I have setup a test wan with 2 redhat8 samba 2.2.8pre boxes as: PC1. Domain-Pdc on subnet 1 security=user domain master logon server = yes adduser script for machines (works ok) netlogon, profile shares wins to PC2. etc and PC2. Domain-Bdc on subnet2 domain master = no security=domain pass server=* wins-server = yes logon server = yes adduser script for machines (doesen't work here on Bdc) netlogon, profile shares both subnets linked by a router to simulate our vpns at work. Bdc joins domain on Pdc. smbpasswd -j DOMAIN -r PC1 etc... smbpasswd -S ( copy domain sid; do I need this step with samba pdc? ) I copied smbpasswd file PC1 to PC2. I had to manually add Xp-pro$ account on Bdc as "adduser script" doesen't work. Xp-pro client1 joins Domain and authenticates to Pdc. I break router link and user from Xp-pro authentication times out to Pdc, auths to Bdc just like Nt.great so far. Xp-Profile is stored on Pdc. hmmmm. Bdc-server based profiles are needed here as our office wan link is a slow vpn. Can samba Bdc work as a logon server instead of Pdc for local-lan based profiles? Richard.