I apologize if you received this twice. I received an error after my first email....... Trying to get Samba working with Active Directory and ACL's on an OS X (Tiger) server. So far it hasn't been too easy. We were able to finally recompile version 3.014 with ACL's on the server. Now we are stuck trying to get AD integration to work. Ideally, we would like it set up so that the OS X file server knows and uses all of the users and groups from Active Directory without having to create our own mapping file (does that make sense?). All of the clients are Win XP. As of right now, the file server has been able to join the domain. Issuing a wbinfo -u or wbinfo -g gives the expected output. Now, whenever I try to log into the system using my AD credentials, I see this in the log.smbd file: Username DOMAIN\MFLATLEY$ is invalid on this system Here is the Global section of our smb.conf file: [global] workgroup = DOMAINNY display charset = UTF-8-MAC unix charset = UTF-8-MAC dos charset = CP437 realm = DOMAIN.ORG encrypt passwords = yes password server = adserv2 map acl inherit = yes nt acl support = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 security = ADS client ntlmv2 auth = yes wins support = no wins server = 10.0.11.17 guest account = unknown allow trusted domains = no netbios name = osx-fileserv2 max smbd processes = 0 server string = Mac OS X local master = no domain master = no map to guest = Never defer sharing violations = no log level = 1 use spnego = yes passdb backend = ldapsam smbpasswd auth methods = guest opendirectory username map = /etc/samba/private/smbusers idmap uid = 10000-65000 idmap gid = 10000-65000 winbind cache time = 10 winbind enum users = yes winbind enum groups = yes template primary group = "Domain Users" Can anybody help us out with this? Thanks! mike