HI!! I have one question, in samba 4.8.2 , --forest-level and --domain-level is worked 2012/2012 R2 ? samba-tool domain level --help --forest-level=FOREST_LEVEL The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2) --domain-level=DOMAIN_LEVEL The domain function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2) I see in wiki https://wiki.samba.org/index.php/Raising_the_Functional_Levels but dont understan.... * Functional level is included for use against Windows, but not supported in Samba. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba. 1° - Dont have Windows Server, samba 4(3 Dcs) is ok up(update) FOREST_LEVEL/DOMAIN_LEVEL , 2008 to 2012R2 ? or not recommended ? 2° - Samba with Windows Server 2012 , not work ? Thanks
On Tue, 22 May 2018 12:39:53 -0300 Carlos via samba <samba at lists.samba.org> wrote:> HI!! > > I have one question, in samba 4.8.2 , --forest-level and > --domain-level is worked 2012/2012 R2 ? > > samba-tool domain level --help > > > --forest-level=FOREST_LEVEL > The forest function level (2003 | 2008 | > 2008_R2 | 2012 | 2012_R2) > --domain-level=DOMAIN_LEVEL > The domain function level (2003 | 2008 | > 2008_R2 | 2012 | 2012_R2) > > I see in wiki > https://wiki.samba.org/index.php/Raising_the_Functional_Levels > > but dont understan.... > > * Functional level is included for use against Windows, but not > supported in Samba. Kerberos improvements from Windows Server 2012 > and 2012 R2 are not implemented in Samba. > > 1° - Dont have Windows Server, samba 4(3 Dcs) is ok up(update) > FOREST_LEVEL/DOMAIN_LEVEL , 2008 to 2012R2 ? or not recommended ?This is still a work in progress.> > 2° - Samba with Windows Server 2012 , not work ?As a DC, no, as a Unix domain member, yes. Rowland
Thanks for answers. Why do you have this option if it is not working yet? Just out of curiosity... Regards; On 22-05-2018 12:52, Rowland Penny via samba wrote:> On Tue, 22 May 2018 12:39:53 -0300 > Carlos via samba <samba at lists.samba.org> wrote: > >> HI!! >> >> I have one question, in samba 4.8.2 , --forest-level and >> --domain-level is worked 2012/2012 R2 ? >> >> samba-tool domain level --help >> >> >> --forest-level=FOREST_LEVEL >> The forest function level (2003 | 2008 | >> 2008_R2 | 2012 | 2012_R2) >> --domain-level=DOMAIN_LEVEL >> The domain function level (2003 | 2008 | >> 2008_R2 | 2012 | 2012_R2) >> >> I see in wiki >> https://wiki.samba.org/index.php/Raising_the_Functional_Levels >> >> but dont understan.... >> >> * Functional level is included for use against Windows, but not >> supported in Samba. Kerberos improvements from Windows Server 2012 >> and 2012 R2 are not implemented in Samba. >> >> 1° - Dont have Windows Server, samba 4(3 Dcs) is ok up(update) >> FOREST_LEVEL/DOMAIN_LEVEL , 2008 to 2012R2 ? or not recommended ? > This is still a work in progress. > >> 2° - Samba with Windows Server 2012 , not work ? > As a DC, no, as a Unix domain member, yes. > > Rowland >
Hello List, I would like to raise the Functional Level of two production 4.7.6-Ubuntu DCs to 2008R2. There is a mix of Windows Server 2008 + 2012 performing RDS, Sage and SQL, along with a mix of Windows 7 and Windows 10 desktops all joined to the DOMAIN. What do I need to be worried about when performing this? (Obviously, the two DCs will be backed up and everything else switched off first :) "Here's what we know so far..." root at dc3:~# samba-tool domain level show Domain and forest function level for domain 'DC=X,DC=com' Forest function level: (Windows) 2003 Domain function level: (Windows) 2003 root at dc3:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=X,dc=com' -s base objectVersion # record 1 dn: CN=Schema,CN=Configuration,DC=X,DC=com objectVersion: 47 Thanks, Paully
On 21/06/2018 16:21, Paul Littlefield via samba wrote:> Hello List, > > I would like to raise the Functional Level of two production 4.7.6-Ubuntu DCs to 2008R2. > > There is a mix of Windows Server 2008 + 2012 performing RDS, Sage and SQL, along with a mix of Windows 7 and Windows 10 desktops all joined to the DOMAIN. > > What do I need to be worried about when performing this? > > (Obviously, the two DCs will be backed up and everything else switched off first :) > > "Here's what we know so far..." > > root at dc3:~# samba-tool domain level show > Domain and forest function level for domain 'DC=X,DC=com' > Forest function level: (Windows) 2003 > Domain function level: (Windows) 2003 > > root at dc3:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=X,dc=com' -s base objectVersion > # record 1 > dn: CN=Schema,CN=Configuration,DC=X,DC=com > objectVersion: 47 >OK, so I can report that the Functional Level raising went fine. I didn't know whether it would replicate to the other DC but it did and there have been no problems. This is what I did... * backup of both DCs * shut down all Computers and Servers * perform upgrade * samba-tool domain level show * samba-tool domain level raise --domain-level=2008_R2 * samba-tool domain level raise --forest-level=2008_R2 * samba-tool domain level show * wait 5 mins and check replication * reboot both DCs * login to both DCs to check all OK * turn on V-HOST and Windows Servers first * check remote login on RDS * turn on TEST PC and check login * turn on rest of PCs Just in case anyone wants to know. :) Regards, Paully