Windows 2000 support

Andrew Bartlett abartlet at samba.org
Fri Apr 8 20:02:03 UTC 2016 

On Fri, 2016-04-08 at 19:06 +0100, Rowland Penny wrote:
> On 08/04/16 18:52, Thomas Schulz wrote:
> > In the thread titled
> > '[PATCH] samba-tool throws error if there is an empty FSMO role'
> > Rowland asked:
> > 
> > > Also would this be a good time to start discussing dropping
> > > support for
> > > '2000', Microsoft dropped support for it nearly 6yrs ago, you
> > > have to
> > > actively select the 2000 function level at provision and who is
> > > likely
> > > to do that ?
> > We have a domain with a Windows 2000 Server system as the domain
> > controller.
> > Awhile back I tried to set up Samba 4.1.something as an additional
> > domain controller to provide some redundancy if the Windows 2000
> > machine
> > went down. I was not sucessfull as replication did not work from
> > the
> > Samba DC back to the Windows DC. After working on it for awhile I
> > gave
> > up on it. Is there some special 2000 function level that I could
> > have
> > selected that would have made things work?
> > 
> > I know that it is a very bad thing to rely on Windows 2000 Serever
> > on a
> > 15 year old computer, but for several reasons we can not update it.
> > We reciently went out and bought a full set of spare parts for the
> > machine so that we can fix any failures.
> > 
> > Tom Schulz
> > Applied Dynamics Intl.
> > schulz at adi.com
> 
> What I meant was, and said so in a roundabout way, should we drop 
> support for 'provisioning' a *new* domain as function level '2000'. 
> Obviously there will be cases of people wanting to join a Samba AD 
> machine to a 2000 server and this should be supported as a way for
> users 
> to upgrade to an higher function level.

The issue there is that if we do that, we loose the ability to test if
we can run in such an environment.   Indeed, we probably should ensure
our join code uses that.

One of the more important differences is the lack of msDS-IntID
support, which is an important issue in extended schema replication.

>   It sounds like I need to re-visit the fsmo.py code and make it (if 
> possible) 2000 aware (i.e. no DNS roles)

In that case, there are other ways to have no DNS roles, like having
once been a 2000 domain (even if upgraded) or a provision with --dns
-backend=BIND9_DLZ or NONE.  The fl2000 environment was just the easy
example you could work with.
Thanks!
Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list