Hi I'm using Samba 4 to serve Linux and win 7 clients. I'd like to use GSSAPI to bind to the Samba 4 LDAP to extract the attributes I've added for the Linux clients. nslcd advertises such support, but keeps telling me 'Unknown authentication method'. As a workaround I've done this: I'm using nss-ldapd to map user attributes via nfs4 to the Linux clients. Works fine, but the binddn and bindpw have to be stored in /etc. nslcd runs as user nslcd and I have the permissions on /etc/nslcd.conf set to 0400 nslcd:nslcd. I've discovered that any user can do the bind, so it's not the Admin password that is needed. Until I can get the kerberized bind working (probably never!), any comments about the security of this? Are there other processes where passwords have to be stored in a file? Thanks, Steve