Hi there, I am posting as I am stuck finding a solution on authenticating samba against Microsoft(tm) Active Directory Service (ADS). My szenario is: My operating system (FreeBSD) gets the usernames which own the files I want to share using samba-3 by the nss_ldap authentication modul from the ADS (LDAP). So now I tried samba to query ADS as well, resolving ADS users and make them able to log on to samba with their ADS-account. But the only way I found is using winbindd and use old NT-style authentication behavior, so that the user names samba gets have the format DOMAIN\user (where the seperator can be customized in smb.conf). The problem now is: User names in FreeBSD queried via nss_ldap have the form: user User Names in samba queried via winbindd have the form: DOMAIN\user This is a conflict when samba will do file operation on files that are owned by user, not DOMAIN\user. The glues I have about just are: 1) Waiting for samba-4? 2) Using user name mapping in smb.conf, mapping DOMAIN\user style to user style. 3) Any way querying ADS via smbldap_tools? They don't support the MS Services Unix attribute mappings, do they? Does anyone have any usable solutions for these user name conflicts? It won't be possible to authenticate FreeBSD user names via winbindd to get DOMAIN\user style though. - Ronny -- Ronny Forberger Systemadministration & IT-Support elego Software Solutions GmbH Gustav-Meyer-Allee 25 Geb?ude 12, Raum 227 D-13355 Berlin Tel. +49 30 23 45 86 96 ronny.forberger at elegosoft.com Fax +49 30 23 45 86 95 http://www.elegosoft.com Gesch?ftsf?hrer: Olaf Wagner, Sitz Berlin Amtsgericht Berlin-Charlottenburg, HRB 77719, USt-IdNr: DE163214194