Hi. I used Samba 2.2.x on my server with LDAP backend. I also had linux users in LDAP (pam_ldap). I had a separate tree for Samba and for linux users. Because I had problems browsing the user lists when trying to set permisions on a share on Win2k and WinXP members of domain and also for other reasons (printer drivers,...) I started an upgrade process to Samba 3.0 . After playing a lot with docs,... I realized that I have to modify the LDAP schema and also some LDAP entries to sucesfully run Samba 3.0 . So I did a slapcat and change the entries (I also gruped the two separated LDAP subtreas into one - so that now PosixAccount and SambaSamAccount are in only one entry). I compiled Samba HEAD (sources/include/version.h says that it is 3.0.0rc2 with default options). After that I changed my smb.conf file so that the new knows how to connect to the LDAP backend. After that I try to run the new server and start playing with Windows machines. On one WinXP machine I can login with certain user and I can also access shares on my Samba server. The problem is that those machine didn't allow login to another user with same permisions. I guess that it was due to local password cache, so I removed the machine from the domain, removed also the samba entry with 'smbpasswd -x -m machine' and readd it with 'smbpasswd -a -m machine'. When I tried to rejoin this machine to the domain, I got an error: 'Access denied'. When Windows ask me for the username I entered a user that is part of Domain Admins (group with RID 512: Domain Admins (S-1-5-21-1774352235-3633204574-4155377895-512) -> ntdomadms ). When I upgraded I imported the old SID with 'net setlocalsid <old-sid>' ... I obtained the old SID from MACHINE.SID file on the old Samba server. I also set the LDAP password for the Administrator bind (smbpasswd -w <pass>). Can anyone help me solve the problem. BTW: log files reports: _samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010) [2003/08/23 22:09:50, 2] smbd/server.c:exit_server(558) BTW2: Any of the users can mount an samba exported share from the same system on a mountpoint using 'mount -t smbfs -o username=DOMAIN\\user //server_name/share_name mount_point' Another problem I have is ... why when I select 'Permisions'from the share box on Windows machine, I can't get users from Samba server? Also net rap groupmember LIST "Domain Users" -U DOMAIN\\user%pass doesn't display nothing. Thanks a lot. Regards, Dezo