[Samba] Domain Functional Level & Schema Replication

Stuart Naylor stuartiannaylor at thursbygarden.org
Sat Jul 19 22:05:06 MDT 2014 

:) Its M$ again but 2003 and 2003r2 are just as different as 2008 and 2008r2


Its not the windows domain joining that I am confused about as I am sure that works.
What about the NIS information as the schema seems to change on each version until 2008r2

If samba4 is about interoperability then doesn't it need a consistant NIS schema?

Stuart
 
 
-----Original message-----
> From:Rowland Penny <rowlandpenny at googlemail.com>
> Sent: Saturday 19th July 2014 9:24
> To: sambalist <samba at lists.samba.org>
> Subject: Re: [Samba] Domain Functional Level & Schema Replication
> 
> On 19/07/14 02:53, Stuart Naylor wrote:
> > Apols guys about the Thread question. I saw a discussion between Roland and Steve and was just trying to get more info.
> >
> > So apols about hijacking an old thread as it was a bad attempt to nudge a conversion.
> >
> > Firstly could anybody explain why the last line out of samba-tool domain level show.
> >
> > Is this just a bad message or what is triggering "Lowest function level of a DC: (Windows) 2008 R2"
> >
> > One of the most important things for me about Samba4 is extensibility and rfc2307 with AD and this crazy miss mash of M$ & Unix is a very rare route that allows all clients.
> >
> > So I would really appreciate it if somebody could spell out any gotcha's with domain functionality & schema replication.
> >
> > This is where I start to get confused as its with subsequent ADC's and also just the terminology that is used sometimes.
> >
> > So some scenario's...
> >
> >
> > 1...   PDC Windows 2003 with Samba4 ADC with a functional domain level of 2003.
> >
> > The Samba4 ADC runs Unix services which require LDAP access with rfc2307 attributes.
> >
> > 2003 didn't get rfc2307 until 2003r2 so this is a bit of a no go as the samba4 box will of replicated the schema from the Windows 2003 box.
> >
> > So I guess you could add  Windows Services for UNIX Version 3.5 (http://www.microsoft.com/en-gb/download/details.aspx?id=274) to the 2003 box.
> > This will replicate a limited subset of rfc2307 to my samba4 box (anyone know the gotcha's between this and the 2008r2 rfc2307 schema) ?
> 
> This wouldn't help, you need to add 'server for NIS'
> 
> > Then my next question is can we not add the schema requirements for 2008r2 rfc2307 to my samba4 box and just let this replicate to the 2003 box?
> 
> It is already there and as such should replicate to the 2008r2 box.
> 
> >
> > Probably a stupid question but anyone providing solutions with Samba4 that might use linux services requiring rfc2307 has a nightmare is joining existing domains.
> > 2003, 2008 could be really problematic and this makes the extensibility of Samba4 much less.
> 
>  From memory, there haven't been that many windows domain joining 
> problems reported and when they have been reported, they have mostly 
> been fixed.
> 
> > Also I have to ask when it comes to domain provisions but what happened to 2003r2?
> 
> Good question, perhaps 2003 should be read as 2003r2.
> 
> Rowland
> 
> > I presume a lot of this is due to Redmond Herrings but can anyone see why I am slightly confused?
> >
> > Stuart
> >   
> >   
> > -----Original message-----
> >> From:steve <steve at steve-ss.com>
> >> Sent: Friday 18th July 2014 11:13
> >> To: samba at lists.samba.org
> >> Subject: Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?
> >>
> >> On Fri, 2014-07-18 at 01:38 +0100, Stuart Naylor wrote:
> >>> Oh I think I must of misread what you and steve where discussing.
> >>>
> >>> What is confusing me is the output of samba-tool domain level show
> >>>
> >>> Forest function level: (Windows) 2003
> >>> Domain function level: (Windows) 2003
> >>> Lowest function level of a DC: (Windows) 2008 R2
> >>>
> >>> I thought it might of been because rfc2307 schema included was of 2008r2 ilk.
> >>>
> >>> Why does it always say the lowest function level is (Windows) 2008 R2
> >>>
> >>> I just tried samba-tool domain provision --domain=SAMBA4  --adminpass=Mysamba4 --dns-backend=SAMBA_INTERNAL --server-role=dc --function-level=2003 --use-xattr=yes --realm=SAMBA4.LAN
> >>>
> >>> The output is the same as above.
> >>>
> >>> Always Lowest function level of a DC: (Windows) 2008 R2
> >>>
> >>> Stuart
> >> Hi Stuart
> >> The answer to your thread question is, 'no'.
> >> This is because the schema which is supplied for use with samba4 is the
> >> same schema that the smaba team battled with microsoft to release back a
> >> few years back. It was the 2008R2 schema which has full support for
> >> rfc2307. The domain level have always puzzled me too, but we've alsways
> >> been satisfied with. The rfc2307 provision simply adds the schema
> >> extension for sfu which was mysteriously missing. All this does is to
> >> activate the unix tab on ADUC. On Linux with samba-tool and ldbmodify,
> >> you don't need it. But as it seems to do no harm, you may as well have
> >> it anyway. I don't know how it slipped through in the first place
> >> although I guess that m$ may have had something to do with it.
> >> Cheers,
> >> Steve
> >>
> >>
> >>
> >>
> 
> 
>

More information about the samba mailing list