> Is there a way to sync from AD and then use LDAP authentication for > Linux boxes that don't know about AD? I thought I saw something > earlier that said the Posix acount information didn't sync. If that > is true can you configure Linux to use whatever password does sync? > Yes, I think that is the preferred method. Have windows users talk to AD and Linux users talk to LDAP. You can use LDAP for authentication and to store the automount maps for home directories. I believe that is correct, only passwords, groups, account deletion/creation are covered. You wouldn't want to create accounts on the AD side. For example, I have a Fedora DS server that serves mail/web/samba authentication, but have an AD server that serves all windows domain accounts. The PassSync gives me a way of having a "single-sign on" so users only have to change one password. I used to use an OpenLDAP/Samba PDC configuration, but this works much better. If you still want to use Samba as a file server, you can use Idmap which is stored on the LDAP server to maintain the uid/gid mappings to make users/permissions almost completely transparent between platforms. -- Jeff Gamsby
