I have a Samba3 PDC/LDAP/PAM/NSS running in a lab. Everything works great. I am using the smbldap scripts for in smb.conf so i can use usrmgr.exe. Last night I was testing to make sure it was all working ok. I added about 6 accounts throught usrmgr.exe with no problem. The smbldap scripts added the user to LDAP, and then samba 'extended' them to samba accounts. Then I tried to add an account for myself using my usual username. It failed. I tried again, it failed. I was given an error of "Access Denied" My troubleshooting went as follows: -run the smbldap script on the local machine. LDAP posix account added OK. -run smbpasswd -a username. Account 'extended to samba account OK. -Deleted the account -run smbpasswd -a username. Failed "Cannot create user", but a user account appeared in ldap. It only had sambaaccount objecttype. No posixaccount, no shadowaccount, no inetorgperson. Hmmm, strange. After about an hour of scrambling, I figured out what was happening. My 'usual' useraccount was already in the local machines /etc/passwd. After removing it from /etc/passwd all attempts to add the account were successful. So my question is . . . Does samba do some check on /etc/passwd, before adding an account, even if ldap is used as the backend passdb? Thanks, cooper