Sysvol replication + GPOs in Samba4

pawo2000 pawo2000 at
Wed Jan 24 13:50:16 GMT 2007


>We are a very long way from a 'final release', whatever that could be

Right. I've ment "the first production release"

The goals I've suggested have tended to be 'what could we get
>away with for a first alpha'.  These didn't include GPO, simply because
>I wanted to list things I knew enough about to see a path to finishing.
>Separately to that, metze has a list of goals he is working on (I'm sure
>he can remind me of the URL).
>GPO support remains one of our longer term goals:  everybody tells us it
>'it not too hard', but we haven't spent any time on it yet.
>File replication is likewise in that category, but we can probably get
>away with using CIFS for the pull side.

OK. If people say 'it is not too hard' then I would like to take my chances
and at least try to add a group policy support (IMHO the implementation of
SYSVOL replication doesn't make sense if a group policy is not supported at
all). And please don't laugh at me - I know the implementation may take
several months. I don't think I can handle that alone, without your support
and your contribution, so expect a lot of my questions.

What I already know about group policy is it depends on working LDAP, DNS,
SMB and RPC services. At least a client machines (group policy engines) use
these services to identify, download and apply GPOs. 

LDAP stores information about sites, domains, OUs and applied GPOs. DNS is
mainly used to locate a DC. SMB is used to browse SYSVOL and download
appropriate group policies to the client. It looks like group policies are
always pulled by the client machine (never pushed by the server), but I'm
not sure of it. There must be a way to force client machines to refresh
loaded group polices.

LDAP and DNS servers must contain some pieces of information and provide
them to a client machine during its startup and logon to recognize required
group polices. I hope a protocol sniffer is all what we need to identify a
group-policy-related communication between a domain controller and a client

Anyway I'd like to know if the following features are already implemented:
1) Can I already access SYSVOL share? Is it accessible thru
\\<domainname>\SYSVOL ? 
2) Are LDAP and DNS servers integrated with Samba4 (contain AD related
information)? If I recall correctly the Samba4 technology previews were
fully functional AD domain controllers and were properly recognized by
client machines. Is that correct?

And I hope I will be able to compile Samaba4 sources? Is there any stable
snapshot of Smaba4 sources in SVN?

/Patryk Wolowicz

More information about the samba-technical mailing list