba controlled domain we have needed to add the administrator accounts to our smbpasswd file (previously the admin accounts only existed on the Unix side, and didn't log into Samba). I've found several odd effects which I suspect result from the fact that the NT SIDs that are derived for the various different UID-0 accounts are the same. In particular, it would seem that only the first UID-0 account that is listed in the smbpasswd file is able to add Windows workstations to the Samba controlled domain; if any of the other admins attempt to use their admin username and password to join a workstation then a machine account is created in the smbpasswd file, but no password set on it (both password hash fields set to 'NO PASSWORDXXXXXXXXXXXXXXXXXXXXX', last-change-time set to 'LCT-00000000'). On the Windows side an error dialogue with the following message appears: The following error occured attempting to join the domain "physiology": The account used is a computer account. Use your global user account or local user account to access this server. Any idea how we might overcome this? Is there any way to assign different SIDs to domain accounts which share a Unix UID? I've tried changing the UIDs in the smbpasswd file but this seems not to affect the SID assigned by the Samba domain controller. Regards, -- Neil Hoggarth Departmental Computer Officer <neil.hoggarth@physiol.ox.ac.uk> Laboratory of Physiology http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK