- WHATS NEW IN Samba 2.0.0 beta1
- ==============================
+ WHATS NEW IN Samba 2.0.4b
+ =========================
+
+This is the latest stable release of Samba. This is the
+version that all production Samba servers should be running
+for all current bug-fixes.
+
+New/Changed parameters in 2.0.4
+-------------------------------
+
+There are 5 new parameters and one modified parameter in
+the smb.conf file.
+
+allow trusted domains
+restrict anonymous
+mangle locks
+oplock break wait time
+oplock contention limit
+
+The new parameters are :
+
+allow trusted domains
+---------------------
+
+This option is used in "security=domain" settings and allows
+the Samba admin to restrict access to users within the domain
+the the Samba server is in.
+
+restrict anonymous
+------------------
+
+This parameter allows the Samba admin to cause Samba to
+refuse access to anonymous users. Use of this parameter
+is only recommened for homogenous NT client environments.
+
+mangle locks
+------------
+
+This parameter was added to get around a bug in Windows NT
+when dealing with Samba running on 32-bit systems (such
+as Linux x86). This bug causes NT to send 64 bit locking
+requests to 32-bit systems even though Samba correctly
+tells the NT client not to do so. This option causes Samba
+to map the lock requests from 64 bits to 32 bits on these
+systems.
+
+oplock break wait time
+----------------------
+
+This tuning parameter, added to help with clients that don't
+respond to oplock break requests, causes Samba to deley for
+this number of milliseconds before sending an oplock break
+request to a client that caused the break to be sent. The
+default is 10ms. This is an advanced tuning parameter and
+should not be changed lightly.
+
+oplock contention limit
+-----------------------
+
+This tuning parameter causes Samba not to grant oplocks
+when an smbd daemon notices that there have been this
+many concurrent requests for an oplock on a file. This
+prevents the "baton passing" oplock problem where many
+clients accessing one file pass the oplock between themselves
+like a baton. The default is 2. This is an advanced tuning
+parameter and should not be changed lightly.
+
+The modified parameter is :
+
+nt acl support
+--------------
+
+This is a global parameter that defaulted to False in
+the previous release (2.0.3) and now defaults to True
+as the RPC code has been added to Samba to allow it to
+map UNIX permissions to NT ACLs.
+
+All of these new parameters and changes are documented in the
+smb.conf man pages and html pages.
+
+Updated and New documentation
+-----------------------------
+
+A new document describing the manipulation of UNIX permissions
+via the Windows NT security dialogs and their interaction with
+Samba 2.0.4 is provided as :
+
+docs/textdocs/NT_Security.txt
+docs/htmldocs/NT_Security.html
+
+Changes in 2.0.4b
+-----------------
+
+A bug with MS-Word 97 saving files with zero UNIX permissions
+was fixed. Even though a workaround is available (set force
+create mode = 644 on the share) Word is such an important
+application that a point fix was neccessary.
+
+Changes in 2.0.4a
+-----------------
+
+The text and html versions of NT_Security were missing from
+the shipping tarball. Also a compile bug for platforms that
+don't have usleep was fixed.
+
+Bugfixes added since 2.0.3
+--------------------------
+
+1). Fix for 8 character password problem when using HPUX and
+plaintext passwords.
+2). --with-pam option added to ./configure.
+3). Client fixes for memory leak and display of 64 bit values.
+4). Fixes for -E and -s option with smbclient.
+5). smbclient now allows -L //server or -L \\server
+6). smbtar fix for display of 64 bit values.
+7). Endian independence added to DCE/RPC code.
+8). DCE/RPC marshalling/unmarshalling code re-written to provide
+overflow reporting and sign and seal support.
+9). Bind NAK reply packet added to DCE/RPC code, used to correctly
+refuse bind requests (prevents NT system event log messages).
+10). Mapping of UNIX permissions into NT ACL's for get and set
+added.
+11). DCE/RPC enumeration of numbers of shares made dynamic.
+Samba now has no limit on the number of exported shares seen.
+12). Fix to speed up random number seed generation on /dev/urandom
+being unavailable.
+13). Several memory fixes added by running Purify on the code.
+14). Read from client error messages improved.
+15). Fixed endianness used in UNICODE strings.
+16). Cope with ERRORmoredata in an RPC pipe client call.
+17). Check for malformed responses in nmbd register name.
+18). NT Encrypted password changing from the NT password dialog box
+now fully implmented.
+19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit
+Samba platform.
+20). Allow file to be pseudo-openend in order to read security only.
+21). Improve filename mangling to reduce chance of collisions.
+22). Added code to prevent granting of oplocks when a file is under
+contention.
+23). Added tunable wait time before sending an oplock break request
+to a client if the client caused the break request. Helps with clients
+not responding to oplock breaks.
+24). Always respond negatively to queued local oplock break messages
+before shutdown. This can prevent "freezes" on an oplock error.
+25). Allow admin to restrict logons to correct domain when in domain
+level security.
+26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org)
+to prevent parameter substitution problems with anonymous connections.
+27). Fix SMBseek where seeking to a negative number sets the offset
+to zero.
+28). Fixed problem with mode getting corrupted in trans2 request
+(setting to zero means please ignore it).
+29). Correctly become the authenticated user on an authenticated
+DCE/RPC pipe request.
+30). Correctly reset debug level in nmbd if someone set it on the
+command line.
+31). Added more checking into testparm
+32). NetBench simulator added to smbtorture by Andrew.
+33). Fixed NIS+ option compile (was broken in 2.0.3).
+34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt
+(ejb@ql.org)
+
+Bugfixes added since 2.0.2
+--------------------------
+
+1). --with-ssl configure now include ssl include directory. Fix
+from Richard Sharpe.
+2). Patch for configure for glibc2.1 support (large files etc.).
+3). Several bugfixes for smbclient tar mode from Bob Boehmer
+(boehmer@worldnet.att.net) to fix smbclient aborting problems
+when restoring tar files.
+4). Some automount fixes for smbmount.
+5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as
+root. As no-one has given us root access to such a server this
+cannot be tested fully, but should work.
+6). Crash bug fix in debug code where *real* uid rather than
+*effective* uid was being checked before attempting to rotate
+log files. This fix should help a *lot* of people who were
+reporting smbd aborting in the middle of a copy operation.
+7). SIGALRM bugfix to ensure infinate file locks time out.
+8). New code to implement NT ACL reporting for cacls.exe program.
+9). UDP loopback socket rebind fix for Solaris.
+10). Ensure all UNICODE strings are correctly in little-endian
+format.
+11). smbpasswd file locking fix.
+12). Fixes for strncpy problems with glibc2.1.
+13). Ensure smbd correctly reports major and minor version number
+and server type when queried via NT rpc calls.
+14). Bugfix for short mangled names not being pulled off the
+mangled stack correctly.
+15). Fix for mapping of rwx bits being incorrectly overwritten
+when doing ATTRIB.EXE
+16). Fix for returning multiple PDU packets in NT rpc code. Should
+allow multiple shares to be returned correctly).
+17). Improved mapping of NT open access requests into UNIX open
+modes.
+18). Fix for copying files from an NTFS volume that contain
+multiple data forks. Added 'magic' error code NT needs.
+19). Fixed crash bug when primary NT authentication server
+is down, rolls over to secondaries correctly now.
+20). Fixed timeout processing to be timer based. Now will
+always occur even if smbd is under load.
+21). Fixed signed/unsigned problem in quotas code.
+22). Fixed bug where setting the password of a completely fresh
+user would end up setting the account disabled flag.
+23). Improved user logon messages to help admins having
+trouble with user authentication.
+
+Bugfixes added since 2.0.1
+--------------------------
+
+Note that due to a critical signal handling bug in 2.0.1,
+this release has been removed and replaced immediately with
+2.0.2. The Samba Team would like to apologise for any problem
+this may have caused.
+
+1). Fixed smbd looping on SIGCLD problem. This was
+ caused by a missing break statement in a critical
+ piece of code.
+
+Bugfixes added since 2.0.0
+--------------------------
+
+1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6
+2). Autoconf changes to help HPUX configure correctly.
+3). Autoconf changes to allow lock directory to be set.
+4). Client fix to allow port to be set.
+5). clitar fix to send debug messages to stderr.
+6). smbmount race condition fix.
+7). Fix for bug where trying to browse large numbers of shares
+ generated an error from an NT client.
+8). Wrapper for setgroups for SunOS 4.x
+9). Fix for directory deleting failing from multiuser NT.
+10). Fix for crash bug if bitmap was full.
+11). Fix for Linux genrand where /dev/random could cause
+ clients to timeout on connect if the entropy pool was
+ empty.
+12). The default PASSWD_CHAT may now be overridden in local.h
+13). HPUX printing fixes for default programs.
+14). Reverted (erroneous) code in MACHINE.SID generation that
+ was setting the sid to 0x21 - should be *decimal* 21.
+15). Fix for printing to remote machine under SVR4.
+16). Fix for chgpasswd wait being interrupted with EINTR.
+17). Fix for disk free routine. NT and Win98 now correctly
+ show greater than 2GB disks.
+18). Fix for crash bug in stat cache statistics printing.
+19). Fix for filenames ending in .~xx.
+20). Fix for access check code wait being interrupted with EINTR.
+21). Fix for password changes from "invalid password" to a valid
+ one setting the account disabled bit.
+22). Fix for smbd crash bug in SMBreadraw cache prime code.
+23). Fix for overly zealous lock range overflow reporting.
+24). Fix for large disk disk free reporting (NT SMB code).
+25). Fix for NT failing to truncate files correctly.
+26). Fix for smbd crash bug with SMBcancel calls.
+27). Additional -T flag to nmblookup to do reverse DNS on addresses.
+28). SWAT fix to start/stop smbd/nmbd correctly.
+
+Major changes in Samba 2.0
+--------------------------
This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file
and print server for Windows systems.
There have been many changes in Samba since the last major release,
-1.9.18. These have mainly been in the areas of performance and
-SMB protocol correctness. In addition, a Web based GUI interface
+1.9.18. These have mainly been in the areas of performance and
+SMB protocol correctness. In addition, a Web based GUI interface
for configuring Samba has been added.
In addition, Samba has been re-written to help portability to
other POSIX-based systems, based on the GNU autoconf tool.
-Major changes in Samba 2.0
---------------------------
-
-There are many major changes in Samba for version 2.0. Here are
+There are many major changes in Samba for version 2.0. Here are
some of them:
=====================================================================
2). Correctness
---------------
-Samba now supports the Windows NT specific SMB requests. This
+Samba now supports the Windows NT specific SMB requests. This
means that on platforms that are capable Samba now presents a
64 bit view of the filesystem to Windows NT clients and is
capable of handling very large files.
the need for people installing Samba to have to hand configure
Makefiles, as was needed in previous versions.
-You now configure Samba by running "./configure" then "make". See
+You now configure Samba by running "./configure" then "make". See
docs/textdocs/UNIX_INSTALL.txt for details.
-4) Web based GUI configuration
-------------------------------
+4). Web based GUI configuration
+-------------------------------
-Samba now comes with SWAT, a web based GUI config system. See
+Samba now comes with SWAT, a web based GUI config system. See
the swat man page for details on how to set it up.
-5) Cross protocol data integrety
---------------------------------
+5). Cross protocol data integrity
+---------------------------------
An open function interface has been defined to allow
"opportunistic locks" (oplocks for short) granted by Samba
-to be seen by other UNIX processes. This allows complete
+to be seen by other UNIX processes. This allows complete
cross protocol (NFS and SMB) data integrety using Samba
with platforms that support this feature.
-6) Domain client capability
----------------------------
+6). Domain client capability
+----------------------------
Samba is now capable of using a Windows NT PDC for user
-authentication in exactly the same was as a Windows NT
-server does, ie. it can be a member of a Domain. See
+authentication in exactly the same way that a Windows NT
+workstation does, i.e. it can be a member of a Domain. See
docs/textdocs/DOMAIN_MEMBER.txt for details.
-7) Documentation Updates
-------------------------
+7). Documentation Updates
+-------------------------
All the reference parts of the Samba documentation (the
manual pages) have been updated and converted to a document
format that allows automatic generation of HTML, SGML, and
-text formats. These documents now ship as standard in HTML
+text formats. These documents now ship as standard in HTML
and manpage format.
=====================================================================
NOTE - Some important option defaults changed
---------------------------------------------
-Several parameters have changed their default values. The most
+Several parameters have changed their default values. The most
important of these is that the default security mode is now user
level security rather than share level security.
match a Windows NT server precisely, that is, case insensitive
but case preserving.
+The default format of the smbpasswd file has also been
+changed for this release, although the new tools will read
+and write the old format, for backwards compatibility.
+
=====================================================================
NOTE - Primary Domain Controller Functionality
This version of Samba contains code that correctly implements
the undocumented Primary Domain Controller authentication
-protocols. However, there is much more to being a Primary
+protocols. However, there is much more to being a Primary
Domain Controller than serving Windows NT logon requests.
A useful version of a Primary Domain Controller contains
-many remote proceedure calls to do things like enumerate users,
+many remote procedure calls to do things like enumerate users,
groups, and security information, only some of which Samba currently
-implements. For this reason we have chosen not to advertise
-and actively support Primary Domain Controller functionality
-with this release.
+implements. In addition, there are outstanding (known) bugs with
+using Samba as a PDC in this release that the Samba Team are actively
+working on. For this reason we have chosen not to advertise and
+actively support Primary Domain Controller functionality with this
+release.
This work is being done in the CVS (developer) versions of Samba,
-development of which continues at a fast pace. If you are
+development of which continues at a fast pace. If you are
interested in participating in or helping with this development
-please join the Samba-NTDOM mailing list. Details on joining
+please join the Samba-NTDOM mailing list. Details on joining
are available at :
-http://samba.anu.edu.au/listproc/
+http://samba.org/listproc/
Details on obtaining CVS (developer) versions of Samba
are available at:
-http://samba.anu.edu.au/cvs.html
+http://samba.org/cvs.html
=====================================================================
If you have problems, or think you have found a bug please email
a report to :
- samba-bugs@samba.anu.edu.au
+ samba-bugs@samba.org
As always, all bugs are our responsibility.
Regards,
- The Samba Team.
+ The Samba Team.