As long as your daemons are PAM aware, winbind and PAM makes configuring AD authentication easy. You'll have to install and configure Samba, join the domain, test, edit nssswitch.conf and the PAM configuration files for your daemons, and you should be off and running. Also worth looking into is the Kerberized versions of your daemons. When you do all of the above you're setting up Kerberos authentication anyway, so the next logical step is to add Kerberized services and get full SSO authentication. You'll typically have to add the SPNs to AD using ADSI Edit or the setspn command line tool on windows to get your Kerberized services to work. If you won't be using Kerberized daemons, you should implement a SSL/TLS only policy on any services using AD authentication. (HTTP, IMAP, POP3, SMTP) -- Andrew S. Zbikowski | http://andy.zibnet.us IT Outhouse Blog Thing | http://www.itouthouse.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100202/ab4f2805/attachment.htm