From b9701a0a79dd15dd6f53075638fba9a2a3d92e19 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2014 11:01:18 -0700 Subject: [PATCH] provision: Change the default functional level of new Samba domains to 2008R2. Windows 2003 is going out of support shortly, and we want users to have AES by default Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- python/samba/netcmd/domain.py | 4 ++-- python/samba/provision/__init__.py | 2 +- testprogs/blackbox/upgradeprovision-oldrelease.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index fe34f9434b8..9dfbc391bca 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -205,8 +205,8 @@ class cmd_domain_provision(Command): default="domain controller"), Option("--function-level", type="choice", metavar="FOR-FUN-LEVEL", choices=["2000", "2003", "2008", "2008_R2"], - help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2003 Native.", - default="2003"), + help="The domain and forest function level (2000 | 2003 | 2008 | 2008_R2 - always native). Default is (Windows) 2008R2 Native.", + default="2008_R2"), Option("--next-rid", type="int", metavar="NEXTRID", default=1000, help="The initial nextRid value (only needed for upgrades). Default is 1000."), Option("--partitions-only", diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index ca80e42058d..1603321bd8b 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -1245,7 +1245,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid, domainControllerFunctionality = DS_DOMAIN_FUNCTION_2008_R2 if dom_for_fun_level is None: - dom_for_fun_level = DS_DOMAIN_FUNCTION_2003 + dom_for_fun_level = DS_DOMAIN_FUNCTION_2008_R2 if dom_for_fun_level > domainControllerFunctionality: raise ProvisioningError("You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008_R2). This won't work!") diff --git a/testprogs/blackbox/upgradeprovision-oldrelease.sh b/testprogs/blackbox/upgradeprovision-oldrelease.sh index 3cb79293341..26807be22c3 100755 --- a/testprogs/blackbox/upgradeprovision-oldrelease.sh +++ b/testprogs/blackbox/upgradeprovision-oldrelease.sh @@ -91,7 +91,7 @@ samba_upgradedns() { } referenceprovision() { - $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=SAMBA --host-name=ares --realm=${RELEASE}.samba.corp --targetdir=$PREFIX_ABS/${RELEASE}_upgrade_reference --use-ntvfs --host-ip=127.0.0.1 --host-ip6=::1 + $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=SAMBA --host-name=ares --realm=${RELEASE}.samba.corp --targetdir=$PREFIX_ABS/${RELEASE}_upgrade_reference --use-ntvfs --host-ip=127.0.0.1 --host-ip6=::1 --function-level=2003 } ldapcmp() {