First Last Prev Next    This bug is not in your last search results.
Bug 38800 - Raise forest and domain function level
Raise forest and domain function level
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.0
Other Linux
: P5 enhancement (vote)
: UCS 4.1
Assigned To: Felix Botner
Arvid Requate
: interim-1
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-30 14:19 CEST by Janis Meybohm
Modified: 2017-06-01 15:36 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016120821000501
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2015-06-30 14:19:45 CEST 
We should raise the forest and domain function level for new installations to 2008 R2
Comment 1 Felix Botner univentionstaff 2015-09-03 19:51:36 CEST 
* changelog r63451
* univention-samba4 r63450

after installing samba4 on UCS 4.1-0
-> samba-tool domain level show
Domain and forest function level for domain 'DC=four,DC=test'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

lets see what the test say
Comment 2 Felix Botner univentionstaff 2015-09-07 09:42:11 CEST 
samba4 tests in my env succeeded.
Comment 3 Arvid Requate univentionstaff 2015-10-07 20:00:41 CEST 
Ok, this is set during initial provisioning.

Note that this causes a change in Samba4 behavior:

With this increased domain function level Samba4 additionally creates AES 256 and AES 128 Kerberos keys in supplementalCredentials of newly created accounts and during password changes that happen directly against Samba. So in theses cases supplementalCredentials contains the additional "Primary:Kerberos-Newer-Keys" structure. In one environment we have seen problems after raising the domain function level in an existing domain. But this change should be safe, as it only affect new Samba/AD domains.
Comment 4 Stefan Gohmann univentionstaff 2015-11-17 12:12:24 CET 
UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.