Figure out the authentication part, everything else will more or less follow. Samba+Winbind can do the AD integration. Smaba3 can participate in AD as a full domain member computer and authenticate AD users for accessing your Linux computer. Once Samba is configured and joined to AD, you have to edit your PAM configs to use the winbind module and update nssswitch.conf. Everything you need is in the samba manual. If you wanted to go a step further with the AD integration you can fully kerberize your Linux box by installing the kerberos aware versions off sshd and other services. You will have to learn how to set Service Principle Names in Active Directory (using setspn.exe command line utility or ADSI Edit MMC) and just learn a bit how Kerberos works in general. The easy part is that MS Active Directory is also a Kerberos Domain and Samba in AD member mode has already done the Kerberos client setup for you, even creating the SPN needed in AD for Kerberos single sign on connections to your Linux samba server from a Windows (or other domain member) computer. If you are going to open up SSH to the internet you may want to consider setting up firewall rules to filter out unwanted IP addresses. I have a SCP/SFTP server setup to meet the needs of a customer and it was getting constant SSH requests. I ended up restricting it to only accepting SSH connections from the customer's IP range and local network to get rid of the bots that were searching for exploitable SSH installations or just trying to brute force things. If you have an Account Lockout policy set on your AD domain (and if you don't, why not?) a public SSH server could easily lock out numerous AD accounts. Don't bother trying cifs or smb over the Internet. It will work, but it is so slow it may as well not work at all. If you really need to do cifs/smb over the Internet, use VPN. It will still be slow but there will at least be some security there. -- Andrew S. Zbikowski | http://andy.zibnet.us IT Outhouse Blog Thing | http://www.itouthouse.com