I am a student in high school and in charge of a small mac lab with about 25 eMacs as a sort of internship with the yearbook/school newspaper teachers. I am trying to set up an Open Directory server so that everyone can have secure storage for their files rather than everyone dumping them on one folder on the server. I have set up DNS, and the name for the server does resolve correctly to its IP. Code: server:~ admin$ hostname server.dordai.com server:~ admin$ host server.dordai.com server.dordai.com has address 192.168.1.100 server:~ admin$ host 192.168.1.100 126.96.36.199.in-addr.arpa domain name pointer server.dordai.com. I can also get to the OD server from terminal on the client using dscl Code: matthew-dordais-computer:~ mattdordai$ dscl localhost cd LDAPv3 /LDAPv3 > ls server.dordai.com /LDAPv3 > cd server.dordai.com /LDAPv3/server.dordai.com > ls AccessControls AutoServerSetup CertificateAuthorities ComputerLists Computers Config FileMakerServers Groups Locations Machines Mounts Neighborhoods People PresetComputerLists PresetGroups PresetUsers Printers Users /LDAPv3/server.dordai.com > cd Users /LDAPv3/server.dordai.com/Users > ls diradmin root test vpn_4ab158a31ea4 If I change the user account "test" to use a Crypt Password, I can log in fine but everything I have read about crypt passwords stresses that they are insecure and should be avoided. If I set the test account to use an Open Directory password, the password is rejected when I try to log in from the client. The server is configured as an Open Directory Master and Lookup Server, LDAP Server, Password Server, and Kerberos are all running. From what I've read about OD, it seems that a crypt pw does not require kerberos but an open directoy one does. Is this correct and what could be wrong with the way kerberos is configured? If I can't figure this out, is it really ok to just use crypt passwords for all of the users? I'm willing to bet that there are at least a few fellow students that would love to wreck havoc with everyone else's files and it's been done before.