[Samba] Restricting DC Roles?

Andrew Bartlett abartlet at samba.org
Thu Oct 25 14:58:13 MDT 2012

On Thu, 2012-10-25 at 07:19 -0700, zbethel wrote:
> I have a small AD forest of two Windows 2008 R2 domain controllers. I would
> like to add a Samba 4 DC to this forest. After running into some problems
> with group policies, I realized that Samba 4 does not currently implement
> file replication. I would like to have the Samba 4 domain controller
> replicate user/computer schema with the Windows machines, but I would like
> for DNS and group policy administration to happen strictly on the Windows
> Machines. Is this possible?
> If I don't do any manual replication to the Samba 4 machine, will client
> machines occasionally pick the S4 box when logging in and attempt to mount
> the SYSVOL share from it? Because that would come up empty and fail. Is it
> possible to restrict logins to only certain DC's?

No, it's not possible to do this.  We know this is a major limitation,
and our only suggestion is to manually replicate the sysvol share.
Sadly we don't have a tool for that either.

We know this is not a great situation, but it just hasn't been possible
to handle yet.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list