Can anyone please help me? I have swapped from using passwd.tdb to using LDAP, but I just can't get it to work. User authentication works if I try to access a share from a locally logged in system, but if I try to login at domain level I get Domain controller not found and the samba log produces this : [2004/09/02 09:16:29, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218) get_md4pw: Workstation SHAUN$: no account in domain Unix user login all works fine. My users and computers are in the same tree (People). The smbtools.conf has People set for users, and the /etc/ldap.conf also has People set. I did question the scope setting so I have set both the smbldap.conf and /etc/ldap.conf files to one. This is getting rather desperate, it looks like if we can't get this to go it Windows 2003 server for this site. Can anyone see what stupid mistake I have made ? (Apart from considering W 2003!) Samba versions tried : 3.0.2 / 3.0.4 / 3.0.6 OS tried : Redhat 9 / Fedora Core 2 Openldap : 2.1.29-1 smbldaptools : 0.8.5 smb.conf : passdb backend = ldapsam:ldap://ldap2.adastral.ucl.ac.uk idmap backend = ldap:ldap://ldap2.adastral.ucl.ac.uk passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* ldap delete dn = Yes add user script = /usr/local/sbin/smbldap-useradd -m "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" delete group script = /usr/local/sbin/smbldap-groupdel "%g" ldap admin dn = cn=samba,ou=DSA,dc=adastral,dc=ucl,dc=ac,dc=uk ldap suffix = dc=adastral,dc=ucl,dc=ac,dc=uk ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap ldap ssl = start tls ldap passwd sync = yes /etc/ldap.conf uri ldaps://ldap2.adastral.ucl.ac.uk:636 base dc=adastral,dc=ucl,dc=ac,dc=uk rootbinddn cn=nssldap,ou=DSA,dc=adastral,dc=ucl,dc=ac,dc=uk scope one pam_filter objectclass=posixaccount pam_login_attribute uid pam_member_attribute gid pam_template_login_attribute uid pam_password md5 nss_base_passwd ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk?one nss_base_shadow ou=People,dc=adastral,dc=ucl,dc=ac,dc=uk?one nss_base_group ou=Group,dc=adastral,dc=ucl,dc=ac,dc=uk?one nss_base_hosts ou=Hosts,dc=adastral,dc=ucl,dc=ac,dc=uk?one ssl start_tls Thanks, Neil. -- Neil Marjoram. Systems Manager University College London Adastral Park Campus Martlesham Heath Ipswich Suffolk IP5 3RL 01473 663711