Hi, I've done some extensive searching on that matter and found nothing. What I would like to do is WinXP workstations directly authenticating at a unix kerberos kdc (mit or heimdal, don't care). With the ticket access a samba server configured as a pdc that maps the ticket to a user, ideally stored in a ldap directory (as I already have one lying around :) ). The rest is standard pdc functionality. As far as I see it the only thing differing from an usual samba/ldap setup is that the passwords are not in the ldap dir itself. Is this possible to do? If it isn't - is there a way to store the ntPassword attribute in kerberos like the userPassword? Thanks Jesore