Release Announcements
=====================
-This is the first preview release of Samba 4.6. This is *not*
+This is the first preview release of Samba 4.8. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
-Samba 4.6 will be the next version of the Samba suite.
+Samba 4.8 will be the next version of the Samba suite.
UPGRADING
NEW FEATURES/CHANGES
====================
-kerberos client encryption types
---------------------------------
-Some parts of Samba (most notably winbindd) perform Kerberos client
-operations based on a Samba-generated krb5.conf file. A new
-parameter, "kerberos encryption types" allows configuring the
-encryption types set in this file, thereby allowing the user to
-enforce strong or legacy encryption in Kerberos exchanges.
+Using x86_64 Accelerated AES Crypto Instructions
+================================================
-The default value of "all" is compatible with previous behavior, allowing
-all encryption algorithms to be negotiated. Setting the parameter to "strong"
-only allows AES-based algorithms to be negotiated. Setting the parameter to
-"legacy" allows only RC4-HMAC-MD5 - the legacy algorithm for Active Directory.
-This can solves some corner cases of mixed environments with Server 2003R2 and
-newer DCs.
+Samba on x86_64 can now be configured to use the Intel accelerated AES
+instruction set, which has the potential to make SMB3 signing and
+encryption much faster on client and server. To enable this, configure
+Samba using the new option --accel-aes=intelaesni.
+This is a temporary solution that is being included to allow users
+to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
+but the longer-term solution will be to move Samba to a fully supported
+external crypto library.
-REMOVED FEATURES
-================
+The third_party/aesni-intel code will be removed from Samba as soon as
+external crypto library performance reaches parity.
+The default is to build without setting --accel-aes, which uses the
+existing Samba software AES implementation.
smb.conf changes
================
- Parameter Name Description Default
- -------------- ----------- -------
- kerberos encryption types New all
+ Parameter Name Description Default
+ -------------- ----------- -------
+ oplock contention limit Removed
+
+NT4-style replication based net commands removed
+================================================
+
+The following commands and sub-commands have been removed from the
+"net" utility:
+
+net rpc samdump
+net rpc vampire ldif
+Also, replicating from a real NT4 domain with "net rpc vampire" and
+"net rpc vampire keytab" has been removed.
+
+The NT4-based commands were accidentially broken in 2013, and nobody
+noticed the breakage. So instead of fixing them including tests (which
+would have meant writing a server for the protocols, which we don't
+have) we decided to remove them.
+
+For the same reason, the "samsync", "samdeltas" and "database_redo"
+commands have been removed from rpcclient.
+
+"net rpc vampire keytab" from Active Directory domains continues to be
+supported.
KNOWN ISSUES
============
-Currently none.
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.8#Release_blocking_bugs
+
#######################################
Reporting bugs & Development Discussion
git.samba.org / obnox / samba / samba-obnox.git / blobdiff