Univention Bugzilla – Bug 38800
Raise forest and domain function level
Last modified: 2017-06-01 15:36:49 CEST
We should raise the forest and domain function level for new installations to 2008 R2
* changelog r63451 * univention-samba4 r63450 after installing samba4 on UCS 4.1-0 -> samba-tool domain level show Domain and forest function level for domain 'DC=four,DC=test' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 lets see what the test say
samba4 tests in my env succeeded.
Ok, this is set during initial provisioning. Note that this causes a change in Samba4 behavior: With this increased domain function level Samba4 additionally creates AES 256 and AES 128 Kerberos keys in supplementalCredentials of newly created accounts and during password changes that happen directly against Samba. So in theses cases supplementalCredentials contains the additional "Primary:Kerberos-Newer-Keys" structure. In one environment we have seen problems after raising the domain function level in an existing domain. But this change should be safe, as it only affect new Samba/AD domains.
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".