[Samba] AD Functional Level vs very old SaMBa member server
Tamás Németh
nt1277 at gmail.com
Wed Jan 11 09:21:13 UTC 2023
Dear All!
There is a very old (SaMBa 3.2.5 on Debian 6.0.9) Active Directoy MEMBER
fileserver at my workplace. Our Forest/Domain Functional Level is at the
lowest possible (Windows 2000), and we can't postpone raising it anymore.
I've read at Microsoft's "Understanding Active Directory Domain Services
(AD DS) Functional Levels" page that "functional levels do not affect which
operating systems you can run on workstations and member servers that are
joined to the domain or forest". Is it true even in our extreme case?
Can we raise the functional levels all the way to Windows 2016, while -
temporarily - keeping this ancient SaMBa fileserver? In /etc/samba/smb.conf
`security = domain` and `password server = ONE_OF_OUR_DCs`, from which it
authenticates via TCP/445 presumably with some old protocol (e.g. NTLM).
There is also winbindd running on this SaMBa.
Will this authentication and winbindd remain REALLY functional after
raising the Forest/Domain Functional Level or are there any unknown caveats
or obstruction unknown to us? As far as I know we have to enable SMBv1 on
our Windows clients in order to make them able to mount shares from this
SaMBa server, but what about the domain controller which is used by our
SaMBa as password server? Will it have to be tweaked in a similar way, or
can we just raise the functional level without any regedit (or similar)
tricks?
Thank you in advance,
Tamás Németh
More information about the samba
mailing list