+#
+# This will fail against the classic DC, because it requires kerberos
+#
+^samba4.winbind.pac.*\(nt4_member:local\) # No KDC on a classic DC
+#
+# This fails because our python bindings create python Lists, not a type
+# we can watch for set methods on.
+#
+^samba.tests.dcerpc.integer.samba.tests.dcerpc.integer.IntegerTests.test_.*_into_uint8_list
+#
+# Samba sort takes a primative approach to unicode sort. These tests
+# match Windows 2012R2 behaviour.
+#
+^samba4.ldap.sort.python.+UnicodeSortTests
+#
+## We assert all "ldap server require strong auth" combinations
+#
+^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_over_tls
+^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes
+^samba4.ldb.simple.ldaps with SASL-BIND.*fl2003dc # ldap server require strong auth = yes
+# These are supposed to fail as we want to verify the "tls verify peer"
+# restrictions. Note that fl2008r2dc uses a self-signed certificate
+# with does not have a crl file.
+#
+^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name_if_available\(
+^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name\(
+^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=as_strict_as_possible\(
+^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=ca_and_name\(
+^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=as_strict_as_possible\(
+^samba4.ldb.simple.ldaps.*SERVER.REALM.*tlsverifypeer=as_strict_as_possible.*fl2008r2dc
+#
+# we don't allow auth_level_connect anymore...
+#
+^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't allow auth_level_connect anymore
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain_not_matching_qtype
+# ad_dc requires signing
+#
+^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\)
+# fl2000dc doesn't support AES
+^samba4.krb5.kdc.*as-req-aes.*fl2000dc
+# nt4_member and ad_member don't support ntlmv1
+^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user
+#nt-vfs server blocks read with execute access
+^samba4.smb2.read.access
+#ntvfs server blocks copychunk with execute access on read handle
+^samba4.smb2.ioctl.copy_chunk_bad_access
+^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.*