- WHATS NEW IN Samba 3.0 alpha23
- 30th March 2003
- ==============================
+ =================================
+ Release Notes for Samba 3.2.0pre2
+ Oct XX, 2007
+ =================================
-This is a pre-release of Samba 3.0. This is NOT a stable release.
-Use at your own risk.
+This is the second preview release of Samba 3.2.0. This is *not*
+intended for production environments and is designed for testing
+purposes only. Please report any defects via the Samba bug reporting
+system at https://bugzilla.samba.org/.
-The purpose of this alpha release is to get wider testing of the major
-new pieces of code in the current Samba 3.0 development tree. We have
-officially ceased development on the 2.2.x release of Samba and are
-concentrating on Samba 3.0. To reduce the time before the final Samba 3.0
-release we need as many people as possible to start testing these alpha
-releases, and hopefully giving us some high quality feedback on what needs
-fixing.
+Please be aware that Samba is now distributed under the version 3
+of the new GNU General Public License. You may refer to the COPYING
+file that accompanies these release notes for further licensing details.
-Note that Samba 3.0 is not feature complete yet. There is a more
-coding we have planned, but unless we get what we have done already more
-widely tested we will have a hard time doing a stable release in a
-reasonable time frame.
+Major enhancements in Samba 3.2.0 include:
-Major new features:
--------------------
+ File Serving:
+ o Use of IDL generated parsing layer for several DCE/RPC
+ interfaces.
+ o Removal of the 1024 byte limit on pathnames and 256 byte limit on
+ filename components to honor the MAX_PATH setting from the host OS.
+ o Introduction of a registry based configuration system.
+ o Improved CIFS Unix Extensions support.
+ o Experimental support for file serving clusters.
-- Active Directory support. This release is able to join a ADS realm
- as a member server and authenticate users using LDAP/kerberos.
-- Unicode support. Samba will now negotiate UNICODE on the wire and
- internally there is now a much better infrastructure for multi-byte
- and UNICODE character sets.
+ Winbind and Active Directory Integration:
+ o Full support for Windows 2003 cross-forest, transitive trusts
+ and one-way domain trusts
+ o Support for userPrincipalName logons via pam_winbind and NSS
+ lookups.
+ o Support in pam_winbind for logging on using the userPrincipalName.
+ o Expansion of nested domain groups via NSS calls.
+ o Support for Active Directory LDAP Signing policy.
-- New authentication system. The internal authentication system has
- been almost completely rewritten. Most of the changes are internal,
- but the new auth system is also very configurable.
-- new filename mangling system. The filename mangling system has been
- completely rewritten. An internal database now stores mangling maps
- persistently. This needs lots of testing.
+ Users & Groups:
+ o New ldb backend for local group mapping tables
+ o Raised level of security defaults for authentication operations.
-- new "net" command. A new "net" command has been added. It is
- somewhat similar to the "net" command in windows. Eventually we plan
- to replace a bunch of other utilities (such as smbpasswd) with
- subcommands in "net", at the moment only a few things are
- implemented.
-- Samba now negotiates NT-style status32 codes on the wire. This
- improves error handling a lot.
+ Documentation:
+ o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+ from O'Reilly Publishing.
-- better w2k printing support including publishing printer
- attributes in active directory
-- new loadable RPC modules
+Now Licensed under the GNU GPLv3
+================================
-- new dual-daemon winbindd support for better performance
+The Samba Team has adopted the Version 3 of the GNU General Public
+License for the 3.2 and later releases. The GPLv3 is the updated
+version of the GPLv2 license under which Samba is currently
+distributed. It has been updated to improvecompatibility with other
+licenses and to make it easier to adopt internationally, and is an
+improved version of the license to better suit the needs of Free
+Software in the 21st Century.
-- support for migrating from a Windows NT 4.0 domain
+The original announcement is available on-line at
-- support for establishing trust relationships with Windows NT 4.0
- domain controllers
+ http://news.samba.org/announcements/samba_gplv3/
-Plus lots of other changes!
+New Security Defaults for Authentication
+========================================
+Support for LanMan passwords is now disabled in both client and server
+applications. Additionally, clear text authentication requests are
+disabled by default in client utilities such as smbclient and all
+libsmbclient based applications. This will affect connection both
+to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
+to the "Changes" section for details on the exact parameters that were
+updated.
+
+
+
+Registry Configuration Backend
+==============================
+
+Samba is now able to use a registry based configuration backed to
+supplement smb.conf setting. This feature may be enabled by setting
+"include = registry" and "registry shares = yes" in the [global]
+section of smb.conf and may be managed using the "net conf" command.
+
+More information may be obtained from the smb.conf(5) and net(8) man
+pages.
+
+
+Removed Features
+================
+
+Both the Python bindings and the libmsrpc shared library have been
+removed from the tree due to lack of an official maintainer.
+
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ client lanman auth Changed Default No
+ client ldap sasl wrapping New plain
+ client plaintext auth Changed Default No
+ clustering New No
+ cluster addresses New ""
+ ctdb socket New ""
+ lanman auth Changed Default No
+ mangle map Removed
+ open files database hashsize Removed
+ read bmpx Removed
+ registry shares New No
+ winbind expand groups New 1
+ winbind rpc only New No
+
+
+Changes since 3.2.0pre1:
+-----------------------
+
+
+Original 3.2.0pre1 commits:
+---------------------------
+o Michael Adam <obnox@samba.org>
+ * Unified POSIX ACL detection including support for FreeBSD and
+ HP-UX.
+ * Performance improvements for Winbind's lookup functions (names,
+ SIDs, and group membership) when joined to an AD domain.
+ * Winbind cache validation support.
+ * Store domain trust passwords for Samba domain controller's in
+ the domain's passdb backend.
+ * Merged \winreg server code from the SAMBA_3_2 development branch.
+ * Fixes for libreplace.
+ * Implement new registry configuration backend.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Add support for file system objectIDs.
+ * Winbind cache validation support.
+ * Add in the UNIX capability for 24-bit readX.
+ * Improve Delete-on-Close semantics.
+ * Removal of static file and path name buffers in SMB file serving
+ code.
+
+
+o Danilo Almeida <dalmeida@centeris.com>
+ * Move the machine account to the OU specified when running "net
+ ads join".
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * Tighten authentication protocol defaults in client tools and
+ servers.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Implement support for one-way trusts and two-way cross-forest
+ transitive trust in winbindd.
+ * Fixes for Winbind's offline/disconnected logon support when
+ using remote idmap backends.
+ * Fix LookupNames and LookupSids to use the same resolution
+ heuristics as Windows XP.
+ * Fix lockups in Winbind when running nscd.
+ * UPN logon support in pam_winbind.
+ * Add support for GNU linker scripts when build shared libraries
+ (based on work by Julien Cristau <jcristau@debian.org> and James
+ Peach).
+
+
+o Guenther Deschner <gd@samba.org>
+ * Additional support for decoding and downloading group policy
+ objects from Active Directory.
+ * Improvements to "net ads keytab" command.
+ * Fixes for linking against Heimdal Kerberos client libs.
+ * Support LDAP range retrieval searches.
+ * Fixes for failure to refresh user ticket caches in Winbind.
+ * UPN logon support in pam_winbind.
+ * Add KDC locator plugin for MIT kerberos 1.6 or later.
+
+
+o Steve Langasek <vorlon@debian.org>
+ * Allow SIGTERM to cause nmbd to exit while awaiting a interface
+ to come up.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Merge experimental cluster support patches from the ctdb branch.
+ * Add tdb storage abstraction for ctdb.
+ * Use IDL for internal message passing system.
+ * Add client support for the SamLogonEx() authentication request.
+ * Implement RPC proxy stubs in the Samba server code to allow
+ replacing implementation functions one by one.
+ * Remove static incoming and outgoing buffers from core server SMB
+ packet processing code.
+ * Add "net sam rights" command.
+
+
+o Steve French <sfrench@samba.org>
+ * Fixes for mount.cfs Linux utility.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fixes for libreplace.
+ * Add support for LDAP digital signing policy.
+ * Experimental clustered file system support.
+
+
+o Lars Mueller <lars@samba.org>
+ * Makefile and build fixes.
+ * Add pam_pwd_expire for pam_winbind (original patch from Andreas
+ Schneider).
+
+
+o James Peach <jpeach@apple.com>
+ * Fixes for setgroups() and *BSD and Darwin.
+ * Support membership of >16 groups on Darwin.
+
+
+o Jiri Sasek <Jiri.Sasek@Sun.COM>
+ * Added vfs_vfsacl module.
+
+
+o Karolin Seeger <ks@sernet.de>
+ * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
+ * Cleanup internal passdb functions.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fixes for IDmap and Passdb backends.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
+ * Move several file serving related tdb files to use the dbwrap
+ API internally.
+ * Cleanup the GPFS VFS plugin.
+ * Experimental clustered file system support.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Implement NDR basic to support utilizing IDL files from Samba 4
+ tree for general DCE/RPC parsing stubs.
+
+
+
+######################################################################
Reporting bugs & Development Discussion
----------------------------------------
+#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
-the problem then you will probably be ignored.
-
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-Changes in alpha23:
--------------------
-
- LDAP Group Mapping
- ------------------
-
- pdbedit -i -e sets all SAM_ACCOUNT elements to CHANGED to
- satisfy the new pdb_ldap.c handling. pdbedit -g transfers group
- mappings. I made this separate from the user database, as current
- installations have to live with a split backend. So, if you are
- running 3_0 alphas with LDAP as a backend and upgrade to 3.0alpha23,
- you must call
-
- root# pdbedit -i tdbsam -e ldapsam -g
-
- to transfer your group mapping database to LDAP.
-
- All groups must be represented as posixGroup objects in
- the directory and you must adapt your LDAP schema to support the
- sambaGroupMapping before running this command. Refer to
- examples/LDAP/samba.schema for details on the objectclass.
-
-
- Parameters
- ----------
-
- Modified Parameters (see smb.conf(5) for details):
-
- * passdb backend
-
- Added Parameters
-
- * ldap del only sam attr
- * ldap delete dn
-
-
- ChangeLog
- ---------
-
- See cvs log for SAMBA_3_0 for complete details. There are many
- smaller numerous changes that would clutter the release notes.
-
-0) Include security fix from Samba 2.2.8
-1) Fix interop bug in tconX on port 445 with Windows 2000
-2) Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or
- SMB_ACL_OTHER as "preserve current value" instead of attempting
- to build one ourself.
-3) Rearrange set_nt_acl() such that chown is only done before
- setting ACLs if there is either no change of owning user, or
- change of owning user is towards the current user. Otherwise
- chown is done after setting ACLs.
-4) Continuing work on NTLMSSP-based SMB signing
-5) When opening an existing TDB, don't require the hash_size
- specified to the open call to be the same as that of the
- existing tdb. The specified hash_size is only used if the
- tdb needs to be (re)created.
-6) Add support for "WinXP" and "Win2K3" client architectures.
-7) Fixed the unmarshalling of the queryaliasmem SAMR call
-8) Windows 2000 can take much longer than the specified time to
- respond to a lock - so to make the torture tests valid I give
- it a grace time of 10 seconds instead of 2
-9) Continued work on string handling paranoia
-10) Merge new statcache.c from HEAD
-11) Add new 'net ads dn' option
-12) Sync up SessionSetup code to HEAD, including Luke Howard's
- session key and auth verifier patches
-13) Work on cleaning up winbindd's mutex locking
-14) Add support for LDAP based Windows group mapping
-15) Improve LDAP update routines
-16) Fix memory leaks found by Valgrind
-17) Add a 'privileged' mode to Winbindd
-18) Work around platforms that have broken getgrnam() implementations
-19) Merge real time signal fixes for kernel oplock code from HEAD
-20) Fix CIDR hosts allow/deny notation
-21) Fixup tcon&X server responses and error codes
-22) Set domain for users in passdb created by "net rpc vampire"
-23) More scalable printing updates
-
-
- ===============================
-
-Changes in older alpha releases follow:
-
----------------------------------------------------------------------
-
-Changes in alpha22:
--------------------
-
- Added Parameters
-
- * client NTLMv2 auth
- * client lanman auth
- * client signing
- * client use spnego
- * max reported print jobs
- * msdfs proxy
-
-1) remove the global_myname string and replace with wrapper function
- global_myname()
-2) create vfs/ and pdb/ subdirectories for library installs
-3) Fixup of ordered cleanup of get_dc_list()
-4) Added more autoconf tests for Stratus VOS
-5) Fixed nasty bug where file writes with start offsets in the
- range 0x80000000 -> 0xFFFFFFFF would fail as they were being cast
- from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed*
- types). The sign extension would cause the offset to be treated
- as negative.
-6) Add support to automatically retrieve the dns host name and domain
- name of an AD server
-7) Add support for PRINTER_INFO_7 and publishing printer attributes
- in active directory
-8) Fix for 64 bit issues with oplocks and allocation size
-9) Remove assert(count ==1) for multi-homed PDCs when resolving
- DOMAIN<0x1b>
-10) Ensure that change_trust_account_password() always talks to
- the PDC
-11) Add some docs on CUPS printing
-12) Fix rpcclient querygroup command
-13) The _abs time functions should not be converting from/to GMT
-14) Fix broken incremental tar in smbclient
-15) Adding supporting code for better testing using Valgrind
-16) Fix for old DOS client when veto files is set to /.*/
-17) Add win32 utility to query driver capabilities to publish
- (examples/printing/prtpub.c)
-18) Fix memory leak when constructing an driver_level_6 structure and
- no dependent files
-19) Add some friendly versions of NT_STATUS codes
-20) Protect nmbd against malformed reply packets
-21) Removal of unpopular winbind client environment variable
-22) Add msdfs proxy functionality; a CIFS share can directly be a
- stand-in for another share, and when clients connect to the first
- share, they will be redirected to the proxied share
-23) Make Samba compile cleanly with -Wwrite-strings
-24) Add new timegm() that actually works on solaris
-25) Add support for running smbd, nmbd, & winbindd under the daemontools
- package
-26) Move user password changes into the NTSTATUS era, and add support
- for the 'min password age' and 'min passwd len' concepts
-27) Add new gencache based namecache code
-28) Add profiles utility support to Samba 3.0.x
-29) Fix open problem with changing attributes on an existing file
-30) Efficiency fixes for internal messaging system
-31) Make sure to update print queue cache during timeout_processing()
- to send notify events
-32) Make -i flag work like it did in 2.2
-33) Merge some rpcclient and net functionality from HEAD
-34) Add support for compiling with Heimdal kerberos libraries
-35) Connect to the actual netbios name in smb.conf and not LOCALHOST
-36) Add support for CUPS-PRINTER_CLASS
-37) Add ntlm_auth tool and update NTLMSSP support
-38) require Autoconf 2.53 and remove configure from CVS
-39) Check for too many processes *before* the fork
-40) Fix delete on close semantics to match W2K.
-41) merge desired_access for open_printer_ex from HEAD, allowing
- cupsaddsmb to work again!
-42) Add support for dynamic RPC modules
-43) wrap all cm_get_XX calls and their subsequent requests in a retry loop
- in case we've temporarily lost connection to the DC. Makes winbindd
- more reliable
-44) Optimize user_ok() and user_in_group() when verifying group membership
-45) Add NTLMv2 client code (that works) and some SMB signing fixes
-46) Add caching of PRINTER_INFO_2 structures to open printer handles
-47) Add 1/3 second delay in OpenPrinter() reply to trigger a LAN/WAN
- optimization in Windows 2000 clients
-48) Add "WinXP" to the possible values of the %a variable
-49) Fix to allow blocking lock notification to be done rapidly (no wait for
- smb -> smb lock release). Adds new PENDING_LOCK type to lockdb (does
- not interfere with existing locks)
-50) Limit the unix domain sockets used by winbindd (also solves FD_SETSIZE
- problem in winbindd to boot !). Adds a "last_access" field to winbindd
- connections, and will close the oldest idle connection once the number
- of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined
- in local.h as 200 currently)
-51) Limit the number of print jobs returned in EnumJobs()
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================