I'm not quite sure what questions to ask...I have a Debian box used by 10 or 12 people on a university campus; most of them are using it just as file-storage via Samba from their Windows/Macs boxes; a few are ssh'ing into it, etc, for other usages; some have web sites on it.For years their accounts have been maintained as local accounts on that Debian box, but as we're swapping out hardware, I'm also thinking it's time to swap out account management to let our campus-wide Active Directory provide their accounts instead of them (and me) having to maintain two separate sets of account credentials (three, if you include the samba file-sharing account on the old Debian setup).After considerable hair-pulling, I've managed to get the box to authenticate using their AD credentials, so that a user can simply ssh in without having an account on the box, using their AD credentials. But of course, their User IDs in AD are different than they were on the old Debian box, so their file permissions are different.Since it's just a dozen users or so, I can easily "id" their AD UID and "chown -R" their files in their home directory (which have been copied over manually from the old Debian box) to their AD UID.But that leaves several questions:<snip>3) Can I limit logins/file-sharing to just a subset of campus users (one department, not just anyone having a campus account)?