I've been bashing my head against this same old problem and I've pretty much nailed it down to winbindd. I'm trying to make a Solaris box run SAMBA 3.0.1.pre3 and exist as a member server without acting as a BDC ie. security=domain. There is no Kerberos or LDAP available. All user accounts are on NIS (not NIS+). The install gives me a /etc/init.d/samba.server script that successfully starts smbd and nmbd. But I can't get anything to authenticate. HOW TO INSTALL AND TEST SAMBA informs me that the winbindd daemon has to be running. Further investigation indicates that winbindd links to PAM. /etc/pam.conf contains stuff, so I have to assume (probably not a good idea) that PAM is working. However, there is no pam_winbind.so file and the documentation (http://www.samba.org/samba/docs/man/winbind.html) appears to say this is only required with linux. So I don't understand how winbind is going to talk to PAM. FInally, what are the side-effects of stopping nscd? Does NIS require it?