WHATSNEW: document some more new options
authorStefan Metzmacher <metze@samba.org>
Thu, 11 Jan 2018 11:46:24 +0000 (12:46 +0100)
committerKarolin Seeger <kseeger@samba.org>
Sat, 13 Jan 2018 16:12:38 +0000 (17:12 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Sat Jan 13 17:12:38 CET 2018 on sn-devel-144

WHATSNEW.txt

index 94278b3..f1e43f4 100644 (file)
@@ -95,15 +95,18 @@ smb.conf changes
   client schannel                    Default changed/        yes
                                      Deprecated
   gpo update command                 New
+  ldap ssl ads                       Deprecated
   map untrusted to domain            Removed
   oplock contention limit            Removed
-  prefork children                  New                     1
+  prefork children                   New                     1
   mdns name                          Added                   netbios
   fruit:time machine                 Added                   false
   profile acls                       Removed
   use spnego                         Removed
   server schannel                    Default changed/        yes
                                      Deprecated
+  unicode                            Deprecated
+  winbind scan trusted domains       New                     yes
   winbind trusted domains only       Removed
 
 
@@ -150,6 +153,22 @@ reversed to match the parameter ordering of the UNIX extensions
 'symlink' command. The usage message for this command has also
 been improved to remove confusion.
 
+Winbind changes
+---------------
+
+The dependency to global list of trusted domains within
+the winbindd processes has been reduced a lot.
+
+The construction of that global list is not reliable and often
+incomplete in complex trust setups. In most situations the list is not needed
+any more for winbindd to operate correctly. E.g. for plain file serving via SMB
+using a simple idmap setup with autorid, tdb or ad. However some more complex
+setups require the list, e.g. if you specify idmap backends for specific
+domains. Some pam_winbind setups may also require the global list.
+
+If you have a setup that doesn't require the global list, you should set
+"winbind scan trusted domains = no".
+
 REMOVED FEATURES
 ================