Domain Function Level?
Andrew Bartlett
abartlet at samba.org
Fri Jan 27 14:26:08 MST 2012
On Fri, 2012-01-27 at 16:11 -0500, Charles Tryon wrote:
> When I provision a Samba4 domain, my understanding is that the default
> Domain Function Level is WS 2003. What are the implications, in terms of
> features supported by Samba, of pushing this up to a higher level? Does
> Samba4 support the various different features across these functional
> levels, or does it just tweak the API to mimic the various Microsoft
> changes from one version of their server software to another?
>
> Is it a good idea to use the highest level you can on your network
> (depending on where your client machines are), or is it just safer to stick
> with the default unless you REALLY need the higher level?
>
> (I'm just starting to get into the grubby complexities of dealing with
> AD.... and I wonder why I go home every night with an aching head... :-P)
Off the top of my head:
For Samba, the primary change is the introduction of AES keys for
Kerberos. (2008)
2008 R2 brings the recycle bin functionality, and having a 2003 domain
is required for RODC support and link value replication (replicate only
the changes to the members of a group, not the whole group membership).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list