My apologies for being too new to this whole process... Server was AIX 5.3/Samba 2.2.7, authenticating only against the AD. No single sign-on, kerberos, or LDAP to my knowledge; smbd processes never load kerberos or LDAP libraries. Upgraded to AIX 7.1/Samba 3.3.12, which didn't go smoothly; customer is upgrading to Windows Server 2012 AD in a couple of months, so upgraded again to Samba 3.6.23 (IBM's version). User security works fine as a temporary work-around. Server security seems to fail to find the AD server. So it looks like I need to remove the server from the AD, then rejoin. Everything I read, though, says I need Kerberos and LDAP, but we still only want to authenticate the users against the current Windows Server 2003 AD. We don't want single sign-on integration - when a share is mounted (no printers involved), the credentials for the user should be checked against AD, and that's all we want from the AD today. Does rejoining the AD sound like the right approach? Or do I really need Kerberos and LDAP? Any additional or alternate suggestions or ideas? This is a fast deep-dive for me, so please excuse my noobieness.