-What's new in Samba 4 alpha5
-============================
-
-Samba 4 is the ambitious next version of the Samba suite that is being
-developed in parallel to the stable 3.0 series. The main emphasis in
-this branch is support for the Active Directory logon protocols used
-by Windows 2000 and above.
-
-Samba4 alpha5 follows on from the alpha release series we have been
-publishing since September 2007
-
-WARNINGS
-========
-
-Samba4 alpha5 is not a final Samba release. That is more a reference
-to Samba4's lack of the features we expect you will need than a
-statement of code quality, but clearly it hasn't seen a broad
-deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
-Samba4, you would find many things work, but that other key features
-you may have relied on simply are not there yet.
-
-For example, while Samba 3.0 is an excellent member of a Active
-Directory domain, Samba4 is happier as a domain controller, and it is
-in this role where it has seen deployment into production.
-
-Samba4 is subjected to an awesome battery of tests on an
-automated basis, we have found Samba4 to be very stable in it's
-behaviour. We have to recommend against upgrading production servers
-from Samba 3 to Samba 4 at this stage, because there may be the features on
-which you may rely that are not present, or the mapping of
-your configuration and user database may not be complete.
-
-If you are upgrading, or looking to develop, test or deploy Samba4, you should
-backup all configuration and data.
-
-NEW FEATURES
-============
-
-Samba4 supports the server-side of the Active Directory logon environment
-used by Windows 2000 and later, so we can do full domain join
-and domain logon operations with these clients.
-
-Our Domain Controller (DC) implementation includes our own built-in
-LDAP server and Kerberos Key Distribution Center (KDC) as well as the
-Samba3-like logon services provided over CIFS. We correctly generate
-the infamous Kerberos PAC, and include it with the Kerberos tickets we
-issue.
-
-The new VFS features in Samba 4 adapts the filesystem on the server to
-match the Windows client semantics, allowing Samba 4 to better match
-windows behaviour and application expectations. This includes file
-annotation information (in streams) and NT ACLs in particular. The
-VFS is backed with an extensive automated test suite.
-
-A new scripting interface has been added to Samba 4, allowing
-Python programs to interface to Samba's internals.
-
-The Samba 4 architecture is based around an LDAP-like database that
-can use a range of modular backends. One of the backends supports
-standards compliant LDAP servers (including OpenLDAP), and we are
-working on modules to map between AD-like behaviours and this backend.
-We are aiming for Samba 4 to be powerful frontend to large
-directories.
-
-CHANGES SINCE Alpha4
+Release Announcements
=====================
-In the time since Samba4 Alpha4 was released in June 2008, Samba has
-continued to evolve, but you may particularly notice these areas:
+This is the first release candidate of Samba 4.4. This is *not*
+intended for production environments and is designed for testing
+purposes only. Please report any defects via the Samba bug reporting
+system at https://bugzilla.samba.org/.
- LDAP backend support restored (issues preventing the use of the LDAP
- backend in alpha4 have been addressed)
+Samba 4.4 will be the next version of the Samba suite.
- SMB2 Support: The SMB2 server, while still disabled, has improved,
- and now supports SMB2 signing.
- OpenChange support: Updates have been made since alpha4 to better
- support OpenChange's use of Samba4's libraries.
+UPGRADING
+=========
- Faster ldb loading: A fix to avoid calling 'init_module' (which was
- not defined by Samba modules, but was by the C library) will fix
- some of the slowness in authentication.
+Nothing special.
- SWAT Remains Disabled: Due to a lack of developer time and without a
- long-term web developer to maintain it, the SWAT web UI remains been
- disabled (and would need to be rewritten in python in any case).
- GNU Make: To try and simplfy our build system, we rely on GNU Make
- to avoid autogenerating a massive single makefile.
+NEW FEATURES/CHANGES
+====================
+Asynchronous flush requests
+---------------------------
-These are just some of the highlights of the work done in the past few
-months. More details can be found in our GIT history.
+Flush requests from SMB2/3 clients are handled asynchronously and do
+not block the processing of other requests. Note that 'strict sync'
+has to be set to 'yes' for Samba to honor flush requests from SMB
+clients.
+s3: smbd
+--------
-CHANGES
-=======
+Remove '--with-aio-support' configure option. We no longer would ever prefer
+POSIX-RT aio, use pthread_aio instead.
-Those familiar with Samba 3 can find a list of user-visible changes
-since that release series in the NEWS file.
+samba-tool sites
+----------------
-KNOWN ISSUES
-============
+The 'samba-tool sites' subcommand can now be run against another server by
+specifying an LDB URL using the '-H' option and not against the local database
+only (which is still the default when no URL is given).
+
+samba-tool domain demote
+------------------------
+
+Add '--remove-other-dead-server' option to 'samba-tool domain demote'
+subcommand. The new version of this tool now can remove another DC that is
+itself offline. The '--remove-other-dead-server' removes as many references
+to the DC as possible.
+
+samba-tool drs clone-dc-database
+--------------------------------
+
+Replicate an initial clone of domain, but do not join it.
+This is developed for debugging purposes, but not for setting up another DC.
+
+pdbedit
+-------
+
+Add '--set-nt-hash' option to pdbedit to update user password from nt-hash
+hexstring. 'pdbedit -vw' shows also password hashes.
+
+smbstatus
+---------
+
+'smbstatus' was enhanced to show the state of signing and encryption for
+sessions and shares.
+
+smbget
+------
+The -u and -p options for user and password were replaced by the -U option that
+accepts username[%password] as in many other tools of the Samba suite.
+Similary, smbgetrc files do not accept username and password options any more,
+only a single "user" option which also accepts user%password combinations.
+The -P option was removed.
+
+s4-rpc_server
+-------------
+
+Add a GnuTLS based backupkey implementation.
+
+ntlm_auth
+---------
+
+Using the '--offline-logon' enables ntlm_auth to use cached passwords when the
+DC is offline.
+
+Allow '--password' force a local password check for ntlm-server-1 mode.
+
+vfs_offline
+-----------
+
+A new VFS module called vfs_offline has been added to mark all files in the
+share as offline. It can be useful for shares mounted on top of a remote file
+system (either through a samba VFS module or via FUSE).
+
+KCC
+---
+
+The Samba KCC has been improved, but is still disabled by default.
+
+DNS
+---
+
+There were several improvements concerning the Samba DNS server.
+
+Active Directory
+----------------
+
+There were some improvements in the Active Directory area.
+
+WINS nsswitch module
+--------------------
+
+The WINS nsswitch module has been rewritten to address memory issues and to
+simplify the code. The module now uses libwbclient to do WINS queries. This
+means that winbind needs to be running in order to resolve WINS names using
+the nss_wins module. This does not affect smbd.
+
+CTDB changes
+------------
-- Domain member support is in it's infancy, and is not comparable to
- the support found in Samba3.
+* CTDB now uses a newly implemented parallel database recovery scheme
+ that avoids deadlocks with smbd.
-- There is no printing support in the current release.
+ In certain circumstances CTDB and smbd could deadlock. The new
+ recovery implementation avoid this. It also provides improved
+ recovery performance.
-- There is no netbios browsing support in the current release
+* All files are now installed into and referred to by the paths
+ configured at build time. Therefore, CTDB will now work properly
+ when installed into the default location at /usr/local.
-- The Samba4 port of the CTDB clustering support is not yet complete
+* Public CTDB header files are no longer installed, since Samba and
+ CTDB are built from within the same source tree.
-- Clock Synchronisation is critical. Many 'wrong password' errors are
- actually due to Kerberos objecting to a clock skew between client
- and server. (The NTP work in the previous alpha is partly to assist
- with this problem).
+* CTDB_DBDIR can now be set to tmpfs[:<tmpfs-options>]
-- Samba4 alpha5 is currently only portable to recent Linux
- distributions. Work to return support for other Unix varients is
- expected during the next alpha cycle
+ This will cause volatile TDBs to be located in a tmpfs. This can
+ help to avoid performance problems associated with contention on the
+ disk where volatile TDBs are usually stored. See ctdbd.conf(5) for
+ more details.
+
+* Configuration variable CTDB_NATGW_SLAVE_ONLY is no longer used.
+ Instead, nodes should be annotated with the "slave-only" option in
+ the CTDB NAT gateway nodes file. This file must be consistent
+ across nodes in a NAT gateway group. See ctdbd.conf(5) for more
+ details.
+
+* New event script 05.system allows various system resources to be
+ monitored
+
+ This can be helpful for explaining poor performance or unexpected
+ behaviour. New configuration variables are
+ CTDB_MONITOR_FILESYSTEM_USAGE, CTDB_MONITOR_MEMORY_USAGE and
+ CTDB_MONITOR_SWAP_USAGE. Default values cause warnings to be
+ logged. See the SYSTEM RESOURCE MONITORING CONFIGURATION in
+ ctdbd.conf(5) for more information.
+
+ The memory, swap and filesystem usage monitoring previously found in
+ 00.ctdb and 40.fs_use is no longer available. Therefore,
+ configuration variables CTDB_CHECK_FS_USE, CTDB_MONITOR_FREE_MEMORY,
+ CTDB_MONITOR_FREE_MEMORY_WARN and CTDB_CHECK_SWAP_IS_NOT_USED are
+ now ignored.
+
+* The 62.cnfs eventscript has been removed. To get a similar effect
+ just do something like this:
+
+ mmaddcallback ctdb-disable-on-quorumLoss \
+ --command /usr/bin/ctdb \
+ --event quorumLoss --parms "disable"
+
+ mmaddcallback ctdb-enable-on-quorumReached \
+ --command /usr/bin/ctdb \
+ --event quorumReached --parms "enable"
+
+* The CTDB tunable parameter EventScriptTimeoutCount has been renamed
+ to MonitorTimeoutCount
+
+ It has only ever been used to limit timed-out monitor events.
+
+ Configurations containing CTDB_SET_EventScriptTimeoutCount=<n> will
+ cause CTDB to fail at startup. Useful messages will be logged.
+
+* The commandline option "-n all" to CTDB tool has been removed.
+
+ The option was not uniformly implemented for all the commands.
+ Instead of command "ctdb ip -n all", use "ctdb ip all".
+
+* All CTDB current manual pages are now correctly installed
+
+
+REMOVED FEATURES
+================
+
+Public headers
+--------------
+
+Several public headers are not installed any longer. They are made for internal
+use only. More public headers will very likely be removed in future releases.
+
+The following headers are not installed any longer:
+dlinklist.h, gen_ndr/epmapper.h, gen_ndr/mgmt.h, gen_ndr/ndr_atsvc_c.h,
+gen_ndr/ndr_epmapper_c.h, gen_ndr/ndr_epmapper.h, gen_ndr/ndr_mgmt_c.h,
+gen_ndr/ndr_mgmt.h,gensec.h, ldap_errors.h, ldap_message.h, ldap_ndr.h,
+ldap-util.h, pytalloc.h, read_smb.h, registry.h, roles.h, samba_util.h,
+smb2_constants.h, smb2_create_blob.h, smb2.h, smb2_lease.h, smb2_signing.h,
+smb_cli.h, smb_cliraw.h, smb_common.h, smb_composite.h, smb_constants.h,
+smb_raw.h, smb_raw_interfaces.h, smb_raw_signing.h, smb_raw_trans2.h,
+smb_request.h, smb_seal.h, smb_signing.h, smb_unix_ext.h, smb_util.h,
+torture.h, tstream_smbXcli_np.h.
+
+vfs_smb_traffic_analyzer
+------------------------
+
+The SMB traffic analyzer VFS module has been removed, because it is not
+maintained any longer and not widely used.
+
+vfs_scannedonly
+---------------
+
+The scannedonly VFS module has been removed, because it is not maintained
+any longer.
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ aio max threads New 100
+ ldap page size Changed default 1000
+
+
+KNOWN ISSUES
+============
-- Samba4 alpha5 is incompatible with GnuTLS 2.0, found in Fedora 9 and
- recent Ubuntu releases. GnuTLS use may be disabled using the
- --disable-gnutls argument to ./configure. (otherwise 'make test' and
- LDAPS operations will hang).
+Currently none.
-RUNNING Samba4
-==============
+#######################################
+Reporting bugs & Development Discussion
+#######################################
-A short guide to setting up Samba 4 can be found in the howto.txt file
-in root of the tarball.
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
-DEVELOPMENT and FEEDBACK
-========================
-Bugs can be filed at https://bugzilla.samba.org/ but please be aware
-that many features are simply not expected to work at this stage.
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-The Samba Wiki at http://wiki.samba.org should detail some of these
-development plans.
-Development and general discussion about Samba 4 happens mainly on
-the #samba-technical IRC channel (on irc.freenode.net) and
-the samba-technical mailing list (see http://lists.samba.org/ for
-details).
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
git.samba.org / samba.git / blobdiff