1) Samba as ADC to existing Windows 2012R2 Domain with functional level 2012R2
2) Windows 2012R2 server as ADC to existing Samba Domain with functional level 2012R2
It would be nice to have this before Windows 2008R2 reaches EOL (January 14, 2020)
Another option would be to stop using Windows Server altogether... But I'm wondering how this would impact other Microsoft products that use AD (example: SCCM).
Hello, would it be possible to get an update on the status of this bug please?
The status update is that this is a substantial feature that would need commercial funding via a Samba commercial support provider to progress with any pace.
The first blocking step is the upgrade to Heimdal, which is in turn blocked by the need for better tests, so we don't regress as we change the underlying library for our KDC.
The current testsuite is too intimate with the Heimdal code and so fails horribly when we upgrade, we need to have a testsuite written independently.
This testing is being started, we know how important it is, thanks to some great effort by metze to build the underlying infrastructure (a python based testsuite built on pyasn1 and raw cryptograph). It has thankfully also been pushed on a little further thanks to some commercial funding provided to my team at Catalyst by a client.
But that would only be a start, even after upgrading Heimdal we would need to implement the "claims" feature to our KDC, and do some other small things to honestly claim to be a 2012 DC.
Thankfully Windows 2012 can join a down-level domain, just not at FL 2012, provided the schema is updated, which we can do.
*** Bug 13618 has been marked as a duplicate of this bug. ***
The major issues here are all either fixed, under development or under contract for development, I'm very glad to say.
In the short term I'll take this bug to mean 'we should be able to, even if not being feature-for-feature, claim to be 2012R2 for the purposes of a domain join.
A MR doing that is attached to this bug.
I forgot to tag this bug on the commits, but 72335e742e041ea213598a62ae165edeed4b8c99 allows Samba to claim to be Windows 2016 at join time.
The missing features from that functional level are not finished yet, but as long as you understand the risks (eg don't use claims, silos or authentication policies, or can do without them), this can allow a migration.
I'm therefore going to mark this bug as fixed, with the major features to be announced via WHATSNEW.txt
Great news! Thank you.