Windows 2000 support

Andrew Bartlett abartlet at
Fri Apr 8 19:46:43 UTC 2016

On Fri, 2016-04-08 at 13:52 -0400, Thomas Schulz wrote:
> In the thread titled
> '[PATCH] samba-tool throws error if there is an empty FSMO role'
> Rowland asked:
> > Also would this be a good time to start discussing dropping support
> > for 
> > '2000', Microsoft dropped support for it nearly 6yrs ago, you have
> > to 
> > actively select the 2000 function level at provision and who is
> > likely 
> > to do that ?
> We have a domain with a Windows 2000 Server system as the domain
> controller.
> Awhile back I tried to set up Samba 4.1.something as an additional
> domain controller to provide some redundancy if the Windows 2000
> machine
> went down. I was not sucessfull as replication did not work from the
> Samba DC back to the Windows DC. After working on it for awhile I
> gave
> up on it. Is there some special 2000 function level that I could have
> selected that would have made things work?
> I know that it is a very bad thing to rely on Windows 2000 Serever on
> a
> 15 year old computer, but for several reasons we can not update it.
> We reciently went out and bought a full set of spare parts for the
> machine so that we can fix any failures.

Does this server also have MS Exchange on it?  That schema makes things
more difficult, but the situation is improving.

In any case, the 2000 functional level is still in use a lot, because
it was the default (for compatibility) for a while on windows. 

Likewise too many Samba domains were provisioned at only 2003 FL,
before we moved to 2008R2 as the default.

Finally, while we don't like the security of this old code, we do like
being/staying compatible with it when it isn't much more work, because
it helps out situations like yours.  It helps that when we started,
2000 was still very much around, so the code started with those
expectations.  (And in another area, I was impressed with metze kept
Samba optionally compatible with NT4 SP6 with his schannel work!)

Depending how critical this is, you may wish to work with a Samba dev
shop to sort out the issues.


Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list