We are looking at implementing Samba4 on NethServer 7 to function as a (secondary) domain controller in an existing Active Directory environment currently managed by an existing single Windows Server 2016 server.
Aside from fairly easily-addressed sysvol replication challenges - looking at the official Samba documentation, it seems that nothing higher than a Domain/Forest Function Level of 2008r2 is supported, if Samba4 is to function as Domain Controller in an existing (Windows Server controlled) Active Directory environment?
The information available seems to indicate that the reason for this is due to changes within the Windows Server Kerberos services, that are possibly not available within MIT or Heimdal Kerberos?
Has anyone within the community had experience with this?
**Meanwhile: did you already ask the Samba user mailing list?
**They are surely aware of a such limitation, if it exists.
I haven’t contacted the Samba user list and I could be wrong but I felt that the information online pretty much confirmed the limitation. To be safe, I’ll go ahead and pose the question to the list members anyway.
A really long shot here but does NethServer include any custom Samba patches, that possibly address this issue?
Functional level is included for use against Windows, but not supported in Samba . Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba.
I’ll wait on responses to my Samba email list post, but at this point, it seems that 2008r2 is the highest level supported, if Samba4 is to be involved in DC replication?