[Samba] LDAP Replication

Diego Rivera lrivera at racsa.co.cr
Fri Mar 14 10:53:28 GMT 2003

Hey Vladimir,

Right off the bat I can tell you from my experience (unless somebody
corrects me) that you're going to have problems keeping ACLs with Domain
Group references (i.e. ACLs that include groups in the NT4 Domain

Samba 2.2.x doesn't support Domain Groups.  Samba 3.0 does, but as you
mentioned you can't wait until that, and obviously alpha (beta?) level
code would also be unacceptable.

By Domain Groups I mean custom-created groups of users within the NT
domain such as "Managers", "Marketing Personnel", etc...these can't be
represented in Samba 2.2.x AFAIK - only a few "default" (read: required)
groups exist.

I hope I'm wrong, but sadly I don't think I am.


On Thu, 2003-03-13 at 21:45, Zawalinski, Vladimir wrote:
> >From Google searches, it seems that using SAMBA 2.2.7 + Open LDAP on  Linux
> patched for POSIX ACL support delivers a functional PDC/BDC pair, and that
> directory replication can take place automatically once set up.
> Could someone please confirm that this actually works?
> The background to this issue is that we are moving a large number of NT4
> file servers to a LINUX platform, but need to keep security arrangements,
> particularly file ACLs unchanged, but cannot wait until the production
> release of Samba V3.
Diego Rivera <lrivera at racsa.co.cr>

More information about the samba mailing list