I would like Samba to: - authenticate usernames against an Active Directory LDAP without joining the domain, and - use NIS to translate usernames to userids. Because of company politics, I can't join or modify the Active Directory domain. However, I can get a service account for querying AD LDAP. Given the following info, what should my smb.conf look like? AD domain: fake.domain.com AD user container: OU=Tarno,OU=Employees,OU=People,DC=fake,DC=domain,DC=com AD server: dc1.fake.domain.com Thanks. Andrew