-Please be aware that Samba is now distributed under the version 3
-of the new GNU General Public License. You may refer to the COPYING
-file that accompanies these release notes for further licensing details.
-
-Major enhancements in Samba 3.2.0 include:
-
- File Serving:
- o Use of IDL generated parsing layer for several DCE/RPC
- interfaces.
- o Removal of the 1024 byte limit on pathnames and 256 byte limit on
- filename components to honor the MAX_PATH setting from the host OS.
- o Introduction of a registry based configuration system.
- o Improved CIFS Unix Extensions support.
- o Experimental support for file serving clusters.
- o Support for storing alternate data streams in xattrs
-
-
- Winbind and Active Directory Integration:
- o Full support for Windows 2003 cross-forest, transitive trusts
- and one-way domain trusts
- o Support for userPrincipalName logons via pam_winbind and NSS
- lookups.
- o Support in pam_winbind for logging on using the userPrincipalName.
- o Expansion of nested domain groups via NSS calls.
- o Support for Active Directory LDAP Signing policy.
-
-
- Users & Groups:
- o New ldb backend for local group mapping tables
- o Raised level of security defaults for authentication operations.
-
-
- Documentation:
- o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
- from O'Reilly Publishing.
-
-
-Now Licensed under the GNU GPLv3
-================================
-
-The Samba Team has adopted the Version 3 of the GNU General Public
-License for the 3.2 and later releases. The GPLv3 is the updated
-version of the GPLv2 license under which Samba is currently
-distributed. It has been updated to improve compatibility with other
-licenses and to make it easier to adopt internationally, and is an
-improved version of the license to better suit the needs of Free
-Software in the 21st Century.
-
-The original announcement is available on-line at
-
- http://news.samba.org/announcements/samba_gplv3/
-
-
-New Security Defaults for Authentication
-========================================
-
-Support for LanMan passwords is now disabled in both client and server
-applications. Additionally, clear text authentication requests are
-disabled by default in client utilities such as smbclient and all
-libsmbclient based applications. This will affect connection both
-to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
-to the "Changes" section for details on the exact parameters that were
-updated.
-
-
-
-Registry Configuration Backend
-==============================
-
-Samba is now able to use a registry based configuration backed to
-supplement smb.conf setting. This feature may be enabled by setting
-"config backend = registry" and "registry shares = yes" in the [global]
-section of smb.conf and may be managed using the "net conf" command.
-
-More information may be obtained from the smb.conf(5) and net(8) man
-pages.
-
-
-Removed Features
-================
-
-Both the Python bindings and the libmsrpc shared library have been
-removed from the tree due to lack of an official maintainer.
-
-
-
-######################################################################
-Changes
-#######
-
-smb.conf changes
-----------------
-
- Parameter Name Description Default
- -------------- ----------- -------
- client lanman auth Changed Default No
- client ldap sasl wrapping New plain
- client plaintext auth Changed Default No
- clustering New No
- cluster addresses New ""
- config backend New file
- ctdb socket New ""
- debug class New No
- lanman auth Changed Default No
- ldap debug level New 0
- ldap debug threshold New 10
- mangle map Removed
- open files database hashsize Removed
- read bmpx Removed
- registry shares New No
- winbind expand groups New 1
- winbind rpc only New No
-
-
-Changes since 3.2.0pre1:
------------------------
-o Kai Blin <kai@samba.org>
- * Added support for an SMB_CONF_PATH environment variable
- containing the path to smb.conf.
- * Various fixes to ntlm_auth.
- * make test now supports more extensive SPOOLSS testing using vlp.
- * Correctly handle mixed-case hostnames in NTLMv2 authentication.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
- * Build fixes.
- * Add nss_wrapper support.
- * Start and test winbindd by 'make test'
- * Split up child_dispatch_table into domain, idmap and locator tables
- in winbindd.
- * Fix for a crash bug in pidl generated client code.
- This could have happend with [in,out,unique] pointers
- when the client sends a valid pointer, but the server
- responds with a NULL pointer (as samba-3.0.26a does for some calls).
- * Change NTSTATUS into enum ndr_err_code in librpc/ndr.
- * Remove unused calls in the struct based winbindd protocol.
- * Add --configfile option to wbinfo.
- * Convert winbind_env_set(), winbind_on() and winbind_off() into macros.
- * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode.
- * Implement wbcErrorString() and wbcAuthenticateUserEx().
- * Convert auth_winbind to use wbcAuthenticateUserEx().
-
-
-o Karolin Seeger <ks@sernet.de>
- * Improve error messages of net subcommands.
- * Add 'net rap file user'.
- * Change LDAP search filter to find machine accounts which
- are not located in the user suffix.
-
-
-Original 3.2.0pre1 commits:
----------------------------
-o Michael Adam <obnox@samba.org>
- * Unified POSIX ACL detection including support for FreeBSD and
- HP-UX.
- * Performance improvements for Winbind's lookup functions (names,
- SIDs, and group membership) when joined to an AD domain.
- * Winbind cache validation support.
- * Store domain trust passwords for Samba domain controller's in
- the domain's passdb backend.
- * Merged \winreg server code from the SAMBA_3_2 development branch.
- * Fixes for libreplace.
- * Implement new registry configuration backend.
-
-
-o Jeremy Allison <jra@samba.org>
- * Add support for file system objectIDs.
- * Winbind cache validation support.
- * Add in the UNIX capability for 24-bit readX.
- * Improve Delete-on-Close semantics.
- * Removal of static file and path name buffers in SMB file serving
- code.
-
-
-o Danilo Almeida <dalmeida@centeris.com>
- * Move the machine account to the OU specified when running "net
- ads join".
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Tighten authentication protocol defaults in client tools and
- servers.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Implement support for one-way trusts and two-way cross-forest
- transitive trust in winbindd.
- * Fixes for Winbind's offline/disconnected logon support when
- using remote idmap backends.
- * Fix LookupNames and LookupSids to use the same resolution
- heuristics as Windows XP.
- * Fix lockups in Winbind when running nscd.
- * UPN logon support in pam_winbind.
- * Add support for GNU linker scripts when build shared libraries
- (based on work by Julien Cristau <jcristau@debian.org> and James
- Peach).
-
-
-o Guenther Deschner <gd@samba.org>
- * Additional support for decoding and downloading group policy
- objects from Active Directory.
- * Improvements to "net ads keytab" command.
- * Fixes for linking against Heimdal Kerberos client libs.
- * Support LDAP range retrieval searches.
- * Fixes for failure to refresh user ticket caches in Winbind.
- * UPN logon support in pam_winbind.
- * Add KDC locator plugin for MIT kerberos 1.6 or later.
-
-
-o Steve Langasek <vorlon@debian.org>
- * Allow SIGTERM to cause nmbd to exit while awaiting a interface
- to come up.
-
-
-o Volker Lendecke <vl@samba.org>
- * Merge experimental cluster support patches from the ctdb branch.
- * Add tdb storage abstraction for ctdb.
- * Use IDL for internal message passing system.
- * Add client support for the SamLogonEx() authentication request.
- * Implement RPC proxy stubs in the Samba server code to allow
- replacing implementation functions one by one.
- * Remove static incoming and outgoing buffers from core server SMB
- packet processing code.
- * Add "net sam rights" command.
- * Support for storing xattrs in tdb files
- * Support for storing alternate data streams in xattrs
- * Implement a generic in-memory cache based on rb-trees
- * Add implicit temporary talloc contexts via talloc_stack()
-
-
-o Steve French <sfrench@samba.org>
- * Fixes for mount.cfs Linux utility.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
- * Add support for LDAP digital signing policy.
- * Experimental clustered file system support.
-
-
-o Lars Mueller <lars@samba.org>
- * Makefile and build fixes.
- * Add pam_pwd_expire for pam_winbind (original patch from Andreas
- Schneider).
-
-
-o James Peach <jpeach@apple.com>
- * Fixes for setgroups() and *BSD and Darwin.
- * Support membership of >16 groups on Darwin.
-
-
-o Jiri Sasek <Jiri.Sasek@Sun.COM>
- * Added vfs_vfsacl module.
-
-
-o Karolin Seeger <ks@sernet.de>
- * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
- * Cleanup internal passdb functions.
-
-
-o Simo Sorce <idra@samba.org>
- * Fixes for IDmap and Passdb backends.
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
- * Move several file serving related tdb files to use the dbwrap
- API internally.
- * Cleanup the GPFS VFS plugin.
- * Experimental clustered file system support.