[Samba] Domain Functional Level & Schema Replication
Stuart Naylor
stuartiannaylor at thursbygarden.org
Fri Jul 18 19:29:24 MDT 2014
Apols guys about the Thread question. I saw a discussion between Roland and Steve and was just trying to get more info.
So apols about hijacking an old thread as it was a bad attempt to nudge a conversion.
Firstly could anybody explain why the last line out of samba-tool domain level show.
Is this just a bad message or what is triggering "Lowest function level of a DC: (Windows) 2008 R2"
One of the most important things for me about Samba4 is extensibility and rfc2307 with AD and this crazy miss mash of M$ & Unix is a very rare route that allows all clients.
So I would really appreciate it if somebody could spell out any gotcha's with domain functionality & schema replication.
This is where I start to get confused as its with subsequent ADC's and also just the terminology that is used sometimes.
So some scenario's...
1... PDC Windows 2003 with Samba4 ADC with a functional domain level of 2003.
The Samba4 ADC runs Unix services which require LDAP access with rfc2307 attributes.
2003 didn't get rfc2307 until 2003r2 so this is a bit of a no go as the samba4 box will of replicated the schema from the Windows 2003 box.
So I guess you could add Windows Services for UNIX Version 3.5 (http://www.microsoft.com/en-gb/download/details.aspx?id=274) to the 2003 box.
This will replicate a limited subset of rfc2307 to my samba4 box (anyone know the gotcha's between this and the 2008r2 rfc2307 schema) ?
Then my next question is can we not add the schema requirements for 2008r2 rfc2307 to my samba4 box and just let this replicate to the 2003 box?
Probably a stupid question but anyone providing solutions with Samba4 that might use linux services requiring rfc2307 has a nightmare is joining existing domains.
2003, 2008 could be really problematic and this makes the extensibility of Samba4 much less.
Also I have to ask when it comes to domain provisions but what happened to 2003r2?
I presume a lot of this is due to Redmond Herrings but can anyone see why I am slightly confused?
Stuart
-----Original message-----
> From:steve <steve at steve-ss.com>
> Sent: Friday 18th July 2014 11:13
> To: samba at lists.samba.org
> Subject: Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
>
> On Fri, 2014-07-18 at 01:38 +0100, Stuart Naylor wrote:
> > Oh I think I must of misread what you and steve where discussing.
> >
> > What is confusing me is the output of samba-tool domain level show
> >
> > Forest function level: (Windows) 2003
> > Domain function level: (Windows) 2003
> > Lowest function level of a DC: (Windows) 2008 R2
> >
> > I thought it might of been because rfc2307 schema included was of 2008r2 ilk.
> >
> > Why does it always say the lowest function level is (Windows) 2008 R2
> >
> > I just tried samba-tool domain provision --domain=SAMBA4 --adminpass=Mysamba4 --dns-backend=SAMBA_INTERNAL --server-role=dc --function-level=2003 --use-xattr=yes --realm=SAMBA4.LAN
> >
> > The output is the same as above.
> >
> > Always Lowest function level of a DC: (Windows) 2008 R2
> >
> > Stuart
>
> Hi Stuart
> The answer to your thread question is, 'no'.
> This is because the schema which is supplied for use with samba4 is the
> same schema that the smaba team battled with microsoft to release back a
> few years back. It was the 2008R2 schema which has full support for
> rfc2307. The domain level have always puzzled me too, but we've alsways
> been satisfied with. The rfc2307 provision simply adds the schema
> extension for sfu which was mysteriously missing. All this does is to
> activate the unix tab on ADUC. On Linux with samba-tool and ldbmodify,
> you don't need it. But as it seems to do no harm, you may as well have
> it anyway. I don't know how it slipped through in the first place
> although I guess that m$ may have had something to do with it.
> Cheers,
> Steve
>
>
>
>
More information about the samba
mailing list