The samba server is running with "security = domain" and it's password server is a Win2k server in the same network acting as a PDC for the domain. Inside the 192.168.0.0 network I can access the samba server's shares fine with my Win2k domain account. But if I try it from a Win2k client over my VPN, I get prompted for a username and password: I give my Win2k domain account and pasword, but access is denied ("Incorrect password or unknown username for \\fileserv"). In Samba's logs I see: --<snip>-- [2002/01/29 00:46:44, 0] passdb/smbpass.c:startsmbfilepwent_internal(87) startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd. Error was No such file or directory [2002/01/29 00:46:44, 0] passdb/passdb.c:iterate_getsmbpwnam(149) unable to open smb password database. [2002/01/29 00:46:44, 1] smbd/password.c:pass_check_smb(505) Couldn't find user 'peter' in smb_passwd file. [2002/01/29 00:46:44, 1] smbd/reply.c:reply_sesssetup_and_X(929) Rejecting user 'peter': authentication failed --</snip>-- Why is my Samba trying to authenticate from the smbpasswd file and not from the Win2k server??? My VPN looks like this: samba server -- freeswan -- internet -- masq fw -- ssh sentinel win2k 192.168.0.4 172.16.1.4 And my smb.conf: --<snip>-- # Global parameters [global] workgroup = NTDOMAIN netbios name = FILESERV server string = Samba %v on (%L) security = DOMAIN password server = HAVANNA encrypt passwords = yes log file = /var/log/samba/log.%m max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No remote announce = 192.168.0.255 os level = 0 local master = no [homes] comment = Home Directories writeable = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba printable = yes browseable = no valid users = @fileserv [share1] path = /fileserv/disk1 writeable = yes valid users = valid users = @fileserv create mask = 0770 directory mask = 0770 inherit permissions = yes --</snip>-- I'm running samba-2.0.10-2 under Red Hat Linux 7.1. Regards, Peter