Is it possible to use wildcards or variable substitution in the "username map"? I am using: security = ADS password server = TEST1.MYDOMAIN The samba server joined the subdomain TEST1.MYDOMAIN. There is a trusted relationship between MYDOMAIN and TEST1.MYDOMAIN. I want ONLY users from TEST1.MYDOMAIN to have access to the samba shares, users from MYDOMAIN must be rejected. The problem I have now is: - a username MYDOMAIN\user1 mapping a share gets authenticated by MYDOMAIN due to the trusted relationship and then mapped to unix user1. - a username TEST1\user1 mapping a share gets authenticated by TEST1 and then mapped to unix user1. so I have 2 different windows users mapped to the same unix user. I can solve the problem by mapping just the valid users in "username map" this way: !user1 = TEST1\user1 nobody = * I have more than 1000 users and serveral samba servers... so keeping all "username map" in sync can be a pain. Could I use wildcards in the "username map"? If so, what is the syntax? I tried the following but does not work... nobody = MYDOMAIN\* Can I use variable substitution? I would like to do something like this: %U = TEST1\%U nobody = MYDOMAIN\%U Cheers, Francisco Lozano - EMBL (Heidelberg)