contactdarin at posteo.net
2024-May-23 16:25 UTC
[Samba] Fwd: Re: Can't join AD (Fabio Fantoni)
Hello Fabio, The problem is that Samba does not support the joining of a newer Windows server. It has a functional level of 2008_R2 which in my experience is to low for Windows Server 2022 to support as a domain controller. Furthermore, I would advise against having a mix of Windows Servers DC's and Samba DC's as you might encounter issues. What is your use case and is this production critical? I was able to join a Windows server 2022 to a Samba domain by bumping up the functional level. Samba has support for higher functional levels as of 4.19 but they are very much a work in progress and should not be used in a production environment. I have a guide here: https://lemmy.sdf.org/post/16554156 [1] Keep in mind that there will be dragons. Samba should only be used at a 2008_R2 functional level in production. Good luck, Darin> I can't find the mistake causing the problem ... maybe you do. > A Windows 2022 Server can't join the AD.
Andrew Bartlett
2024-May-23 20:50 UTC
[Samba] Notes on Samba at FL 2012 and FL 2016 (was: Re: Fwd: Re: Can't join AD (Fabio Fantoni))
Samba 4.20 now implements FL 2012 except for Group Managed Service Accounts. With the limitation that some features around PKINIT "Key trust" (see Windows Hello for Buisness, which would require something like ADFS anyway), PKINIT key expiry, Samba 4.20 also has a credible implementation of the FL 2016. The last two of these will be in Samba 4.21. So mostly even for the more recent FLs, it is matter of some features will be entirely absent, but as long as you know that we do the higher FLs now. (But that is also why I have not bumped the default FL). Andrew Bartlett On Thu, 2024-05-23 at 16:25 +0000, Darin via samba wrote:> Hello Fabio, > The problem is that Samba does not support the joining of a > newerWindows server. It has a functional level of 2008_R2 which in > myexperience is to low for Windows Server 2022 to support as a > domaincontroller. Furthermore, I would advise against having a mix of > WindowsServers DC's and Samba DC's as you might encounter issues. > What is youruse case and is this production critical? > I was able to join a Windows server 2022 to a Samba domain by bumping > upthe functional level. Samba has support for higher functional > levels asof 4.19 but they are very much a work in progress and should > not be usedin a production environment. I have a guide here: > https://lemmy.sdf.org/post/16554156 [1] > Keep in mind that there will be dragons. Samba should only be used at > a2008_R2 functional level in production. > Good luck, > Darin > > I can't find the mistake causing the problem ... maybe you do.A > > Windows 2022 Server can't join the AD.-- Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions