Hi, according to https://wiki.samba.org/index.php/Raising_the_Functional_Levels the functional level 2012_R2 should be supported on Samba 4.4 and later. I have Samba 4.11.6: =======================================================root at server-z1:~# smbd -V Version 4.11.6-Ubuntu ======================================================= My actual functional level is 2008_R2: =======================================================root at server-z1:~# samba-tool domain level show ldb_wrap open of secrets.ldb Domain and forest function level for domain 'DC=my,DC=domain,DC=local' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 ======================================================= But I cannot raise to 2012 or 2012_R2: =======================================================root at server-z1:~# samba-tool domain level raise --domain-level=2012 ldb_wrap open of secrets.ldb ERROR: Domain function level can't be higher than the lowest function level of a DC! root at server-z1:~# samba-tool domain level raise --domain-level=2012_R2 ldb_wrap open of secrets.ldb ERROR: Domain function level can't be higher than the lowest function level of a DC! ======================================================= The same trying to do it using Active Directory Domains and Trusts. Could you help me to understand where I'm wrong, please? Thank you very much! Bye
L.P.H. van Belle
2021-Nov-08 10:27 UTC
[Samba] Cannot raise the domain functional level to 2012_R2
Read : https://lists.samba.org/archive/samba/2021-October/237624.html Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > shacky via samba > Verzonden: maandag 8 november 2021 10:43 > Aan: sambalist > Onderwerp: [Samba] Cannot raise the domain functional level to 2012_R2 > > Hi, > according to > https://wiki.samba.org/index.php/Raising_the_Functional_Levels > the functional level 2012_R2 should be supported on Samba 4.4 > and later. > > I have Samba 4.11.6: > =======================================================> root at server-z1:~# smbd -V > Version 4.11.6-Ubuntu > =======================================================> > My actual functional level is 2008_R2: > =======================================================> root at server-z1:~# samba-tool domain level show > ldb_wrap open of secrets.ldb > Domain and forest function level for domain 'DC=my,DC=domain,DC=local' > > Forest function level: (Windows) 2008 R2 > Domain function level: (Windows) 2008 R2 > Lowest function level of a DC: (Windows) 2008 R2 > =======================================================> > But I cannot raise to 2012 or 2012_R2: > =======================================================> root at server-z1:~# samba-tool domain level raise --domain-level=2012 > ldb_wrap open of secrets.ldb > ERROR: Domain function level can't be higher than the lowest > function level > of a DC! > > root at server-z1:~# samba-tool domain level raise --domain-level=2012_R2 > ldb_wrap open of secrets.ldb > ERROR: Domain function level can't be higher than the lowest > function level > of a DC! > =======================================================> > The same trying to do it using Active Directory Domains and Trusts. > > Could you help me to understand where I'm wrong, please? > > Thank you very much! > Bye > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Andrew Bartlett
2021-Nov-08 17:47 UTC
[Samba] Cannot raise the domain functional level to 2012_R2
On Mon, 2021-11-08 at 10:42 +0100, shacky via samba wrote:> > root at server-z1:~# samba-tool domain level raise --domain- > level=2012_R2 > > ldb_wrap open of secrets.ldb > > ERROR: Domain function level can't be higher than the lowest function > level > > of a DC! > > =======================================================> > > > The same trying to do it using Active Directory Domains and Trusts. > > > > Could you help me to understand where I'm wrong, please? > > > > Thank you very much! > > ByeI'm sorry, Samba still misses a number of features to be able to legitimately claim functional level 2012 so while the options are parsed, it will (correctly) be denied. We continue to work on this. A task to implement 'FAST', an improvement to Kerberos, by upgrading the embedded Heimdal has been started will help, but is not the whole solution. Sorry! Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions