- WHATS NEW IN Samba 2.0.0 beta1
- ==============================
+ WHATS NEW IN Samba 2.0.4b
+ =========================
+
+This is the latest stable release of Samba. This is the
+version that all production Samba servers should be running
+for all current bug-fixes.
+
+New/Changed parameters in 2.0.4
+-------------------------------
+
+There are 5 new parameters and one modified parameter in
+the smb.conf file.
+
+allow trusted domains
+restrict anonymous
+mangle locks
+oplock break wait time
+oplock contention limit
+
+The new parameters are :
+
+allow trusted domains
+---------------------
+
+This option is used in "security=domain" settings and allows
+the Samba admin to restrict access to users within the domain
+the the Samba server is in.
+
+restrict anonymous
+------------------
+
+This parameter allows the Samba admin to cause Samba to
+refuse access to anonymous users. Use of this parameter
+is only recommened for homogenous NT client environments.
+
+mangle locks
+------------
+
+This parameter was added to get around a bug in Windows NT
+when dealing with Samba running on 32-bit systems (such
+as Linux x86). This bug causes NT to send 64 bit locking
+requests to 32-bit systems even though Samba correctly
+tells the NT client not to do so. This option causes Samba
+to map the lock requests from 64 bits to 32 bits on these
+systems.
+
+oplock break wait time
+----------------------
+
+This tuning parameter, added to help with clients that don't
+respond to oplock break requests, causes Samba to deley for
+this number of milliseconds before sending an oplock break
+request to a client that caused the break to be sent. The
+default is 10ms. This is an advanced tuning parameter and
+should not be changed lightly.
+
+oplock contention limit
+-----------------------
+
+This tuning parameter causes Samba not to grant oplocks
+when an smbd daemon notices that there have been this
+many concurrent requests for an oplock on a file. This
+prevents the "baton passing" oplock problem where many
+clients accessing one file pass the oplock between themselves
+like a baton. The default is 2. This is an advanced tuning
+parameter and should not be changed lightly.
+
+The modified parameter is :
+
+nt acl support
+--------------
+
+This is a global parameter that defaulted to False in
+the previous release (2.0.3) and now defaults to True
+as the RPC code has been added to Samba to allow it to
+map UNIX permissions to NT ACLs.
+
+All of these new parameters and changes are documented in the
+smb.conf man pages and html pages.
+
+Updated and New documentation
+-----------------------------
+
+A new document describing the manipulation of UNIX permissions
+via the Windows NT security dialogs and their interaction with
+Samba 2.0.4 is provided as :
+
+docs/textdocs/NT_Security.txt
+docs/htmldocs/NT_Security.html
+
+Changes in 2.0.4b
+-----------------
+
+A bug with MS-Word 97 saving files with zero UNIX permissions
+was fixed. Even though a workaround is available (set force
+create mode = 644 on the share) Word is such an important
+application that a point fix was neccessary.
+
+Changes in 2.0.4a
+-----------------
+
+The text and html versions of NT_Security were missing from
+the shipping tarball. Also a compile bug for platforms that
+don't have usleep was fixed.
+
+Bugfixes added since 2.0.3
+--------------------------
+
+1). Fix for 8 character password problem when using HPUX and
+plaintext passwords.
+2). --with-pam option added to ./configure.
+3). Client fixes for memory leak and display of 64 bit values.
+4). Fixes for -E and -s option with smbclient.
+5). smbclient now allows -L //server or -L \\server
+6). smbtar fix for display of 64 bit values.
+7). Endian independence added to DCE/RPC code.
+8). DCE/RPC marshalling/unmarshalling code re-written to provide
+overflow reporting and sign and seal support.
+9). Bind NAK reply packet added to DCE/RPC code, used to correctly
+refuse bind requests (prevents NT system event log messages).
+10). Mapping of UNIX permissions into NT ACL's for get and set
+added.
+11). DCE/RPC enumeration of numbers of shares made dynamic.
+Samba now has no limit on the number of exported shares seen.
+12). Fix to speed up random number seed generation on /dev/urandom
+being unavailable.
+13). Several memory fixes added by running Purify on the code.
+14). Read from client error messages improved.
+15). Fixed endianness used in UNICODE strings.
+16). Cope with ERRORmoredata in an RPC pipe client call.
+17). Check for malformed responses in nmbd register name.
+18). NT Encrypted password changing from the NT password dialog box
+now fully implmented.
+19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit
+Samba platform.
+20). Allow file to be pseudo-openend in order to read security only.
+21). Improve filename mangling to reduce chance of collisions.
+22). Added code to prevent granting of oplocks when a file is under
+contention.
+23). Added tunable wait time before sending an oplock break request
+to a client if the client caused the break request. Helps with clients
+not responding to oplock breaks.
+24). Always respond negatively to queued local oplock break messages
+before shutdown. This can prevent "freezes" on an oplock error.
+25). Allow admin to restrict logons to correct domain when in domain
+level security.
+26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org)
+to prevent parameter substitution problems with anonymous connections.
+27). Fix SMBseek where seeking to a negative number sets the offset
+to zero.
+28). Fixed problem with mode getting corrupted in trans2 request
+(setting to zero means please ignore it).
+29). Correctly become the authenticated user on an authenticated
+DCE/RPC pipe request.
+30). Correctly reset debug level in nmbd if someone set it on the
+command line.
+31). Added more checking into testparm
+32). NetBench simulator added to smbtorture by Andrew.
+33). Fixed NIS+ option compile (was broken in 2.0.3).
+34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt
+(ejb@ql.org)
+
+Bugfixes added since 2.0.2
+--------------------------
+
+1). --with-ssl configure now include ssl include directory. Fix
+from Richard Sharpe.
+2). Patch for configure for glibc2.1 support (large files etc.).
+3). Several bugfixes for smbclient tar mode from Bob Boehmer
+(boehmer@worldnet.att.net) to fix smbclient aborting problems
+when restoring tar files.
+4). Some automount fixes for smbmount.
+5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as
+root. As no-one has given us root access to such a server this
+cannot be tested fully, but should work.
+6). Crash bug fix in debug code where *real* uid rather than
+*effective* uid was being checked before attempting to rotate
+log files. This fix should help a *lot* of people who were
+reporting smbd aborting in the middle of a copy operation.
+7). SIGALRM bugfix to ensure infinate file locks time out.
+8). New code to implement NT ACL reporting for cacls.exe program.
+9). UDP loopback socket rebind fix for Solaris.
+10). Ensure all UNICODE strings are correctly in little-endian
+format.
+11). smbpasswd file locking fix.
+12). Fixes for strncpy problems with glibc2.1.
+13). Ensure smbd correctly reports major and minor version number
+and server type when queried via NT rpc calls.
+14). Bugfix for short mangled names not being pulled off the
+mangled stack correctly.
+15). Fix for mapping of rwx bits being incorrectly overwritten
+when doing ATTRIB.EXE
+16). Fix for returning multiple PDU packets in NT rpc code. Should
+allow multiple shares to be returned correctly).
+17). Improved mapping of NT open access requests into UNIX open
+modes.
+18). Fix for copying files from an NTFS volume that contain
+multiple data forks. Added 'magic' error code NT needs.
+19). Fixed crash bug when primary NT authentication server
+is down, rolls over to secondaries correctly now.
+20). Fixed timeout processing to be timer based. Now will
+always occur even if smbd is under load.
+21). Fixed signed/unsigned problem in quotas code.
+22). Fixed bug where setting the password of a completely fresh
+user would end up setting the account disabled flag.
+23). Improved user logon messages to help admins having
+trouble with user authentication.
+
+Bugfixes added since 2.0.1
+--------------------------
+
+Note that due to a critical signal handling bug in 2.0.1,
+this release has been removed and replaced immediately with
+2.0.2. The Samba Team would like to apologise for any problem
+this may have caused.
+
+1). Fixed smbd looping on SIGCLD problem. This was
+ caused by a missing break statement in a critical
+ piece of code.
+
+Bugfixes added since 2.0.0
+--------------------------
+
+1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6
+2). Autoconf changes to help HPUX configure correctly.
+3). Autoconf changes to allow lock directory to be set.
+4). Client fix to allow port to be set.
+5). clitar fix to send debug messages to stderr.
+6). smbmount race condition fix.
+7). Fix for bug where trying to browse large numbers of shares
+ generated an error from an NT client.
+8). Wrapper for setgroups for SunOS 4.x
+9). Fix for directory deleting failing from multiuser NT.
+10). Fix for crash bug if bitmap was full.
+11). Fix for Linux genrand where /dev/random could cause
+ clients to timeout on connect if the entropy pool was
+ empty.
+12). The default PASSWD_CHAT may now be overridden in local.h
+13). HPUX printing fixes for default programs.
+14). Reverted (erroneous) code in MACHINE.SID generation that
+ was setting the sid to 0x21 - should be *decimal* 21.
+15). Fix for printing to remote machine under SVR4.
+16). Fix for chgpasswd wait being interrupted with EINTR.
+17). Fix for disk free routine. NT and Win98 now correctly
+ show greater than 2GB disks.
+18). Fix for crash bug in stat cache statistics printing.
+19). Fix for filenames ending in .~xx.
+20). Fix for access check code wait being interrupted with EINTR.
+21). Fix for password changes from "invalid password" to a valid
+ one setting the account disabled bit.
+22). Fix for smbd crash bug in SMBreadraw cache prime code.
+23). Fix for overly zealous lock range overflow reporting.
+24). Fix for large disk disk free reporting (NT SMB code).
+25). Fix for NT failing to truncate files correctly.
+26). Fix for smbd crash bug with SMBcancel calls.
+27). Additional -T flag to nmblookup to do reverse DNS on addresses.
+28). SWAT fix to start/stop smbd/nmbd correctly.
+
+Major changes in Samba 2.0
+--------------------------
This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file
and print server for Windows systems.
In addition, Samba has been re-written to help portability to
other POSIX-based systems, based on the GNU autoconf tool.
-Major changes in Samba 2.0
---------------------------
-
There are many major changes in Samba for version 2.0. Here are
some of them:
match a Windows NT server precisely, that is, case insensitive
but case preserving.
+The default format of the smbpasswd file has also been
+changed for this release, although the new tools will read
+and write the old format, for backwards compatibility.
+
=====================================================================
NOTE - Primary Domain Controller Functionality
A useful version of a Primary Domain Controller contains
many remote procedure calls to do things like enumerate users,
groups, and security information, only some of which Samba currently
-implements. For this reason we have chosen not to advertise
-and actively support Primary Domain Controller functionality
-with this release.
+implements. In addition, there are outstanding (known) bugs with
+using Samba as a PDC in this release that the Samba Team are actively
+working on. For this reason we have chosen not to advertise and
+actively support Primary Domain Controller functionality with this
+release.
This work is being done in the CVS (developer) versions of Samba,
development of which continues at a fast pace. If you are
git.samba.org / samba.git / blobdiff