[Samba] Does "active directory" support include policy support

Nathan Ehresman nehresma at css.tayloru.edu
Mon Mar 31 16:17:01 GMT 2003

Andrew Bartlett wrote:
> On Thu, 2003-03-27 at 19:53, Lasse Riis wrote:
>>Well, a rather odd subject, but I couldn't really express it differently.
>>I would simply like to know if the active directory "emulation" of 
>>samba+openLDAP+kerberos or samba 3.0 includes support for policies.
>>I have a bunch of XP clients that I need to set some restrictions on. 
>>But it seems the days of config.pol files are over, so i need active 
>>directory support on my PDC. Having read several articles on active 
>>directory, I still don't understand it fully, but articles about setting 
>>up active directory on a samba pdc mentioned only partial support for 
>>active directory(only some features supported).
>>So before I start crashing our server with software and configuration, I 
>>would like to know if (group)policies are supported by active directory 
>>on samba. If this is the case, I'd also like to hear if anybody has a 
>>working setup of it, and maybe some links (I couldn't finde any) to 
> We don't yet have an Active Directory PDC (it is much more than
> samba+openLDAP+kerberos - we need them all working with each other :-).
> That said, we are often confused for an active directory PDC by the
> clients - they often 'fall back' in parts of the protocol.  It may well
> be possible to create such policies - In the end, they are just a file
> in a particular file share.  

The workaround that I am using to solve this problem is done on each 
client but it works.  I built the group policy settings I wanted on one 
of the machines which is stored on the client machines under 
<windows>\System32\GroupPolicy.  I made a copy of that directory and 
then copy it onto the client machines that need the group policy 
settings at build time.  A bit of a kludge, but it works like a charm.


More information about the samba mailing list