- WHATS NEW IN Samba 3.0 alpha24
- 14th May 2003
- ==============================
+ =================================
+ Release Notes for Samba 3.2.0pre2
+ Oct XX, 2007
+ =================================
-This is a pre-release of Samba 3.0. This is NOT a stable release.
-Use at your own risk.
+This is the second preview release of Samba 3.2.0. This is *not*
+intended for production environments and is designed for testing
+purposes only. Please report any defects via the Samba bug reporting
+system at https://bugzilla.samba.org/.
-The purpose of this alpha release is to get wider testing of the major
-new pieces of code in the current Samba 3.0 development tree. We have
-officially ceased development on the 2.2.x release of Samba and are
-concentrating on Samba 3.0. To reduce the time before the final Samba 3.0
-release we need as many people as possible to start testing these alpha
-releases, and hopefully giving us some high quality feedback on what needs
-fixing.
+Please be aware that Samba is now distributed under the version 3
+of the new GNU General Public License. You may refer to the COPYING
+file that accompanies these release notes for further licensing details.
-Note that Samba 3.0 is not feature complete yet. There is a more
-coding we have planned, but unless we get what we have done already more
-widely tested we will have a hard time doing a stable release in a
-reasonable time frame.
+Major enhancements in Samba 3.2.0 include:
-Major new features:
--------------------
+ File Serving:
+ o Use of IDL generated parsing layer for several DCE/RPC
+ interfaces.
+ o Removal of the 1024 byte limit on pathnames and 256 byte limit on
+ filename components to honor the MAX_PATH setting from the host OS.
+ o Introduction of a registry based configuration system.
+ o Improved CIFS Unix Extensions support.
+ o Experimental support for file serving clusters.
-- Active Directory support. This release is able to join a ADS realm
- as a member server and authenticate users using LDAP/kerberos.
-- Unicode support. Samba will now negotiate UNICODE on the wire and
- internally there is now a much better infrastructure for multi-byte
- and UNICODE character sets.
+ Winbind and Active Directory Integration:
+ o Full support for Windows 2003 cross-forest, transitive trusts
+ and one-way domain trusts
+ o Support for userPrincipalName logons via pam_winbind and NSS
+ lookups.
+ o Support in pam_winbind for logging on using the userPrincipalName.
+ o Expansion of nested domain groups via NSS calls.
+ o Support for Active Directory LDAP Signing policy.
-- New authentication system. The internal authentication system has
- been almost completely rewritten. Most of the changes are internal,
- but the new auth system is also very configurable.
-- new filename mangling system. The filename mangling system has been
- completely rewritten. An internal database now stores mangling maps
- persistently. This needs lots of testing.
+ Users & Groups:
+ o New ldb backend for local group mapping tables
+ o Raised level of security defaults for authentication operations.
-- new "net" command. A new "net" command has been added. It is
- somewhat similar to the "net" command in windows. Eventually we plan
- to replace a bunch of other utilities (such as smbpasswd) with
- subcommands in "net", at the moment only a few things are
- implemented.
-- Samba now negotiates NT-style status32 codes on the wire. This
- improves error handling a lot.
+ Documentation:
+ o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+ from O'Reilly Publishing.
-- better w2k printing support including publishing printer
- attributes in active directory
-- new loadable RPC modules
+Now Licensed under the GNU GPLv3
+================================
-- new dual-daemon winbindd support for better performance
+The Samba Team has adopted the Version 3 of the GNU General Public
+License for the 3.2 and later releases. The GPLv3 is the updated
+version of the GPLv2 license under which Samba is currently
+distributed. It has been updated to improvecompatibility with other
+licenses and to make it easier to adopt internationally, and is an
+improved version of the license to better suit the needs of Free
+Software in the 21st Century.
-- support for migrating from a Windows NT 4.0 domain
+The original announcement is available on-line at
-- support for establishing trust relationships with Windows NT 4.0
- domain controllers
+ http://news.samba.org/announcements/samba_gplv3/
-Plus lots of other changes!
+New Security Defaults for Authentication
+========================================
+Support for LanMan passwords is now disabled in both client and server
+applications. Additionally, clear text authentication requests are
+disabled by default in client utilities such as smbclient and all
+libsmbclient based applications. This will affect connection both
+to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
+to the "Changes" section for details on the exact parameters that were
+updated.
+
+
+
+Registry Configuration Backend
+==============================
+
+Samba is now able to use a registry based configuration backed to
+supplement smb.conf setting. This feature may be enabled by setting
+"include = registry" and "registry shares = yes" in the [global]
+section of smb.conf and may be managed using the "net conf" command.
+
+More information may be obtained from the smb.conf(5) and net(8) man
+pages.
+
+
+Removed Features
+================
+
+Both the Python bindings and the libmsrpc shared library have been
+removed from the tree due to lack of an official maintainer.
+
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ client lanman auth Changed Default No
+ client ldap sasl wrapping New plain
+ client plaintext auth Changed Default No
+ clustering New No
+ cluster addresses New ""
+ ctdb socket New ""
+ lanman auth Changed Default No
+ mangle map Removed
+ open files database hashsize Removed
+ read bmpx Removed
+ registry shares New No
+ winbind expand groups New 1
+ winbind rpc only New No
+
+
+Changes since 3.2.0pre1:
+-----------------------
+
+
+Original 3.2.0pre1 commits:
+---------------------------
+o Michael Adam <obnox@samba.org>
+ * Unified POSIX ACL detection including support for FreeBSD and
+ HP-UX.
+ * Performance improvements for Winbind's lookup functions (names,
+ SIDs, and group membership) when joined to an AD domain.
+ * Winbind cache validation support.
+ * Store domain trust passwords for Samba domain controller's in
+ the domain's passdb backend.
+ * Merged \winreg server code from the SAMBA_3_2 development branch.
+ * Fixes for libreplace.
+ * Implement new registry configuration backend.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Add support for file system objectIDs.
+ * Winbind cache validation support.
+ * Add in the UNIX capability for 24-bit readX.
+ * Improve Delete-on-Close semantics.
+ * Removal of static file and path name buffers in SMB file serving
+ code.
+
+
+o Danilo Almeida <dalmeida@centeris.com>
+ * Move the machine account to the OU specified when running "net
+ ads join".
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * Tighten authentication protocol defaults in client tools and
+ servers.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Implement support for one-way trusts and two-way cross-forest
+ transitive trust in winbindd.
+ * Fixes for Winbind's offline/disconnected logon support when
+ using remote idmap backends.
+ * Fix LookupNames and LookupSids to use the same resolution
+ heuristics as Windows XP.
+ * Fix lockups in Winbind when running nscd.
+ * UPN logon support in pam_winbind.
+ * Add support for GNU linker scripts when build shared libraries
+ (based on work by Julien Cristau <jcristau@debian.org> and James
+ Peach).
+
+
+o Guenther Deschner <gd@samba.org>
+ * Additional support for decoding and downloading group policy
+ objects from Active Directory.
+ * Improvements to "net ads keytab" command.
+ * Fixes for linking against Heimdal Kerberos client libs.
+ * Support LDAP range retrieval searches.
+ * Fixes for failure to refresh user ticket caches in Winbind.
+ * UPN logon support in pam_winbind.
+ * Add KDC locator plugin for MIT kerberos 1.6 or later.
+
+
+o Steve Langasek <vorlon@debian.org>
+ * Allow SIGTERM to cause nmbd to exit while awaiting a interface
+ to come up.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Merge experimental cluster support patches from the ctdb branch.
+ * Add tdb storage abstraction for ctdb.
+ * Use IDL for internal message passing system.
+ * Add client support for the SamLogonEx() authentication request.
+ * Implement RPC proxy stubs in the Samba server code to allow
+ replacing implementation functions one by one.
+ * Remove static incoming and outgoing buffers from core server SMB
+ packet processing code.
+ * Add "net sam rights" command.
+
+
+o Steve French <sfrench@samba.org>
+ * Fixes for mount.cfs Linux utility.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fixes for libreplace.
+ * Add support for LDAP digital signing policy.
+ * Experimental clustered file system support.
+
+
+o Lars Mueller <lars@samba.org>
+ * Makefile and build fixes.
+ * Add pam_pwd_expire for pam_winbind (original patch from Andreas
+ Schneider).
+
+
+o James Peach <jpeach@apple.com>
+ * Fixes for setgroups() and *BSD and Darwin.
+ * Support membership of >16 groups on Darwin.
+
+
+o Jiri Sasek <Jiri.Sasek@Sun.COM>
+ * Added vfs_vfsacl module.
+
+
+o Karolin Seeger <ks@sernet.de>
+ * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
+ * Cleanup internal passdb functions.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fixes for IDmap and Passdb backends.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
+ * Move several file serving related tdb files to use the dbwrap
+ API internally.
+ * Cleanup the GPFS VFS plugin.
+ * Experimental clustered file system support.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Implement NDR basic to support utilizing IDL files from Samba 4
+ tree for general DCE/RPC parsing stubs.
+
+
+
+######################################################################
Reporting bugs & Development Discussion
----------------------------------------
+#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
-the problem then you will probably be ignored.
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-Changes in alpha23:
--------------------
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
- LDAP Schema Changes
- -------------------
- A new objectclass (sambaSamAccount) has been introduced to replace the old
- sambaAccount. This change aids us in the renaming of attributes to prevent
- clashes with attributes from other vendors. There is a conversion script
- (examples/LDAP/convertSambaAccount) to modify and LDIF file to the new schema.
-
- Example:
-
- $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
- $ convertSambaAccount <DOM SID> old.ldif new.ldif
-
- The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
- on the Samba PDC as root.
-
- The sambaDomain and sambaGroupMapping objects have also been modified
- to use the new attribute naming conventions as well. There are no
- conversion scripts for this data since the old schema was never published
- in a stable release.
-
- The old sambaAccount schema may still be used by specifying the
- "ldapsam_compat" passdb backend.
-
- Parameters
- ----------
-
- Removed Parameters
-
- * total print jobs
-
- Known Issues
- ------------
-
- The following are known issues with this release and will be corrected
- in future versions:
-
- 1) Automatically generating accounts for users and groups from
- trusted domains when Samba is acting as a PDC
- 2) Maintaining idmap ID's in a LDAP directory in order to implement
- a distributed winbind solution
-
- ChangeLog
- ---------
-
- See cvs log for SAMBA_3_0 for complete details. There are many
- smaller numerous changes that would clutter the release notes.
-
-1) Fix policy handle leak and crash bug in rpc printing code
-2) Changed the order of checking whether a SID is a UID or a GID
- in posix acls
-3) Merge of winbind nss cleanup from HEAD branch
-4) Inclusion of idmap backend for mapping SIDs to uids/gids
-5) Fix for very subtle POSIX lock interaction race condition
-6) Re-fix close of delete semantics
-7) Inclusion of schannel functionality (merged from SAMBA_TNG)
-8) Remove unixsam passdb
-9) Add debugging code to decode the Win2k PAC
-10) Very large amounts of documentation fixes (including the move from
- SGML->XML DocBook)
-11) Fix support for local_password_change() in pam_smbpass
-12) Ensure we have WinXP-like semantics for checking TIDs and FIDs
-13) More print job change notify fixes
-14) Handle deep referrals in MS-DFS code
-15) Add echo named pipe for testing purposes
-16) Workaround streams leak on SCO openserver 5.0.x
-17) Lots of popt changes to command line tools
-18) Use the new modules system for passdb (merge from HEAD)
-19) Inclusion of editreg.c for editing Windows NT+registry files off line
-20) Fix byte ordering when using CIDR notation in hosts allow/deny (again)
-21) Replace smbgroupedit tool with 'net groupmap'
-22) Merge SMB Signing, NTLMv2 and NTLMSSP fixes from HEAD branch
-23) Merge of trusted domain code from HEAD branch
-24) Fix up crashes in lanman printing code (e.g. disable spoolss = yes)
-25) Store the IP address in the utmp record when possible
-26) Fix bug in FindFirst code and OS/2 clients
-27) Fix local master browsing bug when synchronizing browse lists
-28) Fix browse synchronization when primary interface is no listed
- in the interfaces list and "bind interfaces only" is enabled.
-29) removed ldapsam_nua and tdbsam_nua passdb backends (replaced by idmap)
-30) Include support for storing next rid value in LDAP using a
- sambaDomain object
-31) Removed "printing = SOFTQ" option
-32) Fix winbindd dual mode
-33) Revert from wins.tdb back to wins.dat (flat text file)
-34) More Trust relationship fixes
-35) More quota fixes (including server support for NT quota info levels)
-36)