1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.18.0 - Release Notes</title>
8 <H2>Samba 4.18.0 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.18.0.tar.gz">Samba 4.18.0 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.18.0.tar.asc">Signature</a>
15 ==============================
16 Release Notes for Samba 4.18.0
18 ==============================
20 This is the first stable release of the Samba 4.18 release series.
21 Please read the release notes carefully before upgrading.
26 SMB Server performance improvements
27 -----------------------------------
29 The security improvements in recent releases
30 (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
31 caused performance regressions for metadata heavy workloads.
33 While 4.17 already improved the situation quite a lot,
34 with 4.18 the locking overhead for contended path based operations
35 is reduced by an additional factor of ~ 3 compared to 4.17.
36 It means the throughput of open/close
37 operations reached the level of 4.12 again.
39 More succinct samba-tool error messages
40 ---------------------------------------
42 Historically samba-tool has reported user error or misconfiguration by
43 means of a Python traceback, showing you where in its code it noticed
44 something was wrong, but not always exactly what is amiss. Now it
45 tries harder to identify the true cause and restrict its output to
46 describing that. Particular cases include:
48 * a username or password is incorrect
49 * an ldb database filename is wrong (including in smb.conf)
50 * samba-tool dns: various zones or records do not exist
51 * samba-tool ntacl: certain files are missing
52 * the network seems to be down
53 * bad --realm or --debug arguments
55 Accessing the old samba-tool messages
56 -------------------------------------
58 This is not new, but users are reminded they can get the full Python
59 stack trace, along with other noise, by using the argument '-d3'.
60 This may be useful when searching the web.
62 The intention is that when samba-tool encounters an unrecognised
63 problem (especially a bug), it will still output a Python traceback.
64 If you encounter a problem that has been incorrectly identified by
65 samba-tool, please report it on https://bugzilla.samba.org.
67 Colour output with samba-tool --color
68 -------------------------------------
70 For some time a few samba-tool commands have had a --color=yes|no|auto
71 option, which determines whether the command outputs ANSI colour
72 codes. Now all samba-tool commands support this option, which now also
73 accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
74 and 'tty' and 'if-tty' for 'auto' (this more closely matches
75 convention). With --color=auto, or when --color is omitted, colour
76 codes are only used when output is directed to a terminal.
78 Most commands have very little colour in any case. For those that
79 already used it, the defaults have changed slightly.
81 * samba-tool drs showrepl: default is now 'auto', not 'no'
83 * samba-tool visualize: the interactions between --color-scheme,
84 --color, and --output have changed slightly. When --color-scheme is
85 set it overrides --color for the purpose of the output diagram, but
86 not for other output like error messages.
88 New samba-tool dsacl subcommand for deleting ACES
89 -------------------------------------------------
91 The samba-tool dsacl tool can now delete entries in directory access
92 control lists. The interface for 'samba-tool dsacl delete' is similar
93 to that of 'samba-tool dsacl set', with the difference being that the
94 ACEs described by the --sddl argument are deleted rather than added.
96 No colour with NO_COLOR environment variable
97 --------------------------------------------
99 With both samba-tool --color=auto (see above) and some other places
100 where we use ANSI colour codes, the NO_COLOR environment variable will
101 disable colour output. See https://no-color.org/ for a description of
102 this variable. `samba-tool --color=always` will use colour regardless
105 New wbinfo option --change-secret-at
106 ------------------------------------
108 The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
109 which forces the trust account password to be changed at a specified domain
110 controller. If the specified domain controller cannot be contacted the
111 password change fails rather than trying other DCs.
113 New option to change the NT ACL default location
114 ------------------------------------------------
116 Usually the NT ACLs are stored in the security.NTACL extended
117 attribute (xattr) of files and directories. The new
118 "acl_xattr:security_acl_name" option allows to redefine the default
119 location. The default "security.NTACL" is a protected location, which
120 means the content of the security.NTACL attribute is not accessible
121 from normal users outside of Samba. When this option is set to use a
122 user-defined value, e.g. user.NTACL then any user can potentially
123 access and overwrite this information. The module prevents access to
124 this xattr over SMB, but the xattr may still be accessed by other
125 means (eg local access, SSH, NFS). This option must only be used when
126 this consequence is clearly understood and when specific precautions
127 are taken to avoid compromising the ACL content.
129 Azure Active Directory / Office365 synchronisation improvements
130 --------------------------------------------------------------
132 Use of the Azure AD Connect cloud sync tool is now supported for
133 password hash synchronisation, allowing Samba AD Domains to synchronise
134 passwords with this popular cloud environment.
143 Parameter Name Description Default
144 -------------- ----------- -------
145 acl_xattr:security_acl_name New security.NTACL
149 CHANGES SINCE 4.18.0rc4
150 =======================
152 o Jeremy Allison <jra@samba.org>
153 * BUG 15314: streams_xattr is creating unexpected locks on folders.
155 o Volker Lendecke <vl@samba.org>
156 * BUG 15310: New samba-dcerpc architecture does not scale gracefully.
159 CHANGES SINCE 4.18.0rc3
160 =======================
162 o Andreas Schneider <asn@samba.org>
163 * BUG 15308: Avoid that tests fail because other tests didn't do cleanup on
166 o baixiangcpp <baixiangcpp@gmail.com>
167 * BUG 15311: fd_load() function implicitly closes the fd where it should not.
170 CHANGES SINCE 4.18.0rc2
171 =======================
173 o Jeremy Allison <jra@samba.org>
174 * BUG 15301: Improve file_modtime() and issues around smb3 unix test.
176 o Ralph Boehme <slow@samba.org>
177 * BUG 15299: Spotlight doesn't work with latest macOS Ventura.
179 o Stefan Metzmacher <metze@samba.org>
180 * BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
181 (tevent 0.14.1 and ldb 2.7.1 are already released...)
183 o John Mulligan <jmulligan@redhat.com>
184 * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
185 fsp_get_pathref_fd() in close and fstat.
187 o Andreas Schneider <asn@samba.org>
188 * BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1.
189 * BUG 15301: Improve file_modtime() and issues around smb3 unix test.
192 CHANGES SINCE 4.18.0rc1
193 =======================
195 o Andrew Bartlett <abartlet@samba.org>
196 * BUG 10635: Office365 azure Password Sync not working.
198 o Stefan Metzmacher <metze@samba.org>
199 * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
201 o Noel Power <noel.power@suse.com>
202 * BUG 15293: With clustering enabled samba-bgqd can core dump due to use
209 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs
git.samba.org / samba-web.git / blob