[Samba] Does "active directory" support include policy support
Nathan Ehresman
nehresma at css.tayloru.edu
Mon Mar 31 16:17:01 GMT 2003
Andrew Bartlett wrote:
> On Thu, 2003-03-27 at 19:53, Lasse Riis wrote:
>
>>Well, a rather odd subject, but I couldn't really express it differently.
>>I would simply like to know if the active directory "emulation" of
>>samba+openLDAP+kerberos or samba 3.0 includes support for policies.
>>
>>I have a bunch of XP clients that I need to set some restrictions on.
>>But it seems the days of config.pol files are over, so i need active
>>directory support on my PDC. Having read several articles on active
>>directory, I still don't understand it fully, but articles about setting
>>up active directory on a samba pdc mentioned only partial support for
>>active directory(only some features supported).
>>
>>So before I start crashing our server with software and configuration, I
>>would like to know if (group)policies are supported by active directory
>>on samba. If this is the case, I'd also like to hear if anybody has a
>>working setup of it, and maybe some links (I couldn't finde any) to
>>howtos....
>
>
> We don't yet have an Active Directory PDC (it is much more than
> samba+openLDAP+kerberos - we need them all working with each other :-).
>
> That said, we are often confused for an active directory PDC by the
> clients - they often 'fall back' in parts of the protocol. It may well
> be possible to create such policies - In the end, they are just a file
> in a particular file share.
The workaround that I am using to solve this problem is done on each
client but it works. I built the group policy settings I wanted on one
of the machines which is stored on the client machines under
<windows>\System32\GroupPolicy. I made a copy of that directory and
then copy it onto the client machines that need the group policy
settings at build time. A bit of a kludge, but it works like a charm.
Nathan
More information about the samba
mailing list