Two small Samba sites, same OS and Samba version; Debian GNU/Linux 6.0.5 (squeeze) Samba 3.56 Joined via OpenVPN. (yes I am aware of problems with that. Just made a fragmentation/MTU change that made a huge difference) I have set these sites up separately with tdbasm and then joined with a domain trust. The servers have the same users at each with the same UID/GID's. winbind is set up and mostly works okay! (ie I think I have a problem with it despite getting the proper wbinfo etc responses - below) Domain names are CBNE and CBNEA There is a WINS at one end, but lmhosts is also used. (And is the top of order) The idea is that both sites can continue to run independently if disconnected. (I am aware there are better ways to do this, like ldap..) I am considering dropping the WINS entirely. I am trying to run down various issues that I wont bore you all with at the moment. I have a simple question though. From smb.conf idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind enum groups = yes winbind enum users = yes winbind separator = + Is it necessary to separate the domains by idmaps? ie the above is the same at each site. Tnxs Bob ============= What makes me think winbind is not setup properly? If I use a WXP file or share security interface to add or change anything I can "choose" either domain and see it displayed, When however I view that again I no longer see the local domain prefix. Its as if the local domain is going straight to the (passwd) Unix ID. I have been considering changing nsswitch.conf from; passwd: compat winbind ....to passwd: winbind compat but the machines are remote and I don't want to have to make site visit to get root access again! I get similar domain prefix loss issues with an attached Terrastation too. It also seems to lose the plot as far as group security is concerned. I can fix by removing and re-adding the "faulty" group.