As you say UNIX services are catered for with pam_ldap. Found this for Samba: http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#passwd_sync So that's NT Domains sorted as long as I use Samba for the PDC - but what if I want to use M$ Windows for the PDC? I also need to sort out my non-OS systems. Thanks for your help and advice. -- Simon Oliver