Limitations of Samba-2.2.x as a domain member talking to an AD domain controller

Damian, G. C. (Gerald) gdamian at
Fri Jan 24 14:04:00 GMT 2003

Tim Potter wrote:
> On Thu, Jan 23, 2003 at 10:54:19AM -0800, Richard Sharpe wrote:
> > Can anyone point me at documentation on the limitations of a downlevel
> > server being a member server in an AD network?
> >
> > The specific case I am thinking of is a Samba-2.2.x-based server.
> I don't have any documentation but I can tell you that you should have
> no problems if you install your domain controller with "permissions
> compatible with pre-Windows 2000 machines".  As far as I can work out
> this just adds the Everyone SID to the builtin "Pre-Windows 2000
> Compatible Access" group.
> If this sid isn't present you'll have all sorts of weird problems to do
> with anonymous access to the LSA and SAM rpc pipes.
> Tim.


Could you expound on this issue more or point me to some
documentation on this subject?

I run version 2.2.6 Samba file and print servers in a mixed
AD network. I'm anxiously awaiting the production release
of 3.0 because we are rapidly moving toward a native mode AD
network in which my Samba servers won't authenticate. 

Right now my Samba servers are set up for Domain security and
we have a local BDC for machine accounts. When I add a new server
to our network, I first create a machine account on the BDC and
then join the domain. However, in our move to a native mode AD
network the local BDC will go away.

Is the any way for our pre 3.0 Samba servers to participate 
in AD and how do you set it up?
Jerry Damian -  My opinions != Ford's opinions or policy
Ford Motor Co, 1116 SRL, MD 1074, 2101 Village Road, Dearborn, MI 48124 USA
Planet Earth, Milky Way Galaxy, Virgo Supercluster, Observable Universe
Phone: 313 323 8347  Fax: 313 390 4865  Email: gdamian at

More information about the samba-technical mailing list