Handling DNS in a Single Active Directory Domain Controller Environment

Romo

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

Even newer versions =).

Centos 7.5 is using 4.7.1
Fedora 28 is using 4.8.5

pmoncho

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

scottalanmiller

@romo said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

Even newer versions =).

Centos 7.5 is using 4.7.1
Fedora 28 is using 4.8.5

Oh wow, nevermind, lol.

scottalanmiller

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

Is that for 18.04 or 18.10, the latter released a few days ago (I need to go update some systems.)

StuartJordan

yep, using 18.04.1 here...

scottalanmiller

So likely a bit newer now.

pmoncho

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

Is that for 18.04 or 18.10, the latter released a few days ago (I need to go update some systems.)

My bad, it is 18.04.1

scottalanmiller

I hadn't even realized it was out. I suppose I was out of town when it happened. But I feel like there was a lack of fanfare going on. I had heard of ElementaryOS going to 5.0 without hearing that Ubuntu 18.10 was out!

Obsolesce

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

scottalanmiller

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

If he's merging in DFS, it might. It's rare to do, but could matter.

StuartJordan

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754918(v=ws.10)

scottalanmiller

So 2012 R2 benefits...

1. KDC support for claims. This is a real benefit, but pretty "meh".
2. New authentication policies. Whoop tee do.
3. New authentication policy silos. Even more whoop tee do.

That's it. Two new versions and that is all of the improvements.

StuartJordan

@scottalanmiller hahaha, that's what I wanted to check....I'm sure DFS improvements were there somewhere, not sure what level though.

Obsolesce

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

If he's merging in DFS, it might. It's rare to do, but could matter.

Oh I see, so Windows AD and other services were involved at some point.

StuartJordan

@obsolesce Probably unlikely to be using DFS when using Samba as your PDC but something to be aware of I suppose

scottalanmiller

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

If he's merging in DFS, it might. It's rare to do, but could matter.

Oh I see, so Windows AD and other services were involved at some point.

Depending on what you want to do, sometimes AD has to support it.