Hide Forgot
Description of problem: IdM Server currently supports Windows 2016, but only with maximum Windows 2012 R2 Forest/Domain Functional Level: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-during.html#platforms-trust """ * You can establish a trust relationship with the following Active Directory functional levels: * Forest functional level range: Windows Server 2008 - Windows Server 2012 R2 Domain functional level range: Windows Server 2008 - Windows Server 2012 R2 * The following operating systems are explicitly supported and tested for establishing a trust using the mentioned functional levels: * Windows Server 2012 R2 * Windows Server 2016 """ Related level description documentation: https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx This RFE is to add a support of Windows Server 2016 Forest/Domain Functional Levels: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/windows-server-2016-functional-levels The primary goal is IdM-AD Trust functionality. Secondary (optional) goal is Winsync agreement functionality.
This work requires switching to use of Kerberos when establishing trust as this will help us working with SMB1-disabled Windows Server 2016: https://pagure.io/freeipa/issue/4960 Linked to this Bugzilla.
Based on Alexander's comment, unlining Pagure issue 4960 (Use Kerberos to establish trust) because it is strictly speaking unrelated.
The RFE was tested in RHEL-7.5 with Windows Server 2016, there should not be anything preventing it from working. Unfortunately, it was not added to the RHEL-7.5 IPA errata, so the bug stayed in NEW state. As we can no longer add the bug to errata cleanly, I am manually switching the bug to CLOSED.