Release Announcements ===================== This is the first preview release of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.11 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES ==================== Default samba process model --------------------------- The default for the --model argument passed to the samba executable has changed from 'standard' to 'prefork'. This means a difference in the number of samba child processes that are created to handle client connections. The previous default would create a separate process for every LDAP or NETLOGON client connection. For a network with a lot of persistent client connections, this could result in significant memory overhead. Now, with the new default of 'prefork', the LDAP, NETLOGON, and KDC services will create a fixed number of worker processes at startup and share the client connections amongst these workers. The number of worker processes can be configured by the 'prefork children' setting in the smb.conf (the default is 4). Authentication Logging. ----------------------- Winbind now logs PAM_AUTH and NTLM_AUTH events, a new attribute "logonId" has been added to the Authentication JSON log messages. This contains a random logon id that is generated for each PAM_AUTH and NTLM_AUTH request and is passed to SamLogon, linking the windbind and SamLogon requests. The serviceDescription of the messages is set to "winbind", the authDescription is set to one of: "PASSDB, , " "PAM_AUTH, , " "NTLM_AUTH, , " where: is the name of the command makinmg the winbind request i.e. wbinfo is the process id of the requesting process. The version of the JSON Authentication messages has been changed to 1.2 from 1.1 Reindex performance improvements -------------------------------- The performance of samba-tool dbcheck --reindex has been improved, especially for large domains. LDAP referrals -------------- The scheme of returned LDAP referrals now reflects the scheme of the original request, i.e. referrals received via ldap are prefixed with "ldap://" and those over ldaps are prefixed with "ldaps://" Previously all referrals were prefixed with "ldap://" Bind9 logging ------------- It is now possible to log the duration of DNS operations performed by Bind9 This should aid future diagnosis of performance issues, and could be used to monitor DNS performance. The logging is enabled by setting log level to "dns:10" in smb.conf The logs are currently Human readable text only, i.e. no JSON formatted output. Log lines are of the form: : DNS timing: result: [] duration: () zone: [] name: [] data: [] durations are in microseconds. Default schema updated to 2012_R2 ------------------------- Default AD schema changed from 2008_R2 to 2012_R2. 2012_R2 functional level is not yet available. Older schemas can be used by provisioning with the '--base-schema' argument. Existing installations can be updated with the samba-tool command "domain schemaupgrade". Setting lmdb map size --------------------- It is now possible to set the lmdb map size (The maximum permitted size for the database). "samba-tool" now accepts the "--backend-store-size" i.e. --backend-store-size=4Gb. If not specified it defaults to 8Gb. This option is avaiable for the following sub commands: * domain provision * domain join * domain dcpromo * drs clone-dc-database REMOVED FEATURES ================ Web server ---------- As a leftover from work related to the Samba Web Administration Tool (SWAT), Samba still supported a Python WSGI web server (which could still be turned on from the 'server services' smb.conf parameter). This service was unused and has now been removed from Samba. samba-tool join subdommain -------------------------- The subdommain role has been removed from the join command. This option did not work and has no tests. smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- web port Removed fruit:zero_file_id Changed default False KNOWN ISSUES ============ https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.11#Release_blocking_bugs ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ======================================================================