I'm confused about how this works in Samba. Its been a while since I set up a server and I've gotten myself confused. The new server are Ubuntu AMD64 Linux with Samba 3.0.22 One of these is the PDC. The legacy Servers are Solaris 8 running Samba 3.0.24. We are using winbindd and local tdb files on the PDC for authentication. We plan to migrate to LDAP latter. I have used SWAT to configure each server. On the PDC I set up Linux logins for each user, I added them to Samba via smbpasswd. I created a Samba Admin Group "domain". In Linux this all looks right to me. All users can log into the domain and access all of the shares on the servers. None of the users have the ability to change anything via usrmgr.exe or svrmgr.exe. Usrmgr.exe reports "Could not find Domain controller for this Domain". The "Select Domain" popup lists two domains PDC and DOMAIN. Srvmgr.exe reports"Could not find Primary DC for PDC you may administer this domain but certain domain-wide operation will be disabled." All users show their profile directory as "Read Only" in the Windows and it can't be changed. [global] workgroup = DOMAIN server string = %h server (Samba, Ubuntu) obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes hostname lookups = Yes logon path = \\PDC\%U\profile logon drive = U: logon home = \\PDC\%U domain logons = Yes os level = 33 domain master = Yes wins proxy = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 winbind nested groups = Yes admin users = root, administrator hosts allow = 192.168.1.0/255.255.255.0 profile acls = Yes [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] comment = Windows Roaming Profiles path = /home/%U/profile read only = No create mask = 0664 force create mode = 0775 directory mask = 0775 force directory mode = 0775 store dos attributes = Yes -- *Robert Steinmetz, AIA* Principal *Steinmetz & Associates*