Thanks a lot, i will try this. What i mean ‘unix local user’ is samba user in tdbsam. And I have another question: Can I set the sequence of auth method when samba is a domain member? I want make samba auth samba user first, if failed, then auth ad user.