There are really two parts to what you are trying to do. Part 1: Get the user information out of the AD LDAP schema. As I understand it, this requires modifying the Active Directory first. I haven't been able to get this to work, but don't control my active directory either. Part 2: Authenticate the user via Kerberos. This is not too bad, as long as you don't care if your desktop can't grant tickets. Two things you need to do: Modify /etc/krb5.conf: * Set the default realm to your AD Domain. e.g.: default_realm = MY.ACTIVEDIRECTORY.COM) * Define as a domain_realm your default realm. e.g.: .my.activedirectory.com = MY.ACTIVEDIRECTORY.COM * Define the realm. e.g.: MY.ACTIVEDIRECTORY.COM { kdc = dc1.my.activedirectory.com kdc = dc2.my.activedirectory.com default_domain = my.activedirectory.com admin_server = dc1.my.activedirectory.com } Modify /etc/pam.d/system-auth -- not something I understand real well, so don't treat this as definitive information. Try: auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass If you use that setup, and keep the username entries in /etc/passwd consistent with the names of users in your active directory, you can require the user to present their AD password in order to login. On Dec 18, 2007 2:45 PM, Joseph L. Casale <jcasale at activenetwerx.com> wrote: > > > > > I have been searching the net for directions on rhel and centos 5(1) to log > in to a windows domain and have found many examples, all different and none > work for me. > > Is there a hint to some documentation anyone here knows of that actually > works? > > > > Thanks! > jlc > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >