Hi all, I just upgraded more servers, and doing some tests I found that my setup for kerberos/ldap authentication against Active Directory is no more working. I don't know why... I followed some times ago scott Lowe blog for this setup : http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/ And it was working correctly until the upgrade. What is curious is that id command and getent passwd works correctly : # id pean uid=9808(pean) gid=5027(ida) groupes=5027(ida),10(wheel),100(users),5024(info) # getent passwd |grep pean pean:*:9808:5027:pean:/home/pean:/bin/bash 'pean' es an AD account. But when I try to autenticate, even locally : So LDAP is correctly found. It is the password that seems problematic... ]$ su - pean Mot de passe : Mot de passe : su: incorrect password Here is the content of my system-auth-ac pam module : ]$ cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_krb5.so auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_krb5.so account sufficient pam_succeed_if.so uid < 100 quiet account required pam_deny.so password requisite pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so Has anyone an idea where to look ? I noticed that 5.6 introduced sssd, and I know that in RHEL 6.0 TLS/SSL authentication is mandatory for LDAP authentication... Thans for the help. Alain -- ========================================================== Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 ==========================================================