X-Git-Url: http://git.samba.org/?p=samba.git;a=blobdiff_plain;f=WHATSNEW.txt;h=3b56d6ccc83f551eb3f45f2bc38bce5a564a6ac1;hp=0d01a925f43a30f07fc1e3fd22d6ff16a7a594dd;hb=0865f4615d3ee91673dd6d02c6537765f34b3129;hpb=73ffc394b58fa951bca444506cd9d75a159e7f11 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0d01a925f43..3b56d6ccc83 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,1619 +1,677 @@ - ================================= - Release Notes for Samba 3.0.3pre1 - March 19, 2004 - ================================= + ================================= + Release Notes for Samba 3.2.0pre3 + Apr 25, 2008 + ================================= + +This is the third preview release of Samba 3.2.0. This is *not* +intended for production environments and is designed for testing +purposes only. Please report any defects via the Samba bug reporting +system at https://bugzilla.samba.org/. + +Please be aware that Samba is now distributed under the version 3 +of the new GNU General Public License. You may refer to the COPYING +file that accompanies these release notes for further licensing details. + +Major enhancements in Samba 3.2.0 include: + + File Serving: + o Use of IDL generated parsing layer for several DCE/RPC + interfaces. + o Removal of the 1024 byte limit on pathnames and 256 byte limit on + filename components to honor the MAX_PATH setting from the host OS. + o Introduction of a registry based configuration system. + o Improved CIFS Unix Extensions support. + o Experimental support for file serving clusters. + o Support for IPv6 in the server, and client tools and libraries. + o Support for storing alternate data streams in xattrs. + o Encrypted SMB transport in client tools and libraries, and server. + o Support for Vista clients authenticating via Kerberos. + + Winbind and Active Directory Integration: + o Full support for Windows 2003 cross-forest, transitive trusts + and one-way domain trusts. + o Support for userPrincipalName logons via pam_winbind and NSS + lookups. + o Expansion of nested domain groups via NSS calls. + o Support for Active Directory LDAP Signing policy. + o New LGPL Winbind client library (libwbclient.so). + o Support for establishing interdomain trust relationships with + Windows 2008. + + Joining: + o New NetApi library for domain join related queries (libnetapi.so) + and example GTK+ Domain join gui. + o New client and server support for remotely joining and unjoining + Domains. + o Support for joining into Windows 2008 domains. + + Users & Groups: + o New ldb backend for local group mapping tables + o Raised level of security defaults for authentication operations. + o New NetApi library for user account related queries. + + + Documentation: + o Inclusion of an HTML version of the 3rd edition of "Using Samba" + from O'Reilly Publishing. + + +Now Licensed under the GNU GPLv3 +================================ + +The Samba Team has adopted the Version 3 of the GNU General Public +License for the 3.2 and later releases. The GPLv3 is the updated +version of the GPLv2 license under which Samba is currently +distributed. It has been updated to improve compatibility with other +licenses and to make it easier to adopt internationally, and is an +improved version of the license to better suit the needs of Free +Software in the 21st Century. + +The original announcement is available on-line at + + http://news.samba.org/announcements/samba_gplv3/ + + +New Security Defaults for Authentication +======================================== + +Support for LanMan passwords is now disabled in both client and server +applications. Additionally, clear text authentication requests are +disabled by default in client utilities such as smbclient and all +libsmbclient based applications. This will affect connection both +to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer +to the "Changes" section for details on the exact parameters that were +updated. + + +Registry Configuration Backend +============================== + +Samba is now able to use a registry based configuration backed to +supplement smb.conf settings. This feature may be enabled by setting +"config backend = registry" in the [global] section of smb.conf for a +registry only configuration, or by specifying "include = registry" to +include global options from registry for a mixed setup. + +The new parameter "registry shares = yes" in the [global] section of +smb.conf can be used to activate share definitions from registry. +These shares are loaded on demand by the server. Registry shares are +automatically activated by the global registry options above. + +The configuration stored in registry can be conveniently managed using +the "net conf" command. + +More information may be obtained from the smb.conf(5) and net(8) man +pages. + + +Removed Features +================ + +Both the Python bindings and the libmsrpc shared library have been +removed from the tree due to lack of an official maintainer. + +As smbfs is no longer supported in current kernel versions, smbmount has +been removed in this Samba version. Please use cifs (mount.cifs) instead. +See examples/scripts/mount/mount.smbfs as an example for a wrapper which +calls mount.cifs instead of smbmount/mount.smbfs. + + +Modified API for libsmbclient +============================================================================== + +Maintaining ABI compatibility for libsmbclient has become increasingly +difficult to accomplish, while also keeping the code organization such that it +is easily readable. Towards the goal of maintaining ABI compatibility and +also keeping the code easy to maintain and enhance, the API has been enhanced. +In particular, the fields in the SMBCCTX context structure are no longer +intended to be read/write by the user, and are marked as deprecated. An +application that previously accessed the members of the SMBCCTX context +structure will now encounter warnings if recompiled. This is intentional, to +encourage implementation of the small changes required for the new interface. +The number of changes is expected to be quite small for the vast majority of +applications, and no changes need be made for many applications. The changes +required for KDE (konqueror) to conform to the new interface, for example, are +only four lines in only one file. -This is a preview release of the Samba 3.0.3 code base and is -provided for testing only. This release is *not* intended for -production servers. Use at your own risk. +Instead of the application manually changing or reading values in the context +structure, there are now setter and getter functions for each configurable +member in that structure. Similarly, the smbc_option_get() and +smbc_option_set() functions are deprecated in favor of the setter/getter +interface. The setters and getters are all documented in libsmbclient.h +under these comment blocks: -There have been several bug fixes since the 3.0.2a release that -we feel are important to make available to the Samba community -for wider testings. See the "Changes" section for details on -exact updates. + Getters and setters for CONFIGURATION + Getters and setters for OPTIONS + Getters and setters for FUNCTIONS + Callable functions for files + Callable functions for directories + Callable functions applicable to both files and directories -Common bugs fixed in this preview release include: +Example changes that may be required to eliminate "deprecated" warnings: - o Crash bugs and change notify issues in Samba's - printing code. - o Honoring secondary group membership on domain - member servers. - o TDB scalability issue surrounding the TDB_CLEAR_IF_FIRST - flag. - -New features introduced in this preview release include: + /* Set the debug level */ + context->debug = 99; +changes to: + smbc_setDebug(context, 99); - o Improved support for i18n character sets. - o Support for account lockout policy based on - bad password attempts. - o Improved support for long password changes (>14 - characters) and strong password enforcement. - o Continued work on support Windows aliases (i.e. - nested groups). + /* Specify the authentication callback function */ + context->callbacks.auth_fn = auth_smbc_get_data; +changes to: + smbc_setFunctionAuthData(context, auth_smbc_get_data); + /* Specify the new-style authentication callback with context parameter */ + smbc_option_set("auth_function", auth_smbc_get_data_with_ctx); +changes to: + smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx); - -###################################################################### -Changes -####### -Changes since 3.0.2a --------------------- -smb.conf changes ----------------- - - Parameter Name Action - -------------- ------ - only user Deprecated - use cracklib New - - -Please refer to the CVS log for the SAMBA_3_0 branch for complete -details. The list of changes per contributor are as follows: - - -commits -------- - -o Jeremy Allison - * Ensure that Kerberos mutex is always properly unlocked. - * Removed Heimdal "in-memory keytab" support. - * Fixup the 'multiple-vuids' bugs in our server code. - * Correct return code from lsa_lookup_sids() on unmapped - sids (based on work by vl@samba.org). - * Fix the "too many fcntl locks" scalability problem - raised by tridge. - * Fixup correct (as per W2K3) returns for lookupsids - as well as lookupnames. - * Fixups for delete-on-close semantics as per Win2k3 behavior. - * Make SMB_FILE_ACCESS_INFORMATION call work correctly. - * Fix "unable to initialize" bug when smbd hasn't been run with - new system and a user is being added via pdbedit/smbpasswd. - * Added NTrename SMB (0xA5). - * Fixup correct timeout values for blocking lock timeouts. - * Fix various bugs reported by 'gentest'. - * More locking fixes in the case where we own the lock. - * Fix up regression in IS_NAME_VALID and renames. - * Don't set allocation size on directories. - * Return correct error code on fail if file exists and target - is a directory. - * Added client "hardlink" comment to test doing NT rename with - hard links. Added hardlink_internals() code - UNIX extensions - now use this as well. - * Use a common function to parse all pathnames from the wire for - much closer emulation of Win2k3 error return codes. - * Implement check_path_syntax() and rewrite string sub - functions for better multibyte support. - * Ensure msdfs referrals are multibyte safe. - * Allow msdfs symlink syntax to be more forgiving. - eg. sym_link -> msdfs://server/share/path/in/share - or sym_link -> msdfs:\\server\share\path\in\share. - * Cleanup multibyte netbios name support in nmbd ( based on patch - by MORIYAMA Masayuki ). - * Fix check_path_syntax() for multibyte encodings which have - no '\' as second byte (based on work by ab@samba.org. - * Fix the "dfs self-referrals as anonymous user" problem - (based on patch from vl@samba.org). - - -o Timur Bakeyev - * BUG 1144: only set --with-fhs when the argument is 'yes' - - -o Andrew Bartlet - * Include support for linking with cracklib for enforcing strong - password changes. - * Add support for >14 character password changes from Windows - clients. - * Add 'admin set password' capability to 'net rpc'. - * Allow 'net rpc samdump' to work with any joined domain - regardless of smb.conf settings. - * Use an allocated buffer for count_chars. - * Add sanity checks for changes in the domain SID in an - LDAP DIT. - * Implement python unit tests for Samba's multibyte string - support. - - -o Alexander Bokovoy - * Fix incorrect size calculation of the directory name - in recycle.so. - * Fix problems with very long filenames in both smbd and smbclient - caused by truncating paths during character conversions. - - -o Gerald (Jerry) Carter - * Fix 'make installmodules' bug on True64. - * BUG 66: mark 'only user' deprecated. - * Remove corrupt tdb and shutdown (only for printing tdbs, - connections, sessionid & locking). - * decrement smbd counter in connections.tdb in smb_panic(). - * RedHat specfile updates. - * Fix xattr.h build issue on Debian testing and SuSE 8.2. - * BUG 1147; bad pointer case in get_stored_queue_info() - causing seg fault. - * BUG 761: read the config file before initialized default - values for printing options; don't default to bsd printing - Linux. - * Allow the 'printing' parameter to be set on a per share basis. - * BUG 503: RedHat/Fedora packaging fixes regarding logrotate. - * BUG 848: don't create winbind local users/groups that already - exist in the tdb. - * BUG 1080: fix declaration of SMB_BIG_UINT (broke compile on - LynxOS/ppc). - * BUG 488: fix the 'show client in col 1' button and correctly - enumerate active connections. - * BUG 1007 (partial): Fix abort in smbd caused by byte ordering - problem when storing the updating pid for the lpq cache. - * BUG 1007 (partial): Fix print change notify bugs. - * BUG 1165, 1126: Fix bug with secondary groups (security = ads) - and winbind use default domain = yes. Also ensures that - * BUG 1151: Ensure that winbindd users are passed through - the username map. - * Fix client rpc binds for ASU derived servers (pc netlink, - etc...). - - -o Robert Dahlem - * BUG 1048: Don't return short names when when 'mangled names = no' - - -o Guenther Deschner - * Remove hard coded attribute name in the ads ranged retrieval - code. - - -o Bostjan Golob - * BUG 1046: Fix getpwent_list() so that the username is not - overwritten by other fields. - - -o Steve French - * Update mount.cifs to version 1.1. - * Disable dev (MS_NODEV) on user mounts from cifs vfs. - * Fixes to minor security bug in the mount helper. - - -o SATOH Fumiyasu - * BUG 1055; formatting fixes for 'net share'. - * BUG 692: correct truncation of share names and workgroup - names in smbclient. - * BUG 1088: use strchr_m() for query_host (smbclient -L). - - -o Chris Hertel - * fix enumeration of shares 12 characters in length via - smbclient. - - -o John Klinger - * Return NSS_SUCCESS once the max number of gids possible - has been found in initgroups() on Solaris. - * BUG 1182: Re-enable the -n 'no cache' option for winbindd. + /* Set kerberos flags */ + context->flags = (SMB_CTX_FLAG_USE_KERBEROS | + SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS); +changes to: + smbc_setOptionUseKerberos(context, 1); + smbc_setOptionFallbackAfterKerberos(context, 1); -o Volker Lendecke - * Fix success message for net groupmap modify. - * Fix errors when enumerating members of groups in 'net rpc'. - * Match Windows behavior in samr_lookup_names() by returning - ALIAS(4) when you search in BUILTIN. - * Fix server SAMR code to be able to set alias info for - builtin as well. - * Fix duplication of logic when creating groups via smbd. - * Ensure that the HWM values are set correctly after running - 'net idmap'. - * Add 'net rpc group add'. - * Implement 'net groupmap set' and 'net groupmap cleanup'. - * Add 'net rpc group [add|del]mem' for domain groups and aliases. - * Fix wb_delgrpmem (wbinfo -o). - * As a DC we should not reply to lsalookupnames on DCNAME\\user. - * Fix sambaUserWorkstations on a Samba DC. - - -o Herb Lewis - * Fix typo for tag in proto file. - * Add missing #ifdef HAVE_BICONV stuff. - * Truncate Samba's netbios name at the first '.' (not - right to left). - - -o Jianliang Lu - * Enforce the 'user must change password at next login' flag. - * Decode meaning of 'fields present' flags (improves support - for usrmgr.exe). - - -o L. Lucius . - * type fixes. - - -o Jim McDonough - * Add versioning support to tdbsam. - * Update the IBM Directory Server schema with the OpenLDAP - file. - * Various decoding fixes to improve usrmgr.exe support. - * Fix statfs redeclaration of statfs struct on ppc - * Implement support for password lockout of Samba domain - controllers and standalone servers. - * Get MungedDial attribute actually working with full TS - strings in it for pdb_ldap. - - -o Heinrich Mislik - o BUG 979 -- Fix quota display on AIX. - - -o James Peach - * Correct check for printf() format when using the SGI MIPSPro - compiler. - * BUG 1038: support backtrace for 'panic action' on IRIX. - * BUG 768: Accept profileing arg to IRIX init script. - * BUG 748: Relax arg parsing to sambalp script (IRIX). - * BUG 758: Fix pdma build. - - -o Tim Potter - * Fix logic bug in tdb non-blocking lock routines when - errno == EAGAIN. - * BUG 1025: Include sys/acl.h in check for broken nisplus - include files. - * BUG 1066: s/printf/d_printf/g in SWAT. - * BUG 1098: rename internal msleep() function to fix build - problems on AIX. - * BUG 1112: Fix for writable printerdata problem in python bindings. - * BUG 1154: Remove reference to in tdbdump.c. - * BUG 1155: enclose use of fchown() with guards. - - -o Simo Source - * Replace unknown_3 with fields_present in SAMR code. - - -o Richard Sharpe - * Add support to smbclient for multiple logins on the same - session (based on work by abartlet@samba.org). - - -o Andrew Tridgell - * Rewrote the AIX UESS backend for winbindd. - * Fixed compilation with --enable-dmalloc. - - -o Jelmer Vernooij - * Fix ETA Calculation when resuming downloads in smbget. - * Add -O (for writing downloaded files to standard out) - based on patch by Bas van Sisseren . - - -o TAKEDA yasuma - * BUG 900: fix token processing in cmd_symlink, cmd_link, - cmd_chown, cmd_chmod smbclient functions. - - -o Shiro Yamada - * BUG 1129: install image files for SWAT. - - -Changes for older versions follow below: - - -------------------------------------------------- - - ============================== - Release Notes for Samba 3.0.2a - February 13, 2004 - ============================== - -Samba 3.0.2a is a minor patch release for the 3.0.2 code base -to address, in particular, a problem when using pdbedit to -sanitize (--force-initialized-passwords) Samba's tdbsam -backend. This is the latest stable release of Samba. This -is the version that all production Samba servers should be -running for all current bug-fixes. - -******************* Attention! Achtung! Kree! ********************* - -Beginning with Samba 3.0.2, passwords for accounts with a last -change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in -ldapsam, etc...) of zero (0) will be regarded as uninitialized -strings. This will cause authentication to fail for such -accounts. If you have valid passwords that meet this criteria, -you must update the last change time to a non-zero value. If you -do not, then 'pdbedit --force-initialized-passwords' will disable -these accounts and reset the password hashes to a string of X's. - -******************* Attention! Achtung! Kree! ********************* ###################################################################### Changes ####### -Changes since 3.0.2 -------------------- - -commits -------- - -Please refer to the CVS log for the SAMBA_3_0 branch for complete -details. The list of changes per contributor are as follows: - - -o Jeremy Allison - * Added paranoia checks in parsing code. - - -o Andrew Bartlet - * Ensure that changes to uninitialized passwords in ldapsam - are written to the DIT. - - -o Gerald (Jerry) Carter - * Fixed iterator in tdbsam. - * Fix bug that disabled accounts with a valid NT password - hash, but no LanMan hash. - - -o Steve French - * Added missing nosetuid and noexec options. - - -o Bostjan Golob - * BUG 1046: Don't overwrite usernames of entries returned - by getpwent_list(). - - -o Sebastian Krahmer - * Fixed potential crash bug in NTLMSSP parsing code. - - -o Tim Potter - * Fixed logic in tdb_brlock error checking. - - -o Urban Widmark - * Set nosuid,nodev flags in smbmnt by default. - - - -------------------------------------------------- - - ============================= - Release Notes for Samba 3.0.2 - February 9, 2004 - ============================= - -It has been confirmed that previous versions of Samba 3.0 are -susceptible to a password initialization bug that could grant an -attacker unauthorized access to a user account created by the -mksmbpasswd.sh shell script. - -The Common Vulnerabilities and Exposures project (cve.mitre.org) -has assigned the name CAN-2004-0082 to this issue. - -Samba administrators not wishing to upgrade to the current -version should download the 3.0.2 release, build the pdbedit -tool, and run - - root# pdbedit-3.0.2 --force-initialized-passwords - -This will disable all accounts not possessing a valid password -(e.g. the password field has been set a string of X's). - -Samba servers running 3.0.2 are not vulnerable to this bug -regardless of whether or not pdbedit has been used to sanitize -the passdb backend. - -Some of the more visible bugs in 3.0.1 addressed in the 3.0.2 -release include: - - o Joining a Samba domain from Pre-SP2 Windows 2000 clients. - o Logging onto a Samba domain from Windows XP clients. - o Problems with the %U and %u smb.conf variables in relation to - Windows 9x/ME clients. - o Kerberos failures due to an invalid in memory keytab detection - test. - o Updates to the ntlm_auth tool. - o Fixes for various SMB signing errors. - o Better separation of WINS and DNS queries for domain controllers. - o Issues with nss_winbind FreeBSD and Solaris. - o Several crash bugs in smbd and winbindd. - o Output formatting fixes for smbclient for better compatibility - with scripts based on the 2.2 version. - - -Changes since 3.0.1 -------------------- - smb.conf changes ---------------- - Parameter Name Action - -------------- ------ - ldap replication sleep New - read size removed (unused) - source environment removed (unused) - + Parameter Name Description Default + -------------- ----------- ------- + administrative share New No + client lanman auth Changed Default No + client ldap sasl wrapping New plain + client plaintext auth Changed Default No + clustering New No + cluster addresses New "" + config backend New file + ctdb socket New "" + debug class New No + lanman auth Changed Default No + ldap debug level New 0 + ldap debug threshold New 10 + mangle map Removed + min receive file size New 0 + open files database hashsize Removed + read bmpx Removed + registry shares New No + winbind expand groups New 1 + winbind rpc only New No + + New special meaning of "include = registry". + + +Changes since 3.2.0pre2: +----------------------- + + +o Michael Adam + * Fix session setup with security = share. + * Fix segfault in testparm. + * Fix several Makefile issues. + * Fix build of bin/net on Solaris. + * Reformat the parm table of loadparm to use named initializers. + * Fix %I macro expansion for IPv4 mapped IPv6 addresses. + * Convert registry.tdb to use dbwrap and fix memleaks. + * Several make test fixes and improvements. + * Several libreplace extensions and fixes (portet from v4-0-test). + * Rename libnet_conf to libsmbconf and introduce backend abstraction layer. + * Add text backend to libsmbconf, based on params.c. + * Fix handling of includes in registry libsmbconf backend. + * Fix net conf import by reading from text backend. + * Add a "net registry" command to locally access the registry. + * Add getvalue subcommand to "net rpc registry". + * Add testsuites for libsmbconf and "net registry". + * Fix Coverity IDs 517, 536, 545. + * Remove unneeded REGISTRY_HOOKS layer from reghook cache + to allow plugging one backend to multiple keys more easily. + * Add smbconf_init dispatcher taking source strings like "backend:path" + * Fix handling of dangling parameters (without share) in libsmbconf. + * Introduce special meaning of "include = registry" to complement + the registry-only configuration of "config backend = registry". + * Enhance error propagation by making several registry functions + return WERROR. + * Fix loading of registry shares in smbd by fixing the token. + * Fix a segfault in tdb_wrap_log(). -commits -------- - -Please refer to the CVS log for the SAMBA_3_0 branch for complete -details. The list of changes per contributor are as follows: o Jeremy Allison - * Revert change that broke Exchange clear text samlogons. - * Fix gcc 3.4 warning in MS-DFS code. - * Tidy up of NTLMSSP code. - * Fixes for SMB signing errors - * BUG 815: Workaround NT4 bug to support plaintext - password logins and UNICODE. - * Fix SMB signing bug when copying large files. - * Correct error logic in mkdir_internals() (caused a panic - when combined with --enable-developer). - * BUG 830: Protect against crashes due to bad character - conversions. - - -o Petri Asikainen - * BUG 330, 387:Fix single valued attribute updates when - working with Novell NDS. - - -o Andrew Bartlet - * Correctly handle per-pipe NTLMSSP inside a NULL session. - * Fix segfault in gencache - * Fix early free() of encrypted_session_key. - * Change DC lookup routines to more carefully separate - DNS names (realms) from NetBIOS domain names. - * Add new sid_to_dn() function for internal winbindd use. - * Refactor cli_ds_enum_domain_trusts(). - * BUG 707: Implement range retrieval of ADS attributes (based - on work from Volker and Guenther Deschner - ). - * Automatically initialize the signing engine if a session key - is available. - * BUG 916: Do not perform a + -> ' ' substitution for squid URL - encoded strings, only form input in SWAT. - * Resets the NTLMSSP state for new negotiate packets. - * Add 2-byte alignments in net_samlogon() queries to parse - odd-length plain text passwords. - * Allow Windows groups with no members in winbindd. - * Allow normal authentication in the absence of a server - generated session key. - * More optimizations for looking up UNIX group lists. - * Clean up error codes and return values for pam_winbindd - and winbindd PAM interface. - * Fix string return values in ntlm_auth tool. - * Fix segfault when 'security = ads' but no realm is defined. - * BUG 722: Allow winbindd to map machine accounts to uids. - * More cleanups for winbindd's find_our_domain(). - * More clearly detect whether a domain controller is an NT4 - or mixed-mode AD DC (additional bug fixes by jerry & jmcd). - * Increase separation between DNS queries for hosts and queries - for AD domain controllers. - * Include additional NT_STATUS to PAM error mappings. - * Password initialization fixes. - - -o Justin Baugh - * BUG 948: Implement missing functions required for FreeBSD - nss_winbind support. - - -o Alexander Bokovoy - * BUG 922: Make sure enable fast path for strlower_m() and - strupper_m(). - - -o Luca Bolcioni - * Fix crash when using 'security = server' and 'encrypt - passwords = no' by always initializing the session key. - - -o Dmitry Butskoj - * Fix for special files being hidden from admins. - - -o Gerald (Jerry) Carter - * Fix bug in the lanman session key generation. Caused - "decode_pw: incorrect password length" error messages. - * Save the right case for the located user name in - fill_sam_account(). Fixes %U/%u expansion for win9x clients. - * BUG 897: Add well known rid for pre win2k compatible access - group. - * BUG 887: Correct typo in delete user script example. - * Use short lived TALLOC_CTX* for allocating printer objects - from the print handle cache. - * BUG 912: Fix check for HAVE_MEMORY_KEYTAB. - * Fix several warnings reported by the SUN Forte C compiler. - * Fully control DNS queries for AD DC's using 'name resolve order'. - * BUG 770: Send the SMBjobid for UNIX jobs back to the client. - * BUG 972: Fix segfault in cli_ds_getprimarydominfo(). - * BUG 936: fix bind credentials for schannel binds in smbd. - * BUG 446: Fix output of smbclient for better compatibility - with scripts based on the 2.2 version (including Amanda). - * BUG 891, 949: Fedora packaging fixes. - * Fix bug that caused rpcclient to incorrectly retrieve - the SID for a server (this causing all calls that required - this information to fail). - * BUG 977: Don't create a homes share for a user if a static - share already exists by the same name. - * Removed unused smb.conf options. - * Password initialization fixes. - * Set the disable flag for template accounts created by - mksmbpasswd.sh. - * Disable any account has no passwords and does not have the - ACB_PWNOTREQ bit set. - - -o Guenther Deschner - * Install smbwrapper.so should be put into the $(libdir) - and not $(bindir). - * Add the capability to specify the new user password - for "net ads password" on the command line. - * Correctly detect AFS headers on SuSE. - - -o James Flemer - * Fix AIX compile bug by linking HAVE_ATTR_LIST to - HAVE_SYS_ATTRIBUTES_H. - - -o Luke Howard - * Fix segfault in session setup reply caused by a early free(). - - -o Stoian Ivanov - * Implement grepable output for smbclient -L. - - -o LaMont Jones - * BUG 225328 (Debian): Correct false failure LFS test that resulted - in _GNU_SOURCE not being defined (thus resulting in strndup() - not being defined). - - -o Volker Lendecke - * BUG 583: Ensure that user names always contain the short - version of the domain name. - * Fix our parsing of the LDAP uri. - * Don't show the 'afs username map' in the SWAT basic view. - * Fix SMB signing issues in relation to failed NTLMSSP logins. - * BUG 924: Fix return codes in smbtorture harness. - * Always lower-case usernames before handing it to AFS code. - * Add a German translation for SWAT. - * Fix a segfaults in winbindd. - * Fix the user's domain passed to register_vuid() from - reply_spnego_kerberos(). - * Add NSS example code in nss_winbind to convert UNIX - id's <-> Windows SIDs. - * Display more descriptive error messages for login via 'net'. - * Fix compiler warning in the net tool. - * Fix length bug when decoding base64 strings. - * Ensure we don't call getpwnam() inside a loop that is iterating - over users with getpwent(). This broke on glibc 2.3.2. + * BUG 5311: Fix IPv6 issue with hosts allow/deny settings. + * BUG 5372: Fix client timeouts in large CUPS installations. + * Fix problem with nmbd not waiting until interfaces come up. + * Fix S3 to pass the test_raw_oplock_exclusive3 test. + * Fix MSDFS bug breaking MS clients in some cases by ensuring + the target host is ourselves. + * Rewrite the wrap checks to deal with gcc 4.x optimisations. -o Herb Lewis - * Fix bit rot in psec. +o Kai Blin + * BUG 4235: Prevent ntlm_auth from sending BH responses without a message. + * Fix one BH message. -o Jianliang Lu - * Ensure we delete the group mapping before calling the delete - group script. - * Define well known RID for managing the "Power Users" group. - * BUG 381: check builtin (not local) group SID when updating - group membership. - * BUG 101: set the SV_TYPE_PRINTQ_SERVER flag in host announcement - packet. - - -o John Klinger - * Implement initgroups() call in nss_winbind on Solaris. - - -o Jim McDonough - * Fix regression in net rpc join caused by recent changes - to cli_lsa_query_info_policy(). - * BUG 964: Fix crash bug in 'net rpc join' using a preexisting - machine account. +o Gerald (Jerry) Carter + * Fix libtdb some to move back towards allowing out of tree builds. + * Ignore port when pulling IP addr from struct sockaddr_storage.. + + +o Guenther Deschner + * Fix build of pam_smbpass. + * Fix lp_load with an empty registry and "config backend = registry". + * Fix build targets for bin/net. + * Fix _dssetup_DsRoleGetPrimaryDomainInformation(). + * Fix the build of cifs.spnego. + * Migration of the SRVSVC client and server DCE/RPC code to IDL + based structures and autogenerated code + * Fix Kerberos session setup with Vista SP1 (ignore PAC type 12) + * Fix support for vampire of lockout policies and + for storing dialin/terminal server settings. + * Fix remote join/unjoin server implementation. + * BUG 5328: Fix netlogon credential chain with Windows 2008 + (this also fixes joining Windows 2008 with rpc methods). + * Various fixes for establishing and validating interdomain trust + relationships with Windows 2008. + * Use IDL for storing domain controller information in dsgetdcname. + * Re-arranged internal structure of libnetapi. + * Add support for domain\dcname syntax in libnetjoin. + * Add support for browsing/joining OUs in netdomjoin-gui. + * Add various new calls to libnetapi. + + +o Björn Jacke + * Add AC_TRY_RUN_STRICT support for Sun Studio compiler. -o MORIYAMA Masayuki - * BUG 570: Ensure that configure honors the LDFLAGS variable. +o Volker Lendecke + * Add support for async SMB requests. + * Add transactions to the dbwrap API. + * Add "net idmap aclmapset". + * Change default bufsize to 512k. + * Fix Coverity IDs 473, 481, 506, 507, 525, 526, 527, 528, 529, 530, 537, + 538, 547, 548, 551, 552, 553, 554, 555, 557, 558, 559, 563, 564, 567. + ... and half a ton more + * Fix some warnings in the tsmsm module. + * Fix warnings. + * BUG 4901: Fix "ldap passwd sync = only". + * BUG 5334: Fix download of empty files using smbclient. + * BUG 5307: Fix notify changes. + * BUG 5317: Fix debug output in domain_client_validate. + * BUG 5338: Fix format string issue in rpcclient. + * Convert account_pol.tdb and share_info.tdb to dbwrap. + * Protect group_mapping.tdb ops with transactions. + * BUG 5366: "passwd program" should work on Solaris 10 again now. + * A level 25 setuserinfo does change the pwdlastset, fixes XP joins. + * BUG 5350: A Samba DC trusting NT4 should do an anon session setup. + * BUG 5375: Fix a segfault with "security=share" and [in]valid users. + * Fix printing from DOS clients -- introduced by inbuf/outbuf rewrite. + * Fix wbinfo -a trusted\\user%password on a Samba DC with trusts. + * BUG 5341: Fix async smbclient get command on Solaris. + * Make winbind use NetSamLogonEx when possible. + * Merge fixes in the 3-0-ctdb cluster code. + * Fix a segfault in snprintf replacement code. + * Fix a regression for wbinfo --group-info if winbind separator is set + + +o Derrell Lipman + * Check for NULL pointers before dereferencing them. + * Fix use of AuthDataWithContext capability. o Stefan Metzmacher - * Implement LDAP rebind sleep patch. - * Revert to 2.2 quota code because of so many broken quota files - out there. - * Fix XFS quotas: HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS - XFS_USER_QUOTA -> USRQUOTA - XFS_GROUP_QUOTA -> GRPQUOTA - * Fix disk_free calculation with group quotas. - * Add debug class 'quota' and a lot of DEBUG()'s - to the quota code. - * Fix sys_chown() when no chown() is present. - * Add SIGABRT to fault handling in order to catch got a - backtrace if an error occurs the OpenLDAP client libs. - - -o - * Allow an existing LDAP machine account to be re-used when - joining an AD domain. - - -o James Peach - * BUG 889: Change smbd to use pread/pwrite on platforms that - support these calls. Can lead to a significant speed increase. - - -o Tim Potter - * BUG 905: Remove POBAD_CC to fix Solaris Forte compiles. - * BUG 924: Fix typo in RW2 torture test. - - -o Richard Sharpe - * Small fixes to torture.c to cleanup the error handling - and prevent crashes. - - -o J. Tournier - * Small fixes for the smbldap-tool scripts. + * Add dbwrap_tdb2 backend, useful for cluster setups. + * Add more functions to libwbclient: + - wbcGetGroups() + - wbcInterfaceDetails() + - wbcListUsers() + - wbcListGroups() + - wbcLookupUserSids() + - wbcSetUidMapping() + - wbcSetGidMapping() + - wbcSetUidHwm() + - wbcSetGidHwm() + - wbcResolveWinsByName() + - wbcResolveWinsByIP() + - wbcCheckTrustCredentials() + * Let wbinfo use libwbclient where possible. + * Let net use only libwbclient to access winbindd. + * Make socket wrapper pcap support more portable. + * Some libreplace backports from v4-0-test. + * Store the write time in the locking.tdb, + so that smbd passes the BASE-DELAYWRITE test. + * Run RAW-SEARCH and BASE-DELAYWRITE by 'make test'. + * Let each process use its own connection to ctdb + in cluster mode. + * Add a reinit_after_fork() helper function to correct + reinitialize the same things in all cases. + * Fix a chicken and egg problem with "include = registry". + + +o Karolin Seeger + * Fix usage message for "net idmap dump". o Andrew Tridgell - * Fix src len check in pull_usc2(). - - -o Jelmer Vernooij - * Put functions for generating SQL queries in pdb_sql.c - * Add pgSQL backend (based on patch by Hamish Friedlander) - * BUG 908: Fix -s option to smbcontrol. - * Add smbget utility - a wget-clone for the SMB/CIFS protocol. - * Fix for libnss_wins on IRIX platforms. - * Fix swatdir for --with-fhs. - - - -------------------------------------------------- - - ============================= - Release Notes for Samba 3.0.1 - December 15, 2003 - ============================= - -Some of the more common bugs in 3.0.0 addressed in the release -include: - - o Substitution problems with smb.conf variables. - o Errors in return codes which caused some applications - to fail to open files. - o General Protection Faults on Windows 2000/XP clients - using Samba point-n-print features. - o Several miscellaneous crash bugs. - o Access problems when enumerating group mappings are - stored in an LDAP Directory. - o Several common SWAT bugs when writing changes to - smb.conf. - o Internal inconsistencies when 'winbind use default - domain = yes' - - - -Changes since 3.0.0 ----------------------- - - Parameter Name Action - -------------- ------ - hide local users Removed - mangled map Deprecated - mangled stack Removed - passwd chat timeout New - - -commits -------- - -o Change the interface for init_unistr2 to not take a length - but a flags field. We were assuming that - 2*strlen(mb_string) == length of ucs2-le string. (bug 480). -o Allow d_printf() to handle strings with escaped quotation - marks since the msg file includes the escape character (bug 489). -o Fix bad html table row termination in SWAT wizard code (bug 413). -o Fix to parse the level-2 strings. -o Fix for "valid users = %S" in [homes]. Fix read/write - list as well. -o Change AC_CHECK_LIB_EXT to prepend libraries instead of append. - This is the same way AC_CHECK_LIB works (bug 508). -o Testparm output fixes for clarity. -o Fix broken wins hook functionality -- i18n bug (bug 528). -o Take care of condition where DOS and NT error codes must differ. -o Default to using only built-in charsets when a working iconv - implementation cannot be located. -o Wrap internals of sys_setgroups() so the sys_XX() call can - be done unconditionally (bug 550). -o Remove duplicate smbspool link on SWAT's front page (bug 541). -o Save and restore CFLAGS before/after AC_PROG_CC. Ensures that - --enable-debug=[yes|no] works correctly. -o Allow ^C to interrupt smbpasswd if using our getpass - (e.g. smbpasswd command). -o Support signing only on RPC's (bug 167). -o Correct bug that prevented Excel 2000 clients from opening - files marked as read-only. -o Portability fix bugs 546 - 549). -o Explicitly initialize the value of AR for vendor makes that don't - do this (e.g. HPUX 11). (bug 552). -o More i18n fixes for SWAT (bug 413). -o Change the cwd before the postexec script to ensure that a - umount will succeed. -o Correct double free that caused winbindd to crash when a DC - is rebooted (bug 437). -o Fix incorrect mode sum (bug 562). -o Canonicalize SMB_INFO_ALLOCATION in the same was as - SMB_FS_FULL_SIZE_INFORMATION (bug 564). -o Add script to generate *msg files. -o Add Dutch SWAT translation file. -o Make sure to call get_user_groups() with the full winbindd - name for a user if he/she has one (bug 406). -o Fix up error code returns from Samba4 tester. Ensure invalid - paths are validated the same way. -o Allow Samba3 to pass the Samba4 RAW-READ tests. -o Refuse to configure if --with-expsam=$BACKEND was used but no - libraries were found for $BACKEND. -o Move sysquotas autoconf tests to a separate file. -o Match W2K w.r.t. writelock and writeclose. Samba4 torture - tester -o Make sure that the files that contain the static_init_$subsystem; - macro get recompiled after configure by removing the object - files. -o Ensure canceling a blocking lock returns the correct error - message. -o Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value. -o Updated Japanese welcome file in SWAT. -o Fix to nt-time <-> unix-time functions reversible. -o Ensure that winbindd uses the the escaped DN when querying - an AD ldap server. -o Fix portability issues when compiling (bug 505, 550) -o Compile fix for tdbbackup when Samba needs to override - non-C99 compliant implementations of snprintf(). -o Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574). -o Make sure we break out of samsync loop on error. -o Ensure error code path doesn't free unmalloc()'d memory - (bug 628). -o Add configure test for krb5_keytab_entry keyblock vs key - member (bug 636). -o Fixed spinlocks. -o Modified testparm so that all output so all debug output goes - to stderr, and all file processing goes to stdout. -o Fix error return code for BUFFER_TOO_SMALL in smbcacls - and smbcquotas. -o Fix "NULL dest in safe_strcpy()" log message by ensuring that - we have a devmode before copying a string to the devicename. -o Support mapping REALM.COM\user to a local user account (without - running winbindd) for compatibility with 2.2.x release. -o Ensure we don't use mmap() on blacklisted systems. -o fixed a number of bugs and memory leaks in the AIX - winbindd shim -o Call initgroups() in SWAT before becomming the user so that - secondary group permissions can be used when writing to - smb.conf. -o Fix signing problems when reverse connecting back to a - client for printer notify -o Fix signing problems caused by a miss-sequence bug. -o Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata. - Fixes NEXUS tools running on Win9x clients (bug 64). -o Don't leave the domain field uninitialized in cli_lsa.c if some - SID could not be mapped. -o Fix segfault in mount.cifs helper when there is no options - specified during mount. -o Change the \n after the password prompt to go to tty instead - of stdout (bug 668). -o Stop net -P from prompting for machine account password (bug 451). -o Change in behavior to Not only change the effective uid but also - the real uid when becoming unprivileged. -o Cope with Exchange 5.5 cleartext pop password auth. -o New files for support of initshutdown pipe. Win2k doesn't - respond properly to all requests on the winreg pipe, so we need - to handle this new pipe (bug 534). -o Added more va_copy() checks in configure.in. -o Include fixes for libsmbclient build problems. -o Missing UNIX -> DOS codepage conversion in lanman.c. -o Allow DFMS-S filenames can now have arbitrary case (bug 667). -o Parameterize the listen backlog in smbd and make it larger by - default. A backlog of 5 is way too small these days. -o Check for an invalid fid before dereferencing the fsp pointer - (bug 696). -o Remove invalid memory frees and return codes in pdb_ldap.c. -o Prompt for password when invoking --set-auth-user and no - password is given. -o Bind the nmbd sending socket to the 'socket address'. -o Re-order link command for smbd, rpcclient and smbpasswd to ensure - $LDFLAGS occurs before any library specification (bug 661). -o Fix large number of printf() calls for 64-bit size_t. -o Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the - keyblock in the krb5 structs. -o Remove #include in hopes to avoid problems with - apache header files. -o Correct winbindd build problems on HP-UX 11. -o Lowercase netgroups lookups (bug 703). -o Use the actual size of the buffer in strftime instead of a made - up value which just happens to be less than sizeof(fstring). - (bug 713). -o Add ldaplibs to pdbedit link line (bug 651). -o Fix crash bug in smbclient completion (bug 659). -o Fix packet length for browse list reply (bug 771). -o Fix coredump in cli_get_backup_list(). -o Make sure that we expand %N (bug 612). -o Allow rpcclient adddriver command to specify printer driver - version (bug 514). -o Compile tdbdump by default. -o Apply patches to fix iconv detection for FreeBSD. -o Do not allow the 'guest account' to be added to a passdb backend - using smbpasswd or pdbedit (bug 624). -o Save LDFLAGS during iconv detection (bug 57). -o Run krb5 logins through the username map if the winbindd - lookup fails (bug 698). -o Add const for lp_set_name_resolve_order() to avoid compiler - warnings (bug 471). -o Add support for the %i macro in smb.conf to stand in for the for - the local IP address to which a client connected. -o Allow winbindd to match local accounts to domain SID when - 'winbind trusted domains only = yes' (bug 680). -o Remove code in idmap_ldap that searches the user suffix and group - suffix. It's not needed and provides inconsistent functionality - from the tdb backend. -o Patch to handle munged dial string for Windows 2000 TSE. - Thanks to Gaz de France, Direction de la Recherche, Service - Informatique Métier for their supporting this work by Aurelien - Degrémont . -o Correct the "smbldap_open: cannot access when not root error" - messages when looking up group information (bug 281). -o Skip over the winbind separator when looking up a user. - This fixes the bug that prevented local users from - matching an AD user when not running winbindd (bug 698). -o Fix a problem with configure on *BSD systems. Make sure - we add -liconv etc to LDFLAGS. -o Fix core dump bug when "security = server" and the authentication - server goes away. -o Correct crash bug due to an empty munged dial string. -o Show files locked by a specific user (smbstatus -u 'user') - (bug 590). -o Fix bug preventing print jobs from display in the queue - monitor used by Windows NT and later clients (bug 660). -o Fix several reported problems with point-n-print from - Windows 2000/XP clients due to a bug in the EnumPrinterDataEx() - reply (bug 338, 527 & 643). -o Fix a handful of potential memory leaks in the LDAP code used - by ldapsam[_compat] and the LDAP idmap backend. -o Fix for pdbedit error code returns (bug 763). -o Make sure we only enumerate group mapping entries (not - /etc/group) even when doing local aliases. -o Relax check on the pipe name in a dce/rpc bind response to work - around issues with establishing trusts to a Windows 2003 domain. -o Ensure we mangle names ending in '.' in hash2 mangling method. -o Correct parsing issues with munged dial string. -o Fix bugs in quota support for XFS. -o Add a cleaner method for applications that need to provide - name->SID mappings to do this via NSS rather than having to - know the winbindd pipe protocol. -o Adds a variant of the winbindd_getgroups() call called - winbindd_getusersids() that provides direct SID->SIDs listing of - a users supplementary groups. This is enough to allow non-Samba - applications to do ACL checking. -o Make sure we don't append the 'ldap suffix' when writing out the - 'ldap XXX suffix' values in SWAT (bug 328). -o Fix renames across file systems. -o Ensure that items in a list of strings containing whitespace are - written out surrounded by single quotes. This means that both - double and single quotes are now used to surround strings in - smb.conf (bug 481). -o Enable SWAT to correctly determine if winbindd is running (bug - 398). -o Include WWW-Authenticate field in 401 response for bad auth - attempt (bug 629). -o Add support for NTLM2 (NTLMv2 session security). -o Add support for variable-length session keys. -o More privilege fixes for group enumeration in LDAP (bug 281). -o Use the dns name (or IP) as the originating client name when - using CUPS (bug 467). -o Fix various SMB signing bugs. -o Fix ACL propagation on a DFS root (bug 263). -o Disable NTLM2 for RPC pipes. -o Allow the client to specify the NTLM2 flags got NTLMSSP - authentication. -o Change the name of the job passed off to cups from "Test Page" - to "smbprn.00000033 Test Page" so that we can get the smb - jobid back. This allow users to delete jobs with cups printing - backend (partial work on bug 770). -o Fix build of winbindd with static pdb modules. -o Retrieve the correct ACL group bits if the file has an ACL - (bug 802). -o Implement "net rpc group members": Get members of a domain group - in human-readable format. -o Add MacOSX (Darwin) specific charset module code. -o Use samr_dispinfo(level == 1) for enumerating domain users so we - can include the full name in gecos field (bug 587). -o Add support for winbind's NSS library on FeeeBSD 5.1 (bug 797). -o Implement 'net rpc group list [global|local|builtin]*' for a - select listing of the respective user databases. -o Don't automatically set NT status code flag unless client tells - us it can cope. -o Add 'net status [sessions|shares] [parseable]'. -o Don't mistake pre-existing UNIX jobs for smb jobs (remainder of - bug 770). -o Add 'Replicator' and 'RAS Servers' to list of builtin SIDs - (bug 608). -o Fix inverted logic in hosts allow/deny checks caused by - s/strcmp/strequal/ (bug 846). -o Implement correct version SamrRemoveSidForeignDomain() (bug 252). -o Fix typo in 'hash' mangling algorithm. -o Support munged dial for ldapsam (bug 800). -o Fix process_incoming_data() to return the number of bytes handled - this call whether we have a complete PDU or not; fixes bug - with multiple PDU request rpc's broken over SMBwriteX calls - each. -o Fix incorrect smb flags2 for connections to pre-NT servers - (causes smbclient to fail to OS2 for example) (bug 821). -o Update version string in smbldap-tools Makefile to 0.8.2. -o Correct a problem with "net rpc vampire" mis-parsing the - alias member info reply. -o Ensure the ${libdir} is created by the installclientlib script. -o Fix detection of Windows 2003 client architecture in the smb.conf - %a variable. -o Ensure that smbd calls the add user script for a missing UNIX - user on kerberos auth call (bug 445). -o Fix bugs in hosts allow/deny when using a mismatched - network/netmask pair. -o Protect alloc_sub_basic() from crashing when the source string - is NULL (partial work on bug 687). -o Fix spinlocks on IRIX. -o Corrected some bad destination paths when running "configure - --with-fhs". -o Add packaging files for Fedora Core 1. -o Correct bug in SWAT install script for non-english languages. -o Support character set ISO-8859-1 internally (bug 558). -o Fixed more LDAP access errors when looking up group mappings - (bug 281). -o Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID - resolution to fail on local files on on domain members - (bug 875). -o Fix uninitialized variable in passdb.c. -o Fix formal parameter type in get_static() in nsswitch/wins.c. -o Fix problem mounting directories when mount.cifs is installed - with the setuid bit on. -o Fix bug that prevent --mandir from overriding the defaults - given in the --with-fhs macro. -o Fix bug in in-memory Kerberos keytab detection routines - in configure.in - - - -###################################################################### - - The original 3.0.0 release notes follow - ======================================= - WHATS NEW IN Samba 3.0.0 - September 24, 2003 - ======================================= - - -Major new features: -------------------- + * Suppress superfluous message. + + +o Marc VanHeyningen + * Coverity fixes. + + +Changes since 3.2.0pre1: +----------------------- + +o Michael Adam + * Add library for access to the registry configuration data. + * BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. + * BUG 4308: Fix Excel save operation ACL bug. + * Refactor and consolidate logic for retrieving the machine + trust password information. + * VFS API cleanup (remove redundant parameter). + * BUG 4801: Correctly implement LSA lookup levels for LookupNames. + * Add new option "debug class" to control printing of the debug class. + in debug headers. + * Enable building of the zfsacl and notify_fam vfs modules. + * BUG 5083: Fix memleak in solarisacl module. + * BUG 5063: Fix build on RHEL5. + * New smb.conf parameter "config backend = registry" to enable registry + only configuration. + * Move "net conf" functionality into a separate module libnet_conf.c + * Restructure registry code, eliminating the dynamic overlay. + Make use of reg_api instead of backend code in most places. + * Add support for intercepting LDAP libraries' debug output and print + it in Samba's debugging system. + * Libreplace fixes. + * Build fixes. + * Initial support for using subsystems as shared libraries. + Use talloc, tdb, and libnetapi as shared libraries internally. -1) Active Directory support. Samba 3.0 is now able to - join a ADS realm as a member server and authenticate - users using LDAP/Kerberos. -2) Unicode support. Samba will now negotiate UNICODE on the wire - and internally there is now a much better infrastructure for - multi-byte and UNICODE character sets. - -3) New authentication system. The internal authentication system - has been almost completely rewritten. Most of the changes are - internal, but the new auth system is also very configurable. +o Jeremy Allison + * Added support for IPv6 client and server connections. + * Add in the recvfile entry to the VFS layer. + * Removal of pstring data type. + * Remove unused utilities: smbctool and rpctorture. + * Fix service principal detection to match Windows Vista + (based on work from Andreas Schneider). + * Encrypted SMB transport in client tools and libraries, and server. -4) New default filename mangling system. -5) A new "net" command has been added. It is somewhat similar to - the "net" command in windows. Eventually we plan to replace - numerous other utilities (such as smbpasswd) with subcommands - in "net". +o Kai Blin + * Added support for an SMB_CONF_PATH environment variable + containing the path to smb.conf. + * Various fixes to ntlm_auth. + * make test now supports more extensive SPOOLSS testing using vlp. + * Correctly handle mixed-case hostnames in NTLMv2 authentication. -6) Samba now negotiates NT-style status32 codes on the wire. This - improves error handling a lot. -7) Better Windows 2000/XP/2003 printing support including publishing - printer attributes in active directory. +o Gerald (Jerry) Carter + * Add Winbind client library. + * Decouple static linking between smbd and winbindd's client + interface. + + +o Guenther Deschner + * Enhance client and server remote registry access. + * Add client calls for remotely joining a computer to a domain + (including calls from "net dom" command). + * Add libnetapi.so library for joining domains including + sample GTK+ app. + * Fixes for Vista SP1 Kerberos authdata handling to only pickup + the PAC. + * Various error code and error message fixes. + * Add initial draft of libnetconf to allow programmatic + configuration changes. + * Add libnet_join internal library for programmatically joining + and unjoining Domains. + * Add various fixes and new calls to libnetapi.so library. + * Various fixes for DsGetDcName and conversion to IDL based + structures. + * Fixes for pidl to correctly generate WERROR based client calls. + * Fixes for pidl to generate output that complies to coding + conventions. + * Various IDL fixes. + * Add ads_get_joinable_ous() to libads to get list of joinable ous. + * Add get_logon_hours_from_pdb() to comply with new IDL based + structures. + * Add debugging capabilities to dump AD connections to libads + (using ndr_print). + * Add "dump-domain-list" command for smbcontrol to retrieve better + debugging information out of winbindd. + * Migration of the entire client and server DCE/RPC code to IDL + based structures and autogenerated code for DSSETUP, LSA, SAMR + and NETLOGON. + * Started migration of client and server DCE/RPC code to IDL based + structures and autogenerated code for NTSSVC, SVCCTL and + EVENTLOG. + * Use IDL and autogenerated code for samlogoncache and Kerberos + PAC handling. + * Various fixes and cleanup of Kerberos PAC handling. + * Fix segfault in _srv_net_file_enum. + * Conversion of client join and unjoin code to libnet_join. + * Add remote join/unjoin server-side implementation. + * Removed a lot of code which has become obsolete. + + +o Steve Langasek + * Integrate 2 out of 3 --with-fhs patches from Debian packaging + for better adherence to the FHS standard. -8) New loadable module support for passdb backends and character - sets. -9) New default dual-daemon winbindd support for better performance. +o Volker Lendecke + * Add talloc_stackframe() and talloc_pool() features. + * Removal of pstring data type. + * Add generic a in-memory cache. + * Import the Linux red-black tree implementation. + * Remove large amount of global variables. + * Support for storing xattrs in tdb files. + * Support for storing alternate data streams in xattrs. + * Implement a generic in-memory cache based on rb-trees. + * Add implicit temporary talloc contexts via talloc_stack(). + * Speed up the smbclient "get" command + * Add the aio_fork module + * Fix bug 4901 + +o Derrell Lipman + * Modified libsmbclient API for more easily maintaining ABI compatibility + while adding new features to libsmbclient. -10) Support for migrating from a Windows NT 4.0 domain to a Samba - domain and maintaining user, group and domain SIDs. +o Stefan Metzmacher + * Refactor Winbind internal parent-child interface tables + to achieve better unit testing support. + * Add nss_wrapper API for local Winbind unit tests. + * Networking fixes to the libreplace library. + * Pidl fixes. + * Remove unused Winbind pipe calls. + * Build fixes. + * Fix for a crash bug in pidl generated client code. + This could have happend with [in,out,unique] pointers + when the client sends a valid pointer, but the server + responds with a NULL pointer (as samba-3.0.26a does for some calls). + * Change NTSTATUS into enum ndr_err_code in librpc/ndr. + * Remove unused calls in the struct based winbindd protocol. + * Add --configfile option to wbinfo. + * Convert winbind_env_set(), winbind_on() and winbind_off() into macros. + * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode. + * Implement wbcErrorString() and wbcAuthenticateUserEx(). + * Convert auth_winbind to use wbcAuthenticateUserEx(). -11) Support for establishing trust relationships with Windows NT 4.0 - domain controllers. - -12) Initial support for a distributed Winbind architecture using - an LDAP directory for storing SID to uid/gid mappings. - -13) Major updates to the Samba documentation tree. -14) Full support for client and server SMB signing to ensure - compatibility with default Windows 2003 security settings. +o James Peach + * Add support for DNS Service Discovery. Based on work from + Rishi Srivatsavai . -15) Improvement of ACL mapping features based on code donated by - Andreas Grünbacher. +o Andreas Schneider + * Don't restart winbind if a corrupted tdb is found during + initialization. + * Fix Windows 2008 (Longhorn) join. + * Fix crashbug in winbindd. + * Add share parameter "administrative share". -Plus lots of other improvements! +o Karolin Seeger + * Improve error messages of net subcommands. + * Add 'net rap file user'. + * Change LDAP search filter to find machine accounts which + are not located in the user suffix. + * Remove smbmount. -Additional Documentation ------------------------- -Please refer to Samba documentation tree (included in the docs/ -subdirectory) for extensive explanations of installing, configuring -and maintaining Samba 3.0 servers and clients. It is advised to -begin with the Samba-HOWTO-Collection for overviews and specific -tasks (the current book is up to approximately 400 pages) and to -refer to the various man pages for information on individual options. +o David Shaw + * BUG 5073: Allow "delete readonly = yes" to correctly override + deletion of a file. -We are very glad to be able to include the second edition of -"Using Samba" by Jay Ts, Robert Eckstein, and David Collier-Brown -(O'Reilly & Associates) in this release. The book is available -on-line at http://samba.org/samba/docs/ and is included with -the Samba Web Administration Tool (SWAT). Thanks to the authors and -publisher for making "Using Samba" under the GNU Free Documentation -License. +o Rishi Srivatsavai + * Register the smb service with mDNS if mDNS is supported. + * Add smbclient support for basic mDNS browsing. -###################################################################### -Upgrading from a previous Samba 3.0 beta -######################################## - -Beginning with Samba 3.0.0beta3, the RID allocation functions -have been moved into winbindd. Previously these were handled -by each passdb backend. This means that winbindd must be running -to automatically allocate RIDs for users and/or groups. Otherwise, -smbd will use the 2.2 algorithm for generating new RIDs. - -If you are using 'passdb backend = tdbsam' with a previous Samba -3.0 beta release (or possibly alpha), it may be necessary to -move the RID_COUNTER entry from /usr/local/samba/private/passdb.tdb -to winbindd_idmap.tdb. To do this: - -1) Ensure that winbindd_idmap.tdb exists (launch winbindd at least - once) -2) build tdbtool by executing 'make tdbtool' in the source/tdb/ - directory -3) run: (note that 'tdb>' is the tool's prompt for input) - - root# ./tdbtool /usr/local/samba/private/passdb.tdb - tdb> show RID_COUNTER - key 12 bytes - RID_COUNTER - data 4 bytes - [000] 0A 52 00 00 .R. - - tdb> move RID_COUNTER /usr/local/samba/var/locks/winbindd_idmap.tdb - .... - record moved - -If you are using 'passdb backend = ldapsam', it will be necessary to -store idmap entries in the LDAP directory as well (i.e. idmap backend -= ldap). Refer to the 'net idmap' command for more information on -migrating SID<->UNIX id mappings from one backend to another. - -If the RID_COUNTER record does not exist, then these instructions are -unneccessary and the new RID_COUNTER record will be correctly generated -if needed. - - - -######################## -Upgrading from Samba 2.2 -######################## - -This section is provided to help administrators understand the details -involved with upgrading a Samba 2.2 server to Samba 3.0. - - -Building --------- - -Many of the options to the GNU autoconf script have been modified -in the 3.0 release. The most noticeable are: - - * removal of --with-tdbsam (is now included by default; see section - on passdb backends and authentication for more details) - - * --with-ldapsam is now on used to provided backward compatible - parameters for LDAP enabled Samba 2.2 servers. Refer to the passdb - backend and authentication section for more details - - * inclusion of non-standard passdb modules may be enabled using - --with-expsam. This includes an XML backend and a mysql backend. - - * removal of --with-msdfs (is now enabled by default) - - * removal of --with-ssl (no longer supported) - - * --with-utmp now defaults to 'yes' on supported systems - - * --with-sendfile-support is now enabled by default on supported - systems - - -Parameters ----------- - -This section contains a brief listing of changes to smb.conf options -in the 3.0.0 release. Please refer to the smb.conf(5) man page for -complete descriptions of new or modified parameters. - -Removed Parameters (order alphabetically): - - * admin log - * alternate permissions - * character set - * client codepage - * code page directory - * coding system - * domain admin group - * domain guest group - * force unknown acl user - * hide local users - * mangled stack - * nt smb support - * postscript - * printer driver - * printer driver file - * printer driver location - * read size - * source environment - * status - * strip dot - * total print jobs - * use rhosts - * valid chars - * vfs options - -New Parameters (new parameters have been grouped by function): - - Remote management - ----------------- - * abort shutdown script - * shutdown script - - User and Group Account Management - --------------------------------- - * add group script - * add machine script - * add user to group script - * algorithmic rid base - * delete group script - * delete user from group script - * passdb backend - * set primary group script - - Authentication - -------------- - * auth methods - * realm - * passwd chat timeout - - Protocol Options - ---------------- - * client lanman auth - * client NTLMv2 auth - * client schannel - * client signing - * client use spnego - * disable netbios - * ntlm auth - * paranoid server security - * server schannel - * server signing - * smb ports - * use spnego - - File Service - ------------ - * get quota command - * hide special files - * hide unwriteable files - * hostname lookups - * kernel change notify - * mangle prefix - * map acl inherit - * msdfs proxy - * set quota command - * use sendfile - * vfs objects - - Printing - -------- - * max reported print jobs - - UNICODE and Character Sets - -------------------------- - * display charset - * dos charset - * unicode - * unix charset - - SID to uid/gid Mappings - ----------------------- - * idmap backend - * idmap gid - * idmap uid - * winbind enable local accounts - * winbind trusted domains only - * template primary group - * enable rid algorithm - - LDAP - ---- - * ldap delete dn - * ldap group suffix - * ldap idmap suffix - * ldap machine suffix - * ldap passwd sync - * ldap replication sleep - * ldap user suffix - - General Configuration - --------------------- - * preload modules - * private dir - -Modified Parameters (changes in behavior): - - * encrypt passwords (enabled by default) - * mangling method (set to 'hash2' by default) - * passwd chat - * passwd program - * restrict anonymous (integer value) - * security (new 'ads' value) - * strict locking (enabled by default) - * unix extensions (enabled by default) - * winbind cache time (increased to 5 minutes) - * winbind uid (deprecated in favor of 'idmap uid') - * winbind gid (deprecated in favor of 'idmap gid') - - -Databases ---------- - -This section contains brief descriptions of any new databases -introduced in Samba 3.0. Please remember to backup your existing -${lock directory}/*tdb before upgrading to Samba 3.0. Samba will -upgrade databases as they are opened (if necessary), but downgrading -from 3.0 to 2.2 is an unsupported path. - -Name Description Backup? ----- ----------- ------- -account_policy User policy settings yes -gencache Generic caching db no -group_mapping Mapping table from Windows yes - groups/SID to unix groups -winbindd_idmap ID map table from SIDS to UNIX yes - uids/gids. -namecache Name resolution cache entries no -netsamlogon_cache Cache of NET_USER_INFO_3 structure no - returned as part of a successful - net_sam_logon request -printing/*.tdb Cached output from 'lpq no - command' created on a per print - service basis -registry Read-only samba registry skeleton no - that provides support for exporting - various db tables via the winreg RPCs - - -Changes in Behavior -------------------- - -The following issues are known changes in behavior between Samba 2.2 and -Samba 3.0 that may affect certain installations of Samba. - - 1) When operating as a member of a Windows domain, Samba 2.2 would - map any users authenticated by the remote DC to the 'guest account' - if a uid could not be obtained via the getpwnam() call. Samba 3.0 - rejects the connection as NT_STATUS_LOGON_FAILURE. There is no - current work around to re-establish the 2.2 behavior. - - 2) When adding machines to a Samba 2.2 controlled domain, the - 'add user script' was used to create the UNIX identity of the - machine trust account. Samba 3.0 introduces a new 'add machine - script' that must be specified for this purpose. Samba 3.0 will - not fall back to using the 'add user script' in the absence of - an 'add machine script' - -###################################################################### -Passdb Backends and Authentication -################################## - -There have been a few new changes that Samba administrators should be -aware of when moving to Samba 3.0. - - 1) encrypted passwords have been enabled by default in order to - inter-operate better with out-of-the-box Windows client - installations. This does mean that either (a) a samba account - must be created for each user, or (b) 'encrypt passwords = no' - must be explicitly defined in smb.conf. - - 2) Inclusion of new 'security = ads' option for integration - with an Active Directory domain using the native Windows - Kerberos 5 and LDAP protocols. - - MIT kerberos 1.3.1 supports the ARCFOUR-HMAC-MD5 encryption - type which is neccessary for servers on which the - administrator password has not been changed, or kerberos-enabled - SMB connections to servers that require Kerberos SMB signing. - Besides this one difference, either MIT or Heimdal Kerberos - distributions are usable by Samba 3.0. - - -Samba 3.0 also includes the possibility of setting up chains -of authentication methods (auth methods) and account storage -backends (passdb backend). Please refer to the smb.conf(5) -man page for details. While both parameters assume sane default -values, it is likely that you will need to understand what the -values actually mean in order to ensure Samba operates correctly. - -The recommended passdb backends at this time are - - * smbpasswd - 2.2 compatible flat file format - * tdbsam - attribute rich database intended as an smbpasswd - replacement for stand alone servers - * ldapsam - attribute rich account storage and retrieval - backend utilizing an LDAP directory. - * ldapsam_compat - a 2.2 backward compatible LDAP account - backend - -Certain functions of the smbpasswd(8) tool have been split between the -new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8) -utility. See the respective man pages for details. - - -###################################################################### -LDAP -#### - -This section outlines the new features affecting Samba / LDAP -integration. - -New Schema ----------- - -A new object class (sambaSamAccount) has been introduced to replace -the old sambaAccount. This change aids us in the renaming of -attributes to prevent clashes with attributes from other vendors. -There is a conversion script (examples/LDAP/convertSambaAccount) to -modify and LDIF file to the new schema. - -Example: - - $ ldapsearch .... -b "ou=people,dc=..." > sambaAcct.ldif - $ convertSambaAccount --sid= \ - --input=sambaAcct.ldif --output=sambaSamAcct.ldif \ - --changetype=[modify|add] - -The can be obtained by running 'net getlocalsid -' on the Samba PDC as root. The changetype determines -the format of the generated LDIF output--either create new entries -or modify existing entries. - -The old sambaAccount schema may still be used by specifying the -"ldapsam_compat" passdb backend. However, the sambaAccount and -associated attributes have been moved to the historical section of -the schema file and must be uncommented before use if needed. -The 2.2 object class declaration for a sambaAccount has not changed -in the 3.0 samba.schema file. - -Other new object classes and their uses include: - - * sambaDomain - domain information used to allocate rids - for users and groups as necessary. The attributes are added - in 'ldap suffix' directory entry automatically if - an idmap uid/gid range has been set and the 'ldapsam' - passdb backend has been selected. - - * sambaGroupMapping - an object representing the - relationship between a posixGroup and a Windows - group/SID. These entries are stored in the 'ldap - group suffix' and managed by the 'net groupmap' command. - - * sambaUnixIdPool - created in the 'ldap idmap suffix' entry - automatically and contains the next available 'idmap uid' and - 'idmap gid' - - * sambaIdmapEntry - object storing a mapping between a - SID and a UNIX uid/gid. These objects are created by the - idmap_ldap module as needed. - - * sambaSidEntry - object representing a SID alone, as a Structural - class on which to build the sambaIdmapEntry. - - -New Suffix for Searching ------------------------- - -The following new smb.conf parameters have been added to aid in directing -certain LDAP queries when 'passdb backend = ldapsam://...' has been -specified. - - * ldap suffix - used to search for user and computer accounts - * ldap user suffix - used to store user accounts - * ldap machine suffix - used to store machine trust accounts - * ldap group suffix - location of posixGroup/sambaGroupMapping entries - * ldap idmap suffix - location of sambaIdmapEntry objects - -If an 'ldap suffix' is defined, it will be appended to all of the -remaining sub-suffix parameters. In this case, the order of the suffix -listings in smb.conf is important. Always place the 'ldap suffix' first -in the list. - -Due to a limitation in Samba's smb.conf parsing, you should not surround -the DN's with quotation marks. - - -IdMap LDAP support ------------------- - -Samba 3.0 supports an ldap backend for the idmap subsystem. The -following options would inform Samba that the idmap table should be -stored on the directory server onterose in the "ou=idmap,dc=plainjoe, -dc=org" partition. - - [global] - ... - idmap backend = ldap:ldap://onterose/ - ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org - idmap uid = 40000-50000 - idmap gid = 40000-50000 - -This configuration allows winbind installations on multiple servers to -share a uid/gid number space, thus avoiding the interoperability problems -with NFS that were present in Samba 2.2. - +o Andrew Tridgell + * Fix padding between Winbind 32bit/64bit client library in + the request/response structures. + * Added a syncops VFS module for file systems which do not + guarantee meta-data operations are immediately committed to + disk in stable form. -###################################################################### -Trust Relationships and a Samba Domain -###################################### +o Jelmer Vernooij + * Additional portability support for building shared libraries. -Samba 3.0.0beta2 is able to utilize winbindd as the means of -allocating uids and gids to trusted users and groups. More -information regarding Samba's support for establishing trust -relationships can be found in the Samba-HOWTO-Collection included -in the docs/ directory of this release. -First create your Samba PDC and ensure that everything is -working correctly before moving on the trusts. +o Corinna Vinschen + * Get Samba version or capability information from Windows user space. -To establish Samba as the trusting domain (named SAMBA) from a Windows NT -4.0 domain named WINDOWS: - 1) create the trust account for SAMBA in "User Manager for Domains" - 2) connect the trust from the Samba domain using - 'net rpc trustdom establish GLASS' +Original 3.2.0pre1 commits: +--------------------------- +o Michael Adam + * Unified POSIX ACL detection including support for FreeBSD and + HP-UX. + * Performance improvements for Winbind's lookup functions (names, + SIDs, and group membership) when joined to an AD domain. + * Winbind cache validation support. + * Store domain trust passwords for Samba domain controller's in + the domain's passdb backend. + * Merged \winreg server code from the SAMBA_3_2 development branch. + * Fixes for libreplace. + * Implement new registry configuration backend. -To create a trustlationship with SAMBA as the trusted domain: - 1) create the initial trust account for GLASS using - 'smbpasswd -a -i GLASS'. You may need to create a UNIX - account for GLASS$ prior to this step (depending on your - local configuration). - 2) connect the trust from a WINDOWS DC using "User Manager - for Domains" +o Jeremy Allison + * Add support for file system objectIDs. + * Winbind cache validation support. + * Add in the UNIX capability for 24-bit readX. + * Improve Delete-on-Close semantics. + * Removal of static file and path name buffers in SMB file serving + code. -Now join winbindd on the Samba PDC to the SAMBA domain using -the normal steps for adding a Samba server to an NT4 domain: -(note that smbd & nmbd must be running at this point) - root# net rpc join -U root - Password: +o Danilo Almeida + * Move the machine account to the OU specified when running "net + ads join". -Start winbindd and test the join with 'wbinfo -t'. -Now test the trust relationship by connecting to the SAMBA DC -(e.g. POGO) as a user from the WINDOWS domain: +o Andrew Bartlett + * Tighten authentication protocol defaults in client tools and + servers. - $ smbclient //pogo/netlogon -U Administrator -W WINDOWS - Password: -Now connect to the WINDOWS DC (e.g. CRYSTAL) as a Samba user: +o Gerald (Jerry) Carter + * Implement support for one-way trusts and two-way cross-forest + transitive trust in winbindd. + * Fixes for Winbind's offline/disconnected logon support when + using remote idmap backends. + * Fix LookupNames and LookupSids to use the same resolution + heuristics as Windows XP. + * Fix lockups in Winbind when running nscd. + * UPN logon support in pam_winbind. + * Add support for GNU linker scripts when build shared libraries + (based on work by Julien Cristau and James + Peach). + + +o Guenther Deschner + * Additional support for decoding and downloading group policy + objects from Active Directory. + * Improvements to "net ads keytab" command. + * Fixes for linking against Heimdal Kerberos client libs. + * Support LDAP range retrieval searches. + * Fixes for failure to refresh user ticket caches in Winbind. + * UPN logon support in pam_winbind. + * Add KDC locator plugin for MIT kerberos 1.6 or later. + + +o Steve Langasek + * Allow SIGTERM to cause nmbd to exit while awaiting a interface + to come up. - $ smbclient //crystal/netlogon -U root -W WINDOWS - Password: -###################################################################### -Changes in Winbind -################## +o Volker Lendecke + * Merge experimental cluster support patches from the ctdb branch. + * Add tdb storage abstraction for ctdb. + * Use IDL for internal message passing system. + * Add client support for the SamLogonEx() authentication request. + * Implement RPC proxy stubs in the Samba server code to allow + replacing implementation functions one by one. + * Remove static incoming and outgoing buffers from core server SMB + packet processing code. + * Add "net sam rights" command. -Beginning with Samba3.0.0beta3, winbindd has been given new account -manage functionality equivalent to the 'add user script' family of -smb.conf parameters. The idmap design has also been changed to -centralize control of foreign SID lookups and matching to UNIX -uids and gids. +o Steve French + * Fixes for mount.cifs Linux utility. -Brief Description of Changes ----------------------------- -1) The sid_to_uid() family of functions (smbd/uid.c) have been - reverted to the 2.2.x design. This means that when resolving a - SID to a UID or similar mapping: +o Stefan Metzmacher + * Fixes for libreplace. + * Add support for LDAP digital signing policy. + * Experimental clustered file system support. - a) First consult winbindd - b) perform a local lookup only if winbindd fails to - return a successful answer - There are some variations to this, but these two rules generally - apply. +o Lars Mueller + * Makefile and build fixes. + * Add pam_pwd_expire for pam_winbind (original patch from Andreas + Schneider). -2) All idmap lookups have been moved into winbindd. This means that - a server must run winbindd (and support NSS) in order to achieve - any mappings of SID to dynamically allocated UNIX ids. This was - a conscious design choice. -3) New functions have been added to winbindd to emulate the 'add user - script' family of smbd functions without requiring that external - scripts be defined. This functionality is controlled by the 'winbind - enable local accounts' smb.conf parameter (enabled by default). +o James Peach + * Fixes for setgroups() and *BSD and Darwin. + * Support membership of >16 groups on Darwin. - However, this account management functionality is only supported - in a local tdb (winbindd_idmap.tdb). If these new UNIX accounts - must be shared among multiple Samba servers (such as a PDC and BDCs), - it will be necessary to define your own 'add user script', et. al. - programs that place the accounts/groups in some form of directory - such as NIS or LDAP. This requirement was deemed beyond the scope - of winbind's account management functions. Solutions for - distributing UNIX system information have been deployed and tested - for many years. We saw no need to reinvent the wheel. -4) A member of a Samba controlled domain running winbindd is now able - to map domain users directly onto existing UNIX accounts while still - automatically creating accounts for trusted users and groups. This - behavior is controlled by the 'winbind trusted domains only' smb.conf - parameter (disabled by default to provide 2.2.x winbind behavior). +o Jiri Sasek + * Added vfs_zfsacl module. -5) Group mapping support is wrapped in the local_XX_to_XX() functions - in smbd/uid.c. The reason that group mappings are not included - in winbindd is because the purpose of Samba's group map is to - match any Windows SID with an existing UNIX group. These UNIX - groups can be created by winbindd (see next section), but the - SID<->gid mapping is retreived by smbd, not winbindd. +o Karolin Seeger + * Add deletelocalgroup and unmapunixgroup subcommand to "net sam". + * Cleanup internal passdb functions. -Examples --------- -* security = server running winbindd to allocate accounts on demand +o Simo Sorce + * Fixes for IDmap and Passdb backends. -* Samba PDC running winbindd to handle the automatic creation of UNIX - identities for machine trust accounts -* Automtically creating UNIX user and groups when migrating a Windows NT - 4.0 PDC to a Samba PDC. Winbindd must be running when executing - 'net rpc vampire' for this to work. +o Andrew Tridgell + * Port ldb from the Samba 4 tree and add ldb group mapping plugin. + * Move several file serving related tdb files to use the dbwrap + API internally. + * Cleanup the GPFS VFS plugin. + * Experimental clustered file system support. - -###################################################################### -Known Issues -############ -* There are several bugs currently logged against the 3.0 codebase - that affect the use of NT 4.0 GUI domain management tools when run - against a Samba 3.0 PDC. This bugs should be released in an early - 3.0.x release. +o Jelmer Vernooij + * Implement NDR basic to support utilizing IDL files from Samba 4 + tree for general DCE/RPC parsing stubs. -Please refer to https://bugzilla.samba.org/ for a current list of bugs -filed against the Samba 3.0 codebase. ###################################################################### @@ -1625,10 +683,13 @@ joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down -the problem then you will probably be ignored. +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.2 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + -A new bugzilla installation has been established to help support the -Samba 3.0 community of users. This server, located at -https://bugzilla.samba.org/, has replaced the older jitterbug server -previously located at http://bugs.samba.org/. +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +======================================================================