4 This is the first preview release of Samba 4.9. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.9 will be the next version of the Samba suite.
23 There is a new 'net ads setspn' sub command for managing Windows SPN(s)
24 on the AD. This command aims to give the basic functionaility that is
25 provided on windows by 'setspn.exe' e.g. ability to add, delete and list
26 Windows SPN(s) stored in a Windows AD Computer object.
28 The format of the command is:
30 net ads setspn list [machine]
31 net ads setspn [add | delete ] SPN [machine]
33 'machine' is the name of the computer account on the AD that is to be managed.
34 If 'machine' is not specified the name of the 'client' running the command
37 The format of a Windows SPN is
38 'serviceclass/host:port/servicename' (servicename and port are optional)
40 serviceclass/host is generally sufficient to specify a host based service.
42 net ads keytab changes
43 ----------------------
44 net ads keytab add no longer attempts to convert the passed serviceclass
45 (e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
46 computer object. By default just the keytab file is modified.
48 A new keytab subcommand 'add_update_ads' has been added to preserve the
49 legacy behaviour. However the new 'net ads setspn add' subcommand should
50 really be used instead.
52 net ads keytab create no longer tries to generate SPN(s) from existing
53 entries in a keytab file. If it is required to add Windows SPN(s) then
54 'net ads setspn add' should be used instead.
56 Local authorization plugin for MIT Kerberos
57 -------------------------------------------
59 This plugin controls the relationship between Kerberos principals and AD
60 accounts through winbind. The module receives the Kerberos principal and the
61 local account name as inputs and can then check if they match. This can resolve
62 issues with canonicalized names returned by Kerberos within AD. If the user
63 tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
64 Kerberos would return ALICE as the username. Kerberos would not be able to map
65 'alice' to 'ALICE' in this case and auth would fail. With this plugin account
66 names can be correctly mapped. This only applies to GSSAPI authentication,
67 not for the geting the initial ticket granting ticket.
77 As the most popular Samba install platforms (Linux and FreeBSD) both
78 support extended attributes by default, the parameters "map readonly",
79 "store dos attributes" and "ea support" have had their defaults changed
80 to allow better Windows fileserver compatibility in a default install.
82 Parameter Name Description Default
83 -------------- ----------- -------
84 map readonly Default changed no
85 store dos attributes Default changed yes
86 ea support Default changed yes
91 The VFS ABI interface version has changed to 39. Function changes
94 SMB_VFS_FSYNC: Removed: Only async versions are used.
95 SMB_VFS_READ: Removed: Only PREAD or async versions are used.
96 SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used.
97 SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used.
98 SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used.
100 Any external VFS modules will need to be updated to match these
101 changes in order to work with 4.9.x.
106 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs
109 #######################################
110 Reporting bugs & Development Discussion
111 #######################################
113 Please discuss this release on the samba-technical mailing list or by
114 joining the #samba-technical IRC channel on irc.freenode.net.
116 If you do report problems then please try to send high quality
117 feedback. If you don't provide vital information to help us track down
118 the problem then you will probably be ignored. All bug reports should
119 be filed under the Samba 4.1 and newer product in the project's Bugzilla
120 database (https://bugzilla.samba.org/).
123 ======================================================================
124 == Our Code, Our Bugs, Our Responsibility.
126 ======================================================================