We are using samba with domain authentication against a windows AD. The account domain is AA. All our hosts (windows and samba systems) and a few generic user accounts are in a domain TT which trust the accounts from AA. In Short our smbd.conf has: . . . security = domain workgroup = TT . . . Normally a user logs on with the user account from AA as AA\userID. We use users.map to map UXlogon = AA\userID With Redhat EL5, Ubuntu Karmic (and also Lucid) these users have no problem to access shares. The samba daemon properly authenticates against the domain controller and allows access to the local share UXlogon without any login dialog. Things are different though if a user is logged in as TT\userID and tries to access a samba share. With Redhat things work like before. With Ubuntu though I do not see any authentication dialog with the domain controller and smbd tries to find the user in smbpasswd which of course is not there. Thus the user is denied to access. I do not understand why there is no request to the domain controller. As a workaround I issued smbpasswd -a TTuserID and the user from TT can now also access the share as expected. Although this has solved the problem for me I still regard it as a bug. If security = domain is used the correct behaviour should be to authenticate all requests against the domain controller . Because Redhat does it correctly I think that there was something wrong in Ubuntu. Unfortunately there is no Ubuntu forum for samba, launchpad bug tracking just points to the samba team. I hope that someone here can shine a light on this problem and it does not become a game of back and forth between samba and ubuntu guys.