4 This is the first preview release of Samba 4.11. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.11 will be the next version of the Samba suite.
19 Default samba process model
20 ---------------------------
22 The default for the --model argument passed to the samba executable has changed
23 from 'standard' to 'prefork'. This means a difference in the number of samba
24 child processes that are created to handle client connections. The previous
25 default would create a separate process for every LDAP or NETLOGON client
26 connection. For a network with a lot of persistent client connections, this
27 could result in significant memory overhead. Now, with the new default of
28 'prefork', the LDAP, NETLOGON, and KDC services will create a fixed number of
29 worker processes at startup and share the client connections amongst these
30 workers. The number of worker processes can be configured by the 'prefork
31 children' setting in the smb.conf (the default is 4).
33 Authentication Logging.
34 -----------------------
36 Winbind now logs PAM_AUTH and NTLM_AUTH events, a new attribute "logonId" has
37 been added to the Authentication JSON log messages. This contains a random
38 logon id that is generated for each PAM_AUTH and NTLM_AUTH request and is passed
39 to SamLogon, linking the windbind and SamLogon requests.
41 The serviceDescription of the messages is set to "winbind", the authDescription
43 "PASSDB, <command>, <pid>"
44 "PAM_AUTH, <command>, <pid>"
45 "NTLM_AUTH, <command>, <pid>"
47 <command> is the name of the command makinmg the winbind request i.e. wbinfo
48 <pid> is the process id of the requesting process.
50 The version of the JSON Authentication messages has been changed to 1.2 from 1.1
52 Reindex performance improvements
53 --------------------------------
55 The performance of samba-tool dbcheck --reindex has been improved, especially
58 join performance improvements
59 -----------------------------
61 The performance of samba-tool domain join has been improved, especially
67 The scheme of returned LDAP referrals now reflects the scheme of the original
68 request, i.e. referrals received via ldap are prefixed with "ldap://"
69 and those over ldaps are prefixed with "ldaps://"
71 Previously all referrals were prefixed with "ldap://"
76 It is now possible to log the duration of DNS operations performed by Bind9
77 This should aid future diagnosis of performance issues, and could be used to
78 monitor DNS performance. The logging is enabled by setting log level to
81 The logs are currently Human readable text only, i.e. no JSON formatted output.
83 Log lines are of the form:
85 <function>: DNS timing: result: [<result>] duration: (<duration>)
86 zone: [<zone>] name: [<name>] data: [<data>]
88 durations are in microseconds.
90 Default schema updated to 2012_R2
91 -------------------------
93 Default AD schema changed from 2008_R2 to 2012_R2. 2012_R2 functional level
94 is not yet available. Older schemas can be used by provisioning with the
95 '--base-schema' argument. Existing installations can be updated with the
96 samba-tool command "domain schemaupgrade".
101 It is now possible to set the lmdb map size (The maximum permitted size for
102 the database). "samba-tool" now accepts the "--backend-store-size"
103 i.e. --backend-store-size=4Gb. If not specified it defaults to 8Gb.
104 This option is avaiable for the following sub commands:
108 * drs clone-dc-database
113 To improve performance during batch operations i.e. joins, ldb now accepts a
114 "batch_mode" option. However to prevent any index or database inconsistencies
115 if an operation fails, the entire transaction will be aborted at commit.
123 As a leftover from work related to the Samba Web Administration Tool (SWAT),
124 Samba still supported a Python WSGI web server (which could still be turned on
125 from the 'server services' smb.conf parameter). This service was unused and has
126 now been removed from Samba.
129 samba-tool join subdommain
130 --------------------------
132 The subdommain role has been removed from the join command. This option did
133 not work and has no tests.
139 Parameter Name Description Default
140 -------------- ----------- -------
143 fruit:zero_file_id Changed default False
149 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.11#Release_blocking_bugs
152 #######################################
153 Reporting bugs & Development Discussion
154 #######################################
156 Please discuss this release on the samba-technical mailing list or by
157 joining the #samba-technical IRC channel on irc.freenode.net.
159 If you do report problems then please try to send high quality
160 feedback. If you don't provide vital information to help us track down
161 the problem then you will probably be ignored. All bug reports should
162 be filed under the Samba 4.1 and newer product in the project's Bugzilla
163 database (https://bugzilla.samba.org/).
166 ======================================================================
167 == Our Code, Our Bugs, Our Responsibility.
169 ======================================================================