X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=WHATSNEW.txt;h=3fac3606a8cd8209db6dc20ad89c7f4d93241567;hb=4b09ea5cc3def5e1917f576bcaa4c7317fd7b49f;hp=a055b09f69c64e99c143c651dc5a4778739942c3;hpb=c9d2dfcb19eac0b98f14d5dc265f70ba70aa2d34;p=mat%2Fsamba.git diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a055b09f69..3fac3606a8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,45 +1,40 @@ -What's new in Samba 4 alpha4 -============================ +What's new in Samba 4 alpha17 +============================= -Samba 4 is the ambitious next version of the Samba suite that is being -developed in parallel to the stable 3.0 series. The main emphasis in -this branch is support for the Active Directory logon protocols used -by Windows 2000 and above. - -Samba 4 is currently not yet in a state where it is usable in -production environments. Note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work. - -Samba4 alpha4 follows on from the alpha release series we have been -publishing since September last year. +Samba 4.0 will be the next version of the Samba suite and incorporates +all the technology found in both the Samba4 alpha series and the +stable 3.x series. The primary additional features over Samba 3.6 are +support for the Active Directory logon protocols used by Windows 2000 +and above. WARNINGS ======== -Samba4 alpha4 is not a final Samba release. That is more a reference -to Samba4's lack of the features we expect you will need than a -statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. +Samba4 alpha17 is not a final Samba release, however we are now making +good progress towards a Samba 4.0 release, of which this is a preview. +Be aware the this release contains both the technology of Samba 3.6 +(that you can reasonably expect to upgrade existing Samba 3.x releases +to) and the AD domain controller work previously known as 'samba4'. + +While binaries for the stable file server are provided in this +release, for a stable, supported file server, Samba3 domain or AD +domain member installation, please run a Samba 3.x release, as we are +still bedding down the new single build system. -For example, while Samba 3.0 is an excellent member of a Active -Directory domain, Samba4 is happier as a domain controller: (This is -where we have done most of the research and development). +Samba4 is subjected to an awesome battery of tests on an automated +basis, we have found Samba 4.0 to be very stable in it's behavior. +However, we still recommend against upgrading production servers from +Samba 3.x release to Samba 4.0 alpha at this stage. -While Samba4 is subjected to an awesome battery of tests on an -automated basis, and we have found Samba4 to be very stable in it's -behaviour, we have to recommend against upgrading production servers -from Samba 3 to Samba 4 at this stage. If you are upgrading an -experimental server, or looking to develop and test Samba, you should -backup all configuration and data. +If you are upgrading, or looking to develop, test or deploy Samba 4.0 +alpha releases, you should backup all configuration and data. NEW FEATURES ============ -Samba4 supports the server-side of the Active Directory logon environment -used by Windows 2000 and later, so we can do full domain join -and domain logon operations with these clients. +Samba 4.0 alpha supports the server-side of the Active Directory logon +environment used by Windows 2000 and later, so we can do full domain +join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the @@ -47,110 +42,140 @@ Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. -The new VFS features in Samba 4 adapts the filesystem on the server to -match the Windows client semantics, allowing Samba 4 to better match -windows behaviour and application expectations. This includes file -annotation information (in streams) and NT ACLs in particular. The -VFS is backed with an extensive automated test suite. +Samba 4.0 alpha ships with two distinct file servers. The file server +from the Samba 3.x series is 'smbd', and works with the binaries users +would expect from that series (nmbd, winbindd, smbpasswd). -A new scripting interface has been added to Samba 4, allowing -Python programs to interface to Samba's internals. +Samba 4.0 also ships with a new file server, which is tuned to match +the requirements of an AD domain controller. Users should not use the +file server in the 'samba' binary for non-DC related tasks. -The Samba 4 architecture is based around an LDAP-like database that -can use a range of modular backends. One of the backends supports -standards compliant LDAP servers (including OpenLDAP), and we are -working on modules to map between AD-like behaviours and this backend. -We are aiming for Samba 4 to be powerful frontend to large -directories. +A new scripting interface has been added to Samba 4, allowing Python +programs to interface to Samba's internals, and many tools and +internal workings of the DC code is now implemented in python. -CHANGES SINCE Alpha3 + +CHANGES SINCE alpha16 ===================== -In the time since Samba4 Alpha2 was released in December 2007, Samba has -continued to evolve, but you may particularly notice these areas: +For a list of changes since alpha 15, please see the git log. + +$ git clone git://git.samba.org/samba.git +$ cd samba.git +$ git log release-4-0-0alpha16..release-4-0-0alpha17 + +Some major user-visible changes include: - Python Bindings: Bindings for Python are now used for all internal - scripting, and the system python installation is used to run all - Samba python scripts (in place of smbpython found in the previous - alpha). +samba-tool dbcheck +------------------ - As such Python is no longer optional, and configure will generate an - error if it cannot locate an appropriate Python installation. +We now have an fsck-like tool for Samba's internal sam.ldb database. +Run samba-tool dbcheck after installation to check your database for +self-consistency. Any database created with a previous Samba4 alpha +will have a very large number of consistency errors, which this tool +can fix. - SWAT Remains Disabled: Due to a lack of developer time and without a - long-term web developer to maintain it, the SWAT web UI remains been - disabled (and would need to be rewritten in python in any case). +See also the -H option to point dbcheck at a different database to the +default, and the --fix and --yes options to make changes and to not +prompt about those changes. - GNU Make: To try and simplfy our build system, we rely on GNU Make - to avoid autogenerating a massive single makefile. +After upgrading Samba, it is suggested that you do the following: - Registry: Samba4's registry library has continued to improve. + - stop samba + - take a backup copy of your sam.ldb and sam.ldb.d/* database files + - run samba-tool dbcheck --cross-ncs --fix + - use 'all' to say yes to fixing each type of error found + - after it has finished, run dbcheck again to ensure it reports no + errors - ID mapping: Samba4 uses the internal ID mapping in winbind for all - but a few core users. Samba users should not appear in /etc/passwd, - as Samba will generate new user and group IDs regradless. +There will be a lot of errors fixed, particularly related to +bad/missing GUID values. This is due to a bug in previous releases +that left many objects with bad GUID values. These can all be fixed +using dbcheck with steps above. - NTP: Samba4 can act as a signing server for the ntp.org NTP deamon, - allowing NTPd to reply using Microsoft's non-standard signing - scheme. A patch to make NTPd talk to Samba for this purpose has - been submitted to the ntp.org project. - CLDAP: Users should experience less arbitary delays and more success with - group policy, domain joins and logons due to an improved - implementation of CLDAP and the 'netlogon' mailslot datagrams. +New default paths +----------------- - SMB2: The Samba4 SMB2 server and testsuite have been greatly - improved, but the SMB2 server remains off by default. +The configure options for paths have changed again, and the +--enable-fhs option has been reinstated. Packagers should attempt to +first package Samba using: - Secure DNS update: Configuration for GSS-TSIG updates of DNS records - is now generated by the provision script. +./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var -These are just some of the highlights of the work done in the past few -months. More details can be found in our GIT history. +and only after examining the location Samba uses with these options +should further changes be made. Existing packaging scripts are not +expected to work unmodified, instead the Samba Team's aim is to +simplify such scripts for the long term. +samba-tool domain samba3upgrade +------------------------------- -CHANGES -======= +The new samba-tool domain samba3upgrade command is a supported upgrade route from Samba +3.x domain controllers to Samba 4.0 AD domain controllers. This +provides a one-time migration of all users, domain members, passwords, +groups, group members and account polcies. -Those familiar with Samba 3 can find a list of user-visible changes -since that release series in the NEWS file. +This tool is still under development and may fail when presented with +an inconsistant Samba3 database (such as many LDAP configurations). +We hope to improve the error handling and recovery in these +situations, so please provide feedback using the samba-technical +mailing list. KNOWN ISSUES ============ -- Domain member support is in it's infancy, and is not comparable to - the support found in Samba3. +- Installation on systems without a system iconv (and developer + headers at compile time) is known to cause errors when dealing with + non-ASCII characters. -- There is no printing support in the current release. +- In some situations, group members may not be upgraded by the + samba-tool domain upgrade_from_s3 script -- There is no netbios browsing support in the current release +- The samba-tool domain join script will not join Windows 2000 domains. -- The Samba4 port of the CTDB clustering support is not yet complete +- Domain member support in the 'samba' binary is in it's infancy, and + is not comparable to the support found in winbindd. As such, do not + use the 'samba' binary (provided for the AD server) on a member + server. + +- There is no printing support in the 'samba' binary (use smbd instead) + +- There is no NetBIOS browsing support (network neighbourhood) in the + 'samba' binary (use nmbd and smbd instead) - Clock Synchronisation is critical. Many 'wrong password' errors are actually due to Kerberos objecting to a clock skew between client - and server. (The NTP work is partly to assist with this problem). + and server. (The NTP work in the previous alphas are partly to assist + with this problem). + +- The DRS replication code may fail. Please contact the team if you + experience issues with DRS replication, as we have fixed many issues + here in response to feedback from our production users. + +RUNNING Samba 4.0 as an AD DC +============================= + +A short guide to setting up Samba 4 as an AD DC can be found on the wiki: -- Samba4 alpha4 is currently only portable to recent Linux - distributions. Work to return support for other Unix varients is - expected during the next alpha cycle + http://wiki.samba.org/index.php/Samba4/HOWTO -RUNNING Samba4 -============== +####################################### +Reporting bugs & Development Discussion +####################################### -A short guide to setting up Samba 4 can be found in the howto.txt file -in root of the tarball. +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. -DEVELOPMENT and FEEDBACK -======================== -Bugs can be filed at https://bugzilla.samba.org/ but please be aware -that many features are simply not expected to work at this stage. +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). -The Samba Wiki at http://wiki.samba.org should detail some of these -development plans. -Development and general discussion about Samba 4 happens mainly on -the #samba-technical IRC channel (on irc.freenode.net) and -the samba-technical mailing list (see http://lists.samba.org/ for -details). +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +======================================================================