Was it my fault, of course. passwd program = /bin/passwd was wrong. Right is passwd program = /bin/passwd "%u" Passwd chat: passwd chat = *ew*password* %n\n *ew*password* %n\n I can add users, add groups, delete users, delete groups,... :) My backend is tdbsam. How did I find it? Was reading through /usr/local/samba/var/log.smbd and saw a complaint that passwd program must contain %u. Why doesn't testparm test this? If it did, it would save me two days of experiments ;-) Cl<