> I also only use ldap the same way without any winbind. > For years I used to do that however my domain member servers (not PDCs / BDCs) would not enumerate the users correctly for the windows security tab without using winbind. Does this work for you? John