Peter Farrow <peter at farrows.org> wrote: > I have two AD domains, one running on Windows 2000 and one > running on Windows 2003. Each with XP clients, and no trust. > ... > I disconnect the linux server from using the windows 2000 > server as a password server and setup up separate smb accounts > and it works fine from the win2k3 box. I'm really scratching my head here because I think you just identified the reality of your situation -- the limitation of your Windows clients, not any configuration issue with Samba server. Samba will gladly handle authentication fine, even across domains that don't have trusts between them. The problem is that your Samba server has a computername and related SID in only one domain. Windows clients Even if you configure the Samba server to be a member server in both domains, you still have differing SIDs on the objects stored and presented. So various Windows clients in each domain may balk at the SIDs of objects presented in RPC calls. I could be mistaken, but this issue has far more to do with SIDs and what the Windows clients do and don't know about, than the Samba server configuration. SIDs are everything in the NT security model, and are very, very different than UID/GID of the legacy UNIX model. -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith at ieee.org | (please excuse any http://thebs413.blogspot.com/ | missing headers)