samba-tool domain level raise --help says # samba-tool domain level raise --help --forest-level=FOREST_LEVEL The forest function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2) --domain-level=DOMAIN_LEVEL The domain function level (2003 | 2008 | 2008_R2 | 2012 | 2012_R2) # samba-tool domain level raise --forest-level=2012_R2 ERROR: Forest function level can't be higher than the domain function level(s). Please raise it/them first! # samba-tool domain level raise --domain-level=2012_R2 ERROR: Domain function level can't be higher than the lowest function level of a DC! # samba-tool domain level raise --domain-level=2012_R2 --forest-level=2012_R2 ERROR: Domain function level can't be higher than the lowest function level of a DC! Is this a bug or is the documentation ahead of the time? Only the wiki gives also the impression that it is supported, only in a footnote is mentioned: "* Functional level is included for use against Windows, but not supported in Samba. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba" The output of samba-tool should be fixed to reflect the fact that this is not supported.
"ERROR: Domain function level can't be higher than the lowest function level of a DC!" seems to be correct, as a Samba DC is only 2008_R2 compatible yet and sets it's own level to "4" (2008_R2) If you point samba-tool to a Windows domain using -H ldap://... it should work if you only have 2012_R2 compatible domain controllers.