Greetings all, Trying to wrap my head around how a linux laptop interacts with AD/FDS when these are reachable - and not. Can you all have a look and edit this post as required to bring me up to speed? A. User is added to AD B. WinSync pulls changes to FDS over SSL 1a. Newly added user on Linux laptop logs into laptop plugged into domain LAN 1a.1 pam_krb5 acquires TGT from AD 1a.2 nss_ldap acquires authorization/automount and other map data from FDS (SSL?) 2a. User uses TGT to access NetApp to automount their home directory Domain login completes. Accessing other kerberized services in an SSO mode functions. ==================== 1b. User logs into laptop off LAN 1b.1 pam_unix authenticates the user from passwd/group/shadow and he mounts local home directory. Local login completes. 3b. User vpns into office w/ vpnc. 3b.1 accesses various servers/services with domain username/password resolved from FDS - no kerberos. Please edit/flesh out as appropriate. Thanks All, Christopher