Hello Rowland, thanks a lot for the quick answer :-) Am 30.05.19 um 12:12 schrieb Rowland penny via samba:> On 30/05/2019 11:04, Dirk Streubel via samba wrote: >> Hello, >> >> i've read a few month here in the list that in Samba 4.11 it will be >> possible to join a Windows 2012 Server to an active Samba AD Structure. >> This would be nice, but what about 2016 / 19 Servers. Are there to many >> Problems withe the new schema of the 2016 / 19 Server? > > One step at a time, we need to get to 2012 first ;-) > > This is actively being worked on and once we get there, it is thought > that the next jump jump to 2016 will be a lot easierSo, with Samba Version 4.11 it would be 2012 an with Version 4.12 then Server 2016 or what are the plans of the Samba Team? :-[> >> >> Another Question: what about the Forest function level and the Domain >> function level that come out of the Box with Samba. >> >> I use here Fedora 30 and the Levels are 2008_R2 and i can't raise to >> 2012_R2. Are there any plans to rise this up to a higher level out of >> the box or is this only a Fedora Problem. > > Can I ask if you are using the standard Fedora Samba packages for your > DC ? > > If you are, are you also aware that they are marked as experimental > because they use MIT kerberos ?Good question Rowland, i don't know exactly why i use the standard Fedora Samba Packages. And yes, i know that MIT Kerberos is experimental. Maybe i would chose Heimdal Kerberos and build my own Packages on my Fedora System. Dirk
On 30/05/2019 13:28, Dirk Streubel wrote:> Hello Rowland, > > thanks a lot for the quick answer :-) > > Am 30.05.19 um 12:12 schrieb Rowland penny via samba: >> On 30/05/2019 11:04, Dirk Streubel via samba wrote: >>> Hello, >>> >>> i've read a few month here in the list that in Samba 4.11 it will be >>> possible to join a Windows 2012 Server to an active Samba AD Structure. >>> This would be nice, but what about 2016 / 19 Servers. Are there to many >>> Problems withe the new schema of the 2016 / 19 Server? >> One step at a time, we need to get to 2012 first ;-) >> >> This is actively being worked on and once we get there, it is thought >> that the next jump jump to 2016 will be a lot easier > So, with Samba Version 4.11 it would be 2012 an with Version 4.12 then > Server 2016 or what are the plans of the Samba Team? :-[As far as I am aware 2012 is planned for 4.11 (but as I am sure you are aware, plans can change), after that I am sure that 2016 will be added as soon as possible.> >>> Another Question: what about the Forest function level and the Domain >>> function level that come out of the Box with Samba. >>> >>> I use here Fedora 30 and the Levels are 2008_R2 and i can't raise to >>> 2012_R2. Are there any plans to rise this up to a higher level out of >>> the box or is this only a Fedora Problem. >> Can I ask if you are using the standard Fedora Samba packages for your >> DC ? >> >> If you are, are you also aware that they are marked as experimental >> because they use MIT kerberos ? > Good question Rowland, i don't know exactly why i use the standard > Fedora Samba Packages.Well, if you don't know, who does ;-)> > And yes, i know that MIT Kerberos is experimental. Maybe i would chose > Heimdal Kerberos and build my own Packages on my Fedora System.I suggest you read this: https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC It may help. There is nothing wrong with using the distro packages, except that quite a few things do not work, this is why it is marked experimental. Rowland
On Fri, 2019-05-31 at 10:46 +0100, Rowland penny via samba wrote:> As far as I am aware 2012 is planned for 4.11 (but as I am sure you are > aware, plans can change), after that I am sure that 2016 will be added > as soon as possible.It depends on what you mean by 2012. We should be able to join and be joined by a 2012 server thanks to the work to upgrade the schema (patches in just some defaults to tweak) and the adprep stuff under samba-tool domain functionalprep However we can't be a 2012R2 functional level server yet, or in the near future, as we do not implement the kerberos features that implies. I'm still hoping to upgrade our Heimdal (perhaps SambaXP will help re- start that process) but that is only one part of the task. I hope this clarifies, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba