On Mon, 23 Jun 2025 09:48:08 +0000 Manzini Enrico <emanzini at zensistemi.com> wrote:> Hi rowland > Try to set "ad dc functional level = 2016" in /etc/samba/smb.conf of > the rwdc, because it seem the dc functional level is lower that one > specified in the domain functional level >Thanks for that, it made me stop and think, not because I didn't have that line in my DCs, I did. I traced the error to a an RODC that I have running, an ldbsearch produced this: sudo ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b 'DC=samdom,DC=example,DC=com' -s sub '(msDS-Behavior-Version=*)' msDS-Behavior-Version .................. # record 2 dn: CN=NTDS Settings,CN=RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com msDS-Behavior-Version: 4 Changing that '4' to a '7' with ldbmodify fixed the problem, running 'sudo samba-tool domain level show' now produces this: Domain and forest function level for domain 'DC=samdom,DC=example,DC=com' Forest function level: (Windows) 2016 Domain function level: (Windows) 2016 Lowest function level of a DC: (Windows) 2016 Rowland
Manzini Enrico
2025-Jun-23 10:38 UTC
[Samba] R: R: Error in 'samba-tool domain level show's
Hi, the change of the msds-behavior with adsiedit, modifiy the dc version of my rodc, and now with all domain controller holding windows server 2012 version, samba-tool show me that the domain function level is 2008R2, but the function level of a dc in 2012 r2, that let me to increase both the domain and the forest functional level. I attach some screeshots for clarification Enrico Manzini -----Messaggio originale----- Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny via samba Inviato: luned? 23 giugno 2025 12:23 A: samba at lists.samba.org Cc: Rowland Penny <rpenny at samba.org> Oggetto: Re: [Samba] R: Error in 'samba-tool domain level show's On Mon, 23 Jun 2025 09:48:08 +0000 Manzini Enrico <emanzini at zensistemi.com> wrote:> Hi rowland > Try to set "ad dc functional level = 2016" in /etc/samba/smb.conf of > the rwdc, because it seem the dc functional level is lower that one > specified in the domain functional level >Thanks for that, it made me stop and think, not because I didn't have that line in my DCs, I did. I traced the error to a an RODC that I have running, an ldbsearch produced this: sudo ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b 'DC=samdom,DC=example,DC=com' -s sub '(msDS-Behavior-Version=*)' msDS-Behavior-Version .................. # record 2 dn: CN=NTDS Settings,CN=RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com msDS-Behavior-Version: 4 Changing that '4' to a '7' with ldbmodify fixed the problem, running 'sudo samba-tool domain level show' now produces this: Domain and forest function level for domain 'DC=samdom,DC=example,DC=com' Forest function level: (Windows) 2016 Domain function level: (Windows) 2016 Lowest function level of a DC: (Windows) 2016 Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba