I recently setup Solaris server which uses AD for authentication. It is working well. Now I need to run Samba on this machine. I set up the smb.conf with appropriate entries such as 'security = ads', 'encrypt passwords = yes', use 'kerberos keytab = true', however I don't want to specify an explicit password server. When I try to map the Solaris directories from Windows clients, I keep getting errors. Samba 'net ads info' returns correct information, however. Is it necessary to run 'net ads join' at all? Reading through the net ads, seems it will try to re-create the /etc/krb5/krb5.keytab, add the computer object again in AD. I want to avoid all this because; I got a working configuration, which I don't want to upset. Can someone tell me 1. Is it necessary to run net ads join at all? 2. If required to run net ads anyway, how can I make it run as an non-admin user? (I studied Eric Roseme's paper which is a bit dated) 3. Even if I run net ads I don't want it to mess with krb5.keytab, why does it have to anyway? I already got valid tickets (generated with ktpass.exe) for the authentication supported by Samba arcfour, DES etc. The real issue, I'm trying to avoid is having to run to Windows admins every time there is an issue as the unix/windows teams are run independently. There must be a way out of not running net ads join and still have samba work. Ravi