X-Git-Url: http://git.samba.org/?p=samba.git;a=blobdiff_plain;f=WHATSNEW.txt;h=4446832fd473a0b3a5fc493120a06540fae20f6f;hp=ab78957cca00b60ba59081340616424035eefec2;hb=de6b39d898d5fb3106d7ed80249be7f74f83caf6;hpb=3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ab78957cca0..4446832fd47 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,413 +1,378 @@ - WHATS NEW IN Samba 2.0.4b - ========================= + WHATS NEW IN Samba 3.0 alpha21 + 26th November 2002 + =============================== -This is the latest stable release of Samba. This is the -version that all production Samba servers should be running -for all current bug-fixes. +This is a pre-release of Samba 3.0. This is NOT a stable release. +Use at your own risk. -New/Changed parameters in 2.0.4 -------------------------------- +The purpose of this alpha release is to get wider testing of the major +new pieces of code in the current Samba 3.0 development tree. We have +officially ceased development on the 2.2.x release of Samba and are +concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 +release we need as many people as possible to start testing these alpha +releases, and hopefully giving us some high quality feedback on what needs +fixing. -There are 5 new parameters and one modified parameter in -the smb.conf file. +Note that Samba 3.0 is not feature complete yet. There is a more +coding we have planned, but unless we get what we have done already more +widely tested we will have a hard time doing a stable release in a +reasonable time frame. -allow trusted domains -restrict anonymous -mangle locks -oplock break wait time -oplock contention limit +Major new features: +------------------- -The new parameters are : +- Active Directory support. This release is able to join a ADS realm + as a member server and authenticate users using LDAP/kerberos. -allow trusted domains ---------------------- +- Unicode support. Samba will now negotiate UNICODE on the wire and + internally there is now a much better infrastructure for multi-byte + and UNICODE character sets. -This option is used in "security=domain" settings and allows -the Samba admin to restrict access to users within the domain -the the Samba server is in. +- New authentication system. The internal authentication system has + been almost completely rewritten. Most of the changes are internal, + but the new auth system is also very configurable. -restrict anonymous ------------------- - -This parameter allows the Samba admin to cause Samba to -refuse access to anonymous users. Use of this parameter -is only recommened for homogenous NT client environments. - -mangle locks ------------- - -This parameter was added to get around a bug in Windows NT -when dealing with Samba running on 32-bit systems (such -as Linux x86). This bug causes NT to send 64 bit locking -requests to 32-bit systems even though Samba correctly -tells the NT client not to do so. This option causes Samba -to map the lock requests from 64 bits to 32 bits on these -systems. - -oplock break wait time ----------------------- - -This tuning parameter, added to help with clients that don't -respond to oplock break requests, causes Samba to deley for -this number of milliseconds before sending an oplock break -request to a client that caused the break to be sent. The -default is 10ms. This is an advanced tuning parameter and -should not be changed lightly. - -oplock contention limit ------------------------ - -This tuning parameter causes Samba not to grant oplocks -when an smbd daemon notices that there have been this -many concurrent requests for an oplock on a file. This -prevents the "baton passing" oplock problem where many -clients accessing one file pass the oplock between themselves -like a baton. The default is 2. This is an advanced tuning -parameter and should not be changed lightly. - -The modified parameter is : - -nt acl support --------------- - -This is a global parameter that defaulted to False in -the previous release (2.0.3) and now defaults to True -as the RPC code has been added to Samba to allow it to -map UNIX permissions to NT ACLs. - -All of these new parameters and changes are documented in the -smb.conf man pages and html pages. - -Updated and New documentation ------------------------------ - -A new document describing the manipulation of UNIX permissions -via the Windows NT security dialogs and their interaction with -Samba 2.0.4 is provided as : - -docs/textdocs/NT_Security.txt -docs/htmldocs/NT_Security.html - -Changes in 2.0.4b ------------------ - -A bug with MS-Word 97 saving files with zero UNIX permissions -was fixed. Even though a workaround is available (set force -create mode = 644 on the share) Word is such an important -application that a point fix was neccessary. - -Changes in 2.0.4a ------------------ - -The text and html versions of NT_Security were missing from -the shipping tarball. Also a compile bug for platforms that -don't have usleep was fixed. - -Bugfixes added since 2.0.3 --------------------------- - -1). Fix for 8 character password problem when using HPUX and -plaintext passwords. -2). --with-pam option added to ./configure. -3). Client fixes for memory leak and display of 64 bit values. -4). Fixes for -E and -s option with smbclient. -5). smbclient now allows -L //server or -L \\server -6). smbtar fix for display of 64 bit values. -7). Endian independence added to DCE/RPC code. -8). DCE/RPC marshalling/unmarshalling code re-written to provide -overflow reporting and sign and seal support. -9). Bind NAK reply packet added to DCE/RPC code, used to correctly -refuse bind requests (prevents NT system event log messages). -10). Mapping of UNIX permissions into NT ACL's for get and set -added. -11). DCE/RPC enumeration of numbers of shares made dynamic. -Samba now has no limit on the number of exported shares seen. -12). Fix to speed up random number seed generation on /dev/urandom -being unavailable. -13). Several memory fixes added by running Purify on the code. -14). Read from client error messages improved. -15). Fixed endianness used in UNICODE strings. -16). Cope with ERRORmoredata in an RPC pipe client call. -17). Check for malformed responses in nmbd register name. -18). NT Encrypted password changing from the NT password dialog box -now fully implmented. -19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit -Samba platform. -20). Allow file to be pseudo-openend in order to read security only. -21). Improve filename mangling to reduce chance of collisions. -22). Added code to prevent granting of oplocks when a file is under -contention. -23). Added tunable wait time before sending an oplock break request -to a client if the client caused the break request. Helps with clients -not responding to oplock breaks. -24). Always respond negatively to queued local oplock break messages -before shutdown. This can prevent "freezes" on an oplock error. -25). Allow admin to restrict logons to correct domain when in domain -level security. -26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org) -to prevent parameter substitution problems with anonymous connections. -27). Fix SMBseek where seeking to a negative number sets the offset -to zero. -28). Fixed problem with mode getting corrupted in trans2 request -(setting to zero means please ignore it). -29). Correctly become the authenticated user on an authenticated -DCE/RPC pipe request. -30). Correctly reset debug level in nmbd if someone set it on the -command line. -31). Added more checking into testparm -32). NetBench simulator added to smbtorture by Andrew. -33). Fixed NIS+ option compile (was broken in 2.0.3). -34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt -(ejb@ql.org) - -Bugfixes added since 2.0.2 --------------------------- - -1). --with-ssl configure now include ssl include directory. Fix -from Richard Sharpe. -2). Patch for configure for glibc2.1 support (large files etc.). -3). Several bugfixes for smbclient tar mode from Bob Boehmer -(boehmer@worldnet.att.net) to fix smbclient aborting problems -when restoring tar files. -4). Some automount fixes for smbmount. -5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as -root. As no-one has given us root access to such a server this -cannot be tested fully, but should work. -6). Crash bug fix in debug code where *real* uid rather than -*effective* uid was being checked before attempting to rotate -log files. This fix should help a *lot* of people who were -reporting smbd aborting in the middle of a copy operation. -7). SIGALRM bugfix to ensure infinate file locks time out. -8). New code to implement NT ACL reporting for cacls.exe program. -9). UDP loopback socket rebind fix for Solaris. -10). Ensure all UNICODE strings are correctly in little-endian -format. -11). smbpasswd file locking fix. -12). Fixes for strncpy problems with glibc2.1. -13). Ensure smbd correctly reports major and minor version number -and server type when queried via NT rpc calls. -14). Bugfix for short mangled names not being pulled off the -mangled stack correctly. -15). Fix for mapping of rwx bits being incorrectly overwritten -when doing ATTRIB.EXE -16). Fix for returning multiple PDU packets in NT rpc code. Should -allow multiple shares to be returned correctly). -17). Improved mapping of NT open access requests into UNIX open -modes. -18). Fix for copying files from an NTFS volume that contain -multiple data forks. Added 'magic' error code NT needs. -19). Fixed crash bug when primary NT authentication server -is down, rolls over to secondaries correctly now. -20). Fixed timeout processing to be timer based. Now will -always occur even if smbd is under load. -21). Fixed signed/unsigned problem in quotas code. -22). Fixed bug where setting the password of a completely fresh -user would end up setting the account disabled flag. -23). Improved user logon messages to help admins having -trouble with user authentication. - -Bugfixes added since 2.0.1 --------------------------- - -Note that due to a critical signal handling bug in 2.0.1, -this release has been removed and replaced immediately with -2.0.2. The Samba Team would like to apologise for any problem -this may have caused. - -1). Fixed smbd looping on SIGCLD problem. This was - caused by a missing break statement in a critical - piece of code. - -Bugfixes added since 2.0.0 --------------------------- - -1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 -2). Autoconf changes to help HPUX configure correctly. -3). Autoconf changes to allow lock directory to be set. -4). Client fix to allow port to be set. -5). clitar fix to send debug messages to stderr. -6). smbmount race condition fix. -7). Fix for bug where trying to browse large numbers of shares - generated an error from an NT client. -8). Wrapper for setgroups for SunOS 4.x -9). Fix for directory deleting failing from multiuser NT. -10). Fix for crash bug if bitmap was full. -11). Fix for Linux genrand where /dev/random could cause - clients to timeout on connect if the entropy pool was - empty. -12). The default PASSWD_CHAT may now be overridden in local.h -13). HPUX printing fixes for default programs. -14). Reverted (erroneous) code in MACHINE.SID generation that - was setting the sid to 0x21 - should be *decimal* 21. -15). Fix for printing to remote machine under SVR4. -16). Fix for chgpasswd wait being interrupted with EINTR. -17). Fix for disk free routine. NT and Win98 now correctly - show greater than 2GB disks. -18). Fix for crash bug in stat cache statistics printing. -19). Fix for filenames ending in .~xx. -20). Fix for access check code wait being interrupted with EINTR. -21). Fix for password changes from "invalid password" to a valid - one setting the account disabled bit. -22). Fix for smbd crash bug in SMBreadraw cache prime code. -23). Fix for overly zealous lock range overflow reporting. -24). Fix for large disk disk free reporting (NT SMB code). -25). Fix for NT failing to truncate files correctly. -26). Fix for smbd crash bug with SMBcancel calls. -27). Additional -T flag to nmblookup to do reverse DNS on addresses. -28). SWAT fix to start/stop smbd/nmbd correctly. - -Major changes in Samba 2.0 --------------------------- - -This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file -and print server for Windows systems. - -There have been many changes in Samba since the last major release, -1.9.18. These have mainly been in the areas of performance and -SMB protocol correctness. In addition, a Web based GUI interface -for configuring Samba has been added. - -In addition, Samba has been re-written to help portability to -other POSIX-based systems, based on the GNU autoconf tool. - -There are many major changes in Samba for version 2.0. Here are -some of them: - -===================================================================== - -1). Speed ---------- - -Samba has been benchmarked on high-end UNIX hardware as out-performing -all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. -Many changes to the code to optimise high-end performance have been made. - -2). Correctness ---------------- - -Samba now supports the Windows NT specific SMB requests. This -means that on platforms that are capable Samba now presents a -64 bit view of the filesystem to Windows NT clients and is -capable of handling very large files. - -3). Portability ---------------- - -Samba is now self-configuring using GNU autoconf, removing -the need for people installing Samba to have to hand configure -Makefiles, as was needed in previous versions. - -You now configure Samba by running "./configure" then "make". See -docs/textdocs/UNIX_INSTALL.txt for details. - -4). Web based GUI configuration -------------------------------- - -Samba now comes with SWAT, a web based GUI config system. See -the swat man page for details on how to set it up. - -5). Cross protocol data integrity ---------------------------------- - -An open function interface has been defined to allow -"opportunistic locks" (oplocks for short) granted by Samba -to be seen by other UNIX processes. This allows complete -cross protocol (NFS and SMB) data integrety using Samba -with platforms that support this feature. - -6). Domain client capability ----------------------------- - -Samba is now capable of using a Windows NT PDC for user -authentication in exactly the same way that a Windows NT -workstation does, i.e. it can be a member of a Domain. See -docs/textdocs/DOMAIN_MEMBER.txt for details. +- new filename mangling system. The filename mangling system has been + completely rewritten. An internal database now stores mangling maps + persistently. This needs lots of testing. -7). Documentation Updates -------------------------- +- new "net" command. A new "net" command has been added. It is + somewhat similar to the "net" command in windows. Eventually we plan + to replace a bunch of other utilities (such as smbpasswd) with + subcommands in "net", at the moment only a few things are + implemented. -All the reference parts of the Samba documentation (the -manual pages) have been updated and converted to a document -format that allows automatic generation of HTML, SGML, and -text formats. These documents now ship as standard in HTML -and manpage format. +- Samba now negotiates NT-style status32 codes on the wire. This + improves error handling a lot. -===================================================================== +- better w2k printing support. The support for printing from win2000 + clients has improved greatly. -NOTE - Some important option defaults changed ---------------------------------------------- +Plus lots of other changes! -Several parameters have changed their default values. The most -important of these is that the default security mode is now user -level security rather than share level security. -This (incompatible) change was made to ease new Samba installs -as user level security is easier to use for Windows 95/98 and -Windows NT clients. +Reporting bugs & Development Discussion +--------------------------------------- -********IMPORTANT NOTE**************** +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.openprojects.net -If you have no "security=" line in the [global] section of -your current smb.conf and you update to Samba 2.0 you will -need to add the line : +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. -security=share -to get exactly the same behaviour with Samba 2.0 as you -did with previous versions of Samba. - -********END IMPORTANT NOTE************* - -In addition, Samba now defaults to case sensitivity options that -match a Windows NT server precisely, that is, case insensitive -but case preserving. - -The default format of the smbpasswd file has also been -changed for this release, although the new tools will read -and write the old format, for backwards compatibility. - -===================================================================== - -NOTE - Primary Domain Controller Functionality ----------------------------------------------- - -This version of Samba contains code that correctly implements -the undocumented Primary Domain Controller authentication -protocols. However, there is much more to being a Primary -Domain Controller than serving Windows NT logon requests. - -A useful version of a Primary Domain Controller contains -many remote procedure calls to do things like enumerate users, -groups, and security information, only some of which Samba currently -implements. In addition, there are outstanding (known) bugs with -using Samba as a PDC in this release that the Samba Team are actively -working on. For this reason we have chosen not to advertise and -actively support Primary Domain Controller functionality with this -release. - -This work is being done in the CVS (developer) versions of Samba, -development of which continues at a fast pace. If you are -interested in participating in or helping with this development -please join the Samba-NTDOM mailing list. Details on joining -are available at : - -http://samba.org/listproc/ - -Details on obtaining CVS (developer) versions of Samba -are available at: - -http://samba.org/cvs.html +Removed Parameters +------------------ -===================================================================== + * postscript + * printer driver + * printer driver location + * printer driver file -If you have problems, or think you have found a bug please email -a report to : +Added Parameters +--------------- - samba-bugs@samba.org + * ldap trust ids + * acl compatibility + * mangle prefix + + +Modified Parameters +------------------- + + * restrict anonymous + * password server + + +Changes in alpha21: + + See cvs log for SAMBA_3_0 for complete details. There are many + smaller numerous changes that would clutter the release notes. + +1) Numerous documentation updates including new Samba FAQ +2) Fixed logic error in checking wins server lists +3) Added more Solaris sendfile checks +4) Added --with-ldapsam for compatibility with 2.2.x Samba/LDAP setups +5) Add new client side support the Win2k LSARPC UUID in rpcbinds + Detect a native mode Win2k DC when in "security = domain" +6) Include Domain Local Groups in listing when a member of a native + mode Win2k domain +7) Fix ACL inheritance problem +8) Register <0x1c> name on unicast subnet +9) Removed stat() call in lp_add_home() +10) Change default of max_xmit to match W2K. Ensure NT negprot uses it +11) Merge the new ACL mapping code from Andreas Gruenbacher +12) Removed make_printerdef tool from build +13) Fix fd leak on printer queue tdb's +14) Better error/status loggin in both the pam_winbind client and + winbindd_pam +15) Fix fd leak with kernel change notify +16) Fix slowdown because of enumerating all print queues on every smbd startup +17) Fix --set-auth-user command to delete entries from the secrets file + when an empty username/password is passed on the command line +18) Added --get-auth-user to wbinfo for displaying account information + used to enumerate users and groups +19) Numerous updates for 'net rpc vampire' to migrate from an NT 4.0 Domain +20) Merge of scalable printing code from APP_HEAD +21) Numerous changes the passdb layer +22) More work on printer publishing in Active Directory +23) Enable "make modules" to build VFS libraries +24) Enable print notify messages on printer attributes from smbcontrol +25) Enable auto lookup of domain controllers when adding '*' to + "password server" parameter. Allows to have preferred list + of DC's, but not authoritative (e.g. password server = DC1 DC2 *) + + + + =============================== + +Changes in older alpha releases follow: + +--------------------------------------------------------------------- + +Changes in alpha20: + +1) Rework the 'guest account gets RID 501' code again... +2) Change to use NT-based session key negotiated for Win2k SPNEGO +3) Support printer data registry keys other than the default + PrinterDriverData +4) Moved internal printerdata to REGISTRY_VALUE object +5) Corrected bug in dependentfiles list of DRIVER_INFO_3 +6) fixed logic bug in blocking locks code +7) Updated registry api code to work with new printer data key + support +8) Added vfstest tool +9) round lock timeouts in lockingX upwards to multiples of 1 second +10) Fixed bugs in Printer Change Notify code +11) added a 'net ads lookup' command that does a CLDAP NetLogon + query to a win2000 server +12) Added script to find undocumented smb.conf parameters +13) Added missing parameters to smb.conf(5) +14) receive & parse main CLDAP reply from win2k server +15) removed "admin log" & "alternate permissions" parameters from smb.conf +16) added a generic print_guid utility, and get the byte order handing +17) fixed memory corruption in cli_full_connection() +18) remove unused 'max packet' and 'packet size' options +19) add support for the "value,OID" format described in MSDN for Printer + Data values +20) moves NT_TOKEN generation into our authentication code +21) Update documentation build system +22) Several fixes for IRIX compiler +23) Correctly handle "max data count" value in smb transacts +24) Fix for permissions error when adding/modifying using a Print + server handle +25) Fix pam_smbpass to always check the return value of pdb_getsampwnam() +26) Use the 'init' flag to determine if the UID is set, rather than testing + the uid for -1 +27) Cope with non-unix accounts ) we just won't get the groups for those users +28) Add 'net rpc getsid' to fetch the PDC's SID into the local secrets.tdb. + Print domain SID on 'net rpc info' +29) don't use lp_passwd_file() to retrieve NIS domain name, but use location + instead +30) Various POSIX compatibility fixes +31) Show only non-default values in testparm +32) Fix longstanding bug in Win2k clients by clearing the shortname + buffer before returning ascii short name. +33) Add example backtrace script +34) Added NETLOGON NetServerAuthenticate3 include and parser file +35) fix for difference in strsep and strtok semantics in nmbd +36) Ensure we don't change to a user that we can't get an NT_TOKEN for +37) Put back in BDC support in set_server_role() +38) added a 'net rpc samdump' command for dumping the whole sam via + samsync operations (as a BDC) +39) don't use spnego in the client unless enabled in smb.conf +40) Added some new delta types discovered by Ronnie from ethereal +41) Cope with negative cache dns entries better +42) do not expose special files, only files, directories and links +43) attempts to simplify Samba's external lib dependencies +44) support non-root-mode systems without getgrouplist() +45) Some fixes for SMB signing +46) Pass the object name down to the enum_printers client rpc +47) add the netatalk VFS module +48) Ensure we have at least smb_size bytes before processing a packet +49) Allow us to "lock" printer tdb entries in memory to stop them being + re-used as cache +50) fix 2 byte alignment/offset bug that prevented Win2k/XP clients + from receiving all the printer data in EnumPrinterDataEx() +51) Add option to compile new sam system can be enabled with the + configure option --with-sam +52) Added SGML/DocBook version of developer oriented docs to build process +53) Return correct FILE_SUPERSEDED response +54) Added example sam module (skeleton) +55) Add plugin support for the sam system (based on passdb code) +56) show builtin groups in samdump +57) Adding samtest utility used to test sam backends +58) fix connecting to a BDC when the PDC is down but in WINS and no bcast + can be used to find a BDC +58) convert the LDAP/SASL code to use GSS-SPNEGO if possible +59) added cli_net_auth_3 client code +60) merge of phant0m key fix from APP_HEAD +61) allow rpcclient's samlogon command to use cli_net_3() +62) Added attribute specific OPEN tests +63) Fix bug with stat mode open being done on read-only open with + truncate +64) Add lots of const casts to function parameters +65) Implemented some more client side spoolss functions +66) usrmgr expects UNICODE as ProductType +67) Change JOB_INFO_CTR to return a pointer to an array rather than array of + pointers in client code +68) Various NTLMSSP fixes +69) fixed crash bug in cli_connection code +70) DeletePrinterDriver[Ex]() fixes from APP_HEAD +71) remove some inet_aton() calls for portability +72) Set default ACB attributes on 'unixsam' accounts +73) Add bcast_msg_flags to connection struct +74) aggregate change notify events in the smbd sender and when transmitting +75) Added better error code on out of space in printer spool directory +76) Removed total jobs check ) not applicable any more +77) fixed bug in share enumeration RPC code +78) extend the ADS_STATUS system to include NTSTATUS +79) commit trusted domain patch n+3 +80) remove block VFS module +81) restrict readline headers to readline.c +82) merge of various recycle bin VFS patches +83) Winbind client-side cleanups +84) change parametric option name to vfs_recycle_bin it is more + sane and do not pollute standard options namespace too much +85) added --enable-python configure option for building the samba-python + unit tests +86) correct trans2 bugs in client for enumerating files/directories +87) Re-add OS/2 EA error codes +88) Added patch for required attributes in directory listings to reply code +89) Fix browse synchronization bug by noticing that W2K DMB's return empty + NetServerEnum2 on port 445, but not on port 139 +90) Fix semantics of AbortPrinter() spoolss call in server code +91) Ensure we've failed a lock with a lock denied message before automatically + pushing it onto the blocking queue +92) Added experimental sendfile code +93) Initialize user_rid value in WINBIND_USERINFO structure returned by + the rpc version of query_user() +94) added gencache implementation +95) Merge the cli_shutdown change from 2_2 +96) Fixes for DeletePrinterDriverEx() +97) Fixed alignment error in spoolss code +98) Changed Major/Minor version info reported to Server Manager to 4.9 +99) Applied new display mode FLAGS for SWAT +100) Update to add DEVELOPER option to more parameters +101) Added --with-ads option, defaults to yes +102) Added --with-ldap option to configure +103) Add clock skew handling to our kerberos code +104) correct race condition in password change code for out machine account + when a member of a domain +105) First implementation for 'net rpc vampire' +106) store current handle's Device Mode with print job +107) Move functionality to check whether entries for lp_workgroup() and + "BUILTIN" exist and add them if necessary from check_correct_backend_entries + into sam_context_check_default_backends +108) allow --with-krb5 to override the location of the kerberos libs on + redhat +109) unlink spool file after submitting print job when using CUPS api +110) Add framework for samtest commands +111) Add the ability to view/set the current local domain SIDs to net command +112) When creating a group you have to take care of the fact that the + underlying unix might not like the group name +113) Don't uppercase the username and domain in a session setup +114) Merge of "profile acls" code from SAMBA_2_2 +115) Check for existing of security descriptor in PRINTER_INFO_2 structure + in rpc client code +116) Move to common user token debugging, and ensure we always print both the + NT_TOKEN and the unix credentials +117) If adding a user to ldap, make sure we have the 'account' structural class, + or else we can't add to OpenLDAP 2.1 +118) Kill of Get_Pwnam_Modify and smb_getpwnam() +119) add a 'ldap passwd sync' option to smb.conf +120) Whenever we deal with adding machine/trusted domain accounts, always reset + the flag to what we expect +121) Fix the circular dependency that was preventing 'domain master = auto' (the + default) from working +122) move all the passdb internal interface to NTSTATUS +123) to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to + store \\server\user back) and to correctly notice 'not set' compared to 'null + string' etc. +124) get some more of our access control bits right on the SAMR pipe +125) Add -r parameter to smbgroupedit. With -r you can manually choose + a rid + +Changes in alpha19 +1) Virtual registry framework with printing hooks (jerry) +2) Heavy registry updates (jerry) +3) Use 850 as the default DOS character set in smb.conf (tpot) +4) printer fixes ) removed encoding of queueid in job number (jra) +5) A lot of small fixes (jra) +6) Don't crash on setfileinfo on printer fsp(jra) +7) fixed line buffer mode in XFILE(jra) +8) update samba.schema from 2.2 (jerry,idra) +9) Fix problem with oplock breaks and win2k ) + noticed by Lev Iserovich (jra) +10) Update smbgroupedit to document -d ) thanks to metze (abartlet) +11) Support weird behaviour used by win9x pass-through auth (abartlet,tpot) +12) Support for duplicating stderr in log files (abartlet) +13) Move startup time initialisation to server.c (abartlet) +14) *A lot* of fixes and cleanups (abartlet) +15) Fix up compiler warnings (abartlet) +16) Few small fixes (tpot) +17) Renamed new_cli_netlogon_* -> cli_netlogon_* (tpot) +18) Fixed segfault in net time when host is unavailable (tridge) +19) Ensure to be root when opening printer backend tdb (jra) +20) Merges from APPLIANCE_HEAD (tpot,jerry) +21) configure updates (tridge) +22) getgrouplist() updates (tridge) +23) Support for pdbedit to query account policy values (abartlet) +24) Allow one to create trusting domain account using smbpasswd (mimir,abartlet) +25) 'Net rpc trustdom list' (mimir, abartlet) +26) Fix fallback to anonymous connection (mimir, abartlet) +27) Fix for pdb_ldap and OpenLDAP 2.1 +28) Added support in swat to determine whether winbind is running (idra) +29) Add 'hide unwritable' option (idra) +30) Correct pickup of [homes] share after subsequent session setups (abartlet) +31) Update rebind code in pdb_ldap (abartlet) +32) Add some info levels to RPC srvsvc code ) + thanks to Nigel Williams" (abartlet) +33) Small doc fixes (tridge) +34) good security patch from Timothy.Sell@unisys.com (tridge) +35) fix minor nits in nmbd from adtam@cup.hp.com (tridge) +36) make sure async dns nmbd child dies (tridge) +37) interim fix for nmbd not registering DOMAIN#1b (tridge) +38) fix for smbtar filename matching (tridge) +39) Better quote handling in smb.conf (abartlet) +40) Support browsers setting multiple languages in swat (idra) +41) Changed str_list_make to be able to use a different separator string (idra) +42) Samsync support to insert account info into the pdb (tpot) +43) Don't hide unwritable dirs when 'hide unwritable' is enabled ) + suggested by Alexander Oswald (idra) +44) Fix for handling sparse files in smbd (tridge) +45) Merges from 2_2 (jerry) +46) Minor printer fixes (jerry) +47) Add some checks to SID lookup code (abartlet) +48) Cascaded VFS (Alexander Bokovoy, idra) +49) Some netbios-less connections support in ADS mode (tridge) +50) ADS tweaks (tridge) +51) Fix plaintext passwords with win2k (tridge) +52) 'net ads info' reports IP of LDAP server (tridge) +53) Add some more RPC functions (jmcd) +54) Add 'smb ports = ' option (tridge) +55) Various small fixes (tridge) +56) Passdb security checks (abartlet) +57) Large winbind updates (abartlet) +58) Moved rpc client routines from libsmb to rpc_client (tpot) +59) Few nmbd fixes (jmcd) +60) Fix swat to handle new debug level code (idra) +61) Fix name length bug in namequeries (tridge) +62) Don't have client binaries depend on libs they don't use ) + patch from Steve Langasek (abartlet) +63) Printing change notification (merged from HEAD_APPLIANCE) (jerry) +64) fix delete printer driver (from HEAD_APPLIANCE) (jerry) +65) Added pdb_xml and pdb_mysql (jelmer) +66) Update pdb_test (jelmer) +67) Fix security issues with %m (abartlet) +68) Support for service joins from win2k AND use SPNEGO (jmcd) +69) pdbedit -i and -e fix, add -b (idra) +70) textdocs converted to sgml (jelmer, jerry) +71) Merge netbios namecache code from APPLIANCE_HEAD (tpot) +72) Fix segs in new NTLMSSP code (abartlet) +73) Always make guest rid 501 (abartlet) -As always, all bugs are our responsibility. -Regards, - The Samba Team.