>Ok, here are the default settings that my kickstart file creates to >allow me to join the domain and have samba manage the keytab. Ross, I was out of town and missed this thread which is of great interest to me as well. When you say "have samba manage the keytab" do you mean not use one as have a dedicated service account on the DC and have it generate the keytab and have it copied over? A lot of solution I have seen use that procedure which I have never wanted to do for obvious reasons. Also, I see you also configure ldap to point towards what looks like your AD server as well. How come you use both Samba/Winbind and ldap? Thanks for the info! jlc