Limitations of Samba-2.2.x as a domain member talking to an AD domain controller

Chere Zhou qzhou at
Fri Jan 24 18:19:01 GMT 2003

I had this similar question too.  Apparently a "Domain local group" in the 
ADS does not show up on my Samba 2.2.5.  Not sure what else would be.  

If nobody knows all of it, perhaps those who ever encountered any problem 
with this situation can just contribute, then we can assemble a list.


On Thu, Jan 23, 2003 at 10:54:19AM -0800, Richard Sharpe wrote:

> Can anyone point me at documentation on the limitations of a downlevel 
> server being a member server in an AD network? 
> The specific case I am thinking of is a Samba-2.2.x-based server.

I don't have any documentation but I can tell you that you should have
no problems if you install your domain controller with "permissions
compatible with pre-Windows 2000 machines".  As far as I can work out
this just adds the Everyone SID to the builtin "Pre-Windows 2000
Compatible Access" group.

If this sid isn't present you'll have all sorts of weird problems to do
with anonymous access to the LSA and SAM rpc pipes.


More information about the samba-technical mailing list