I have searched through samba.org and google but have not gained any ground on this one. I have two servers. One is a linux server that must authenticate users logging in via ssh against a Windows 2003 AD server and hopefully create a home directory for them if authenticated. I am trying to avoid going the padl.com route if possible and only use samba/krb5/ldap since hopefully that will require less modifications to the underlying ldap/krb config. (Maybe not) After following all the instructions on samba.org, kinit works fine. I can then do smbclient with -k to mount shares just fine. The one thing I can not get working is net ads join. I always get the responce: [2004/08/10 12:42:30, 0] "libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: DSA is unwilling to perform ads_join_realm: DSA is unwilling to perform All of the searches I did for that string return things totally unrelated to samba/AD. Any thoughts on this? My user account is a domain administrator, local administrator, etc... Regards, Aaron