hello there! I've been using Samba-2-2-2 with some LDAP patches (concerning RIDs) as a PDC for Win2Ksp2. Recently I've upgraded to samba-2.2.3. LDAP works fine now, but with one exeption. When one adds a W2k machine to the domain a username and password of domain administrator must be supplied. I've created a user called smbadmin which is "admin user" and "domain admin group". Furthermore a user called "root" have to exist in LDAP database (it could be a bug too but it is acceptable because the account could be disabled). It worked perfectly for Samba2.2.2 but it doesn't work for 2.2.3 !!! It seems that the only way to handle adding W2k workstations to a domain is to use "root" account. According to logs when a user gets admin privilages samba tries to verify if the user's password is the same as root's password. Furthermore root account have to be enabled. This is a serious security hole !!! -- Igor Wojnicki, wojnicki@agh.edu.pl