Limitations of Samba-2.2.x as a domain member talking to an AD domain controller

Tim Potter tpot at
Thu Jan 23 22:03:00 GMT 2003

On Thu, Jan 23, 2003 at 10:54:19AM -0800, Richard Sharpe wrote:

> Can anyone point me at documentation on the limitations of a downlevel 
> server being a member server in an AD network? 
> The specific case I am thinking of is a Samba-2.2.x-based server.

I don't have any documentation but I can tell you that you should have
no problems if you install your domain controller with "permissions
compatible with pre-Windows 2000 machines".  As far as I can work out
this just adds the Everyone SID to the builtin "Pre-Windows 2000
Compatible Access" group.

If this sid isn't present you'll have all sorts of weird problems to do
with anonymous access to the LSA and SAM rpc pipes.


More information about the samba-technical mailing list