(Written as standalone message and not reply this time!!) Hi all This one has been puzzling me for quite a while now. I have been able to set up Samba 3 as an NT4 DC replacement, using the passdb backend. For other applications, I have run Samba and Winbind alongside a Windows Server 2003 Domain Controller and used distributed authentication across the two platforms. What I would like to do now is to use Samba in what is effectively a BDC-type role. I have read a few resources, in particular the Samba Howto Collection, which mention that this is not possible. However, I'm not giving up hope yet. If I am running Winbind successfully, I can set a Windows domain user/group as the owner of a file. If I add POSIX ACL support, then I also gain the ability to extend permissions in a Windows-ish manner. What's missing, then, is an authentication medium. In short, the Samba passdb backend is the hurdle. Am I correct in this assumption? If so, then why can we not run Samba in backend-less mode? As the user database is already distributed across onto the Samba server (by correct setup of winbind) I don't see why we need another backend at all. Sure, grab the username and password from the clients, but PAM-ify the authentication medium so we use the database already in existence. Is it possible to run Samba in this mode? Hoping someone can help. I may be totally ambitious too, I realise :) Cheers Richard