Andrey, Thanks for the info. It worked for me. :) Just another question, I want to secure the communication with AD secure. I read that AD is not SSL compatible and supports startTLS. What security mechanism have you used in your systems with AD? http://www.directory.fedora.redhat.com/wiki?title=Server_To_Server_Conn&redi rect=no Hi, You should not verify the users locally (there is a "no_user_check" to add). The authoritative source of validation should be AD/Kerberos. Here is the config that works for us : auth sufficient /lib/security/pam_krb5.so no_user_check account required /lib/security/pam_krb5.so no_user_check -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090923/246ff9eb/attachment.html
