1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <h3>The Samba Team are pleased to announce Samba 1.9.18p5.</h3>
14 It may be fetched via ftp from :
16 <a href="ftp://samba.org/pub/samba/samba-1.9.18p5.tar.gz">ftp://samba.org/pub/samba/samba-1.9.18p5.tar.gz</a>
18 This is a bugfix release, designed to address issues
19 that users have reported with the 1.9.18p4 release.
20 It is intended that the next Samba release will be an
21 alpha of Samba 1.9.19, which will contain significant
22 new functionality for integrating Samba into a Windows
23 NT Domain environment.
25 There is some new functionality in this release,
28 Encrypted Password Migration Support.
29 -------------------------------------
31 This code, donated by Bruce Tenison, allows sites that
32 currently are using plaintext password authentication
33 against a UNIX password database to migrate to encrypted
34 SMB authentication by collecting users passwords as they
35 log in, and updating a smbpasswd file with passwords
36 deemed correct when checked against the UNIX password
37 database. This allows a Samba administrator to set up
38 a smbpasswd file and allow it to be updated as users
39 log in, until all users encrypted passwords have been
40 collected, and then turn Samba over to encrypted password
41 support without disruption to the users or forcing them
42 to re-enter all their passwords at changeover time.
43 Details on this are in the release notes below.
45 Improved smbtar support.
46 ------------------------
48 The changes to smbtar by Richard Sharpe of the Samba Team
49 were funded by Canon Information Systems Research Australia
50 (CISRA). The Samba Team would like to thank Canon Information
51 Systems Research Australia for their funding this effort, as
52 such sponsorship advances the Samba project significantly.
54 Simplified Chinese Character support added.
55 -------------------------------------------
57 Samba now supports the Simplified Chinese codepage (936)
58 as well as Japanese, Korean, and Traditional Chinese
64 Binary packages are being prepared and will be available
65 under the following ftp address by the end of the day,
68 <a href="ftp://samba.org/pub/samba/Binary_Packages/">ftp://samba.org/pub/samba/Binary_Packages/</a>
70 Here are the release notes. Remember, all bugs
71 are our responsibility - please report them
72 to <a href="mailto:samba-bugs@samba.org">samba-bugs@samba.org</a>.
78 -------------------------------------------------------------
79 WHATS NEW IN 1.9.18p5 - May 8th 1998.
80 =====================================
82 This is the latest stable release of Samba. This is the
83 version that all production Samba servers should be running
84 for all current bug-fixes.
86 Note that most Samba Team effort is now going into working on the
87 next major release which should contain some Windows NT Domain
88 features. It is intended that any future work on the 1.9.18 series
89 be maintenance only fixes.
91 An announcement will be made when the first alpha release of the next
92 Samba series is available.
94 Added features in 1.9.18p5
95 --------------------------
102 This parameter is to allow Samba administrators to debug their password
103 chat scripts more easily when they have "unix password sync" set. It is
104 provided as a debugging convenience only and should be enabled only when
105 debugging. Full documentation is in the smb.conf man page.
109 The code for this parameter was kindly donated by Bruce Tenison.
110 If this parameter is set to "yes" (it defaults to "no") and an smbpasswd
111 file exists containing all the valid users of a Samba system but
112 no encrypted passwords (ie. the Lanman hash and NT hash entries in
113 the file are set to "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"), then as
114 users log in with plaintext passwords that are matched against
115 their UNIX password entries, their plaintext passwords will be
116 hashed and entered into the smbpasswd file. After all the users
117 have successfully logged in using unencrypted passwords, the
118 smbpasswd file will have the Lanman and NT hashes of these users
119 UNIX passwords correctly stored. At that point the administrator
120 can convert Samba to use encrypted passwords (and configure the
121 Windows 95 and NT clients to send only encrypted passwords) and
122 migrate to an encrypted setup without having to ask users to re-enter
123 all their passwords explicitly. Note that to use this option the
124 "encrypt passwords" parameter must be set to "no" when this option
125 is set to "yes". See the smb.conf man page for up to date information
131 The following changes were developed by Richard Sharpe for Canon
133 Systems Research Australia (CISRA). The Samba Team would like to thank
134 Canon Information Systems Research Australia for their funding this
135 effort, as such sponsorship advances the Samba project significantly.
137 1. Restore can now restore files with long file names
138 2. Save now saves directory information so that we can restore
139 directory creation times
140 3. tar now accepts both UNIX path names and DOS path names.
142 New document in docs/ directory
143 -------------------------------
145 A new document, PROFILES.txt has been added to the docs/ directory.
146 This is still a work in progress (currently consisting of a series
147 of email exchanges) and will be updated over the coming releases.
148 The document covers the task of getting roving profiles to work with
149 a Samba server with Windows 95 and Windows NT clients.
151 Bugfixes added since 1.9.18p4
152 -----------------------------
154 1). Samba should now compile cleanly with the gcc -Wstrict-prototypes
156 2). New code page 852 tranlation table created by Petr Hubeny.
157 3). New "update encrypted" parameter (described above).
158 4). New "passwd chat debug" parameter (described above).
159 5). Updates to smbtar (described above).
160 6). Fix to do correct null session connections from nmbd and smbd.
161 7). Synchronous open flag is now honoured.
162 8). security=server now logs out correctly.
163 9). Fix to stop long printer job listings causing Win95 and smbd to
164 spin the CPU & network.
165 10). Multibyte character fix that prevented the "character set"
168 11). Fix for problems with security=share and the [homes] share.
169 12). NIS+ patch to get home directory info.
170 13). Added FTRUNCATE_NEEDS_ROOT define for systems with broken
173 14). Fix for nmbd not allowing log append mode.
174 15). Fix for nmbd as a WINS server doing a name query after a WACK with
175 the 'recursion desired' bit set - this would cause problems if directed
176 at a machine running a WINS server.
177 16). Correctly ignore "become backup browser" requests, rather than
178 logging them as a problem.
179 17). Use compressed names correctly as requested by RFC1002.
180 18). Workaround for bug where NT allows a guest logon and
181 doesn't set the guest bit (in security=server mode).
182 19). Added SOFTQ print type.
183 20). Free filename on file close (long standing small memory leak fix).
184 21). Fix for lp_defaultservice() getting overwritten by rotating string
186 22). Print time in international, rather than USA, format.
187 23). Fix to queue a trans2 open request when oplock break pending.
188 24). Added Simplified Chinese codepage (936).
189 25). Fixed expansion bug with %U, %G when multiple sessionsetups done
190 in security > SHARE mode.
191 26). Change to DEC enhanced mode security code to allow the same
192 binary to work when in enhanced and basic security mode. This change
194 all systems that define OSF1_ENH_SEC at compile time.
196 Previous release notes for 1.9.18p4 follow.
197 =========================================================================
199 Added features in 1.9.18p4
200 --------------------------
202 Changing passwords now supported
203 --------------------------------
205 Samba now supports changing the SMB password from a Windows 95 client,
206 using the standard Windows 95 password changing dialog. Note that by
207 default this changes the SMB password, not the UNIX password (Samba
208 must be set up with encrypted passwords in order to support this).
210 The smbpasswd program has been re-written to take advantage of this
211 feature, and now has no need to be a setuid root program, thus
213 a potential security hole. As a side effect of this change smbpasswd
214 can now be used on a UNIX machine to change users passwords on an NT
217 The new password changing code can also synchronize a users UNIX
218 password at the same time a SMB password is being changed, if Samba
219 is compiled with password changing enabled, and the new parameter
220 'unix password sync' is set to True. By default this is off, as
221 it allows the password change program to be called as root, which
222 may be considered a security problem at some sites.
224 Name resolution order now user selectable
225 -----------------------------------------
227 The resolution of NetBIOS names into IP addresses can be done in
228 several different ways (broadcast, lmhosts, DNS lookup, WINS).
229 Previous versions of Samba were inconsistant in which commands
230 used which methods to look up IP addresses from a name. New in
231 this version is a parameter (name resolve order, mentioned in
232 the new parameters list below) that allows administrators to
233 select the methods of name resolution, and the order in which
234 such methods are applied. All Samba utilities have been changed
235 to use the new name to IP address name resolution code and
236 so this can be controlled from a central place.
238 Expanded multi-byte character support
239 -------------------------------------
241 In previous versions of Samba, Kanji (Japanese) character
242 support was treated as a special case, making it the only
243 multi-byte character set natively supported in Samba. New
244 code has been added to generalize the multi-byte codepage
245 support, with the effect that other multibyte codepage support
246 can be easily added. The new codepages that this version
247 ships with are Korean Hangul and Traditional Chinese.
249 New Parameters in 1.9.18p4
250 --------------------------
252 name resolve order = lmhosts wins hosts bcast
254 This parameter allows control over the order in which netbios name to
255 IP Address resolution is attempted. Any method NOT specified will be
256 excluded from the name resolution process. If this parameter is not
257 specified then the above default order will be observed - this is
258 consistent with prior releases. See the smb.conf and smbclient man
259 pages for full details. See the above text for the announcement on
262 fake directory create times
264 This parameter is a compatibility option for software developers
265 using Microsoft NMAKE make tool, saving files onto a Samba share.
266 Setting this parameter to true causes Samba to lie to the client
267 about the creation time of a directory, so NMAKE commands don't
268 re-compile every file.
272 This parameter is set to False by default. When set to True, it
273 causes Samba to attempt to synchronize the users UNIX password
274 when a user is changing their SMB password. This causes the
275 password change program to be run as root (as the new password
276 change code has no access to the plaintext of the old password).
277 Because of this, it is set off by default to allow sites to
278 set their own security policy regarding UNIX and SMB password
281 This parameter has no effect if Samba has been compiled without
282 password changing enabled.
284 Changed compile-time default in 1.9.18p4
285 ----------------------------------------
287 The maximum length of a printer share name has now been increased to 15
288 characters - the same as file share names. Any one who needs to revert
290 to 8 character printer share name support can do so by adjusting the
294 Bugfixes added since 1.9.18p3
295 -----------------------------
297 1). Fix for nmbd leaving the child nmbd running when doing DNS
298 lookups as a WINS server.
299 2). Fix core dump in smbd when acting as a logon server with
301 3). Workaround for a bug in FTP OnNet software NBT implementation.
302 It does a broadcast name release for WORKGROUP<0> and WORKGROUP<1e>
303 names and don't set the group bit.
304 4). Ensure all the NetBIOS aliases are added to all the known
305 interfaces on nmbd initialization.
306 5). Fix bug in multiple query name responses print code.
307 6). Fix to send out mailslot reply on correct interface.
308 7). Fix retranmission queue to scan WINS server subnet so
309 nmbd retransmits queries needed when acting as a WINS server.
310 Thanks to Andrey Alekseyev <<a href="mailto:fetch@muffin.arcadia.spb.ru">fetch@muffin.arcadia.spb.ru</a>> for
312 8). Send host announcement to correct 0x1d name rather than
314 9). Fix for WINS server when returning multi-homed record,
315 was returning one garbage IP address.
316 10). Fix for Thursby Software's 'Dave' client - ensure
317 that a vuid of zero is always returned for them when in
318 share level security (the spec say's it shouldn't matter,
319 but it was causing them grief).
320 11). Added KRB4 authentication code.
321 12). Fix to allow max printer name to be 15 characters (see above).
322 13). Fix for name mangling cache bug - cache wasn't being
324 14). Fix for RH5.0 broken system V shared memory include
326 15). Fix for broken redirector use of resume keys between
327 deletes in a directory. Samba now returns zero as resume
328 keys (as does NT) and uses the resume filename instead.
329 16). Fix for systems that have a broken implementation
330 of isalnum() - was causing gethostbyname to fail.
331 17). Fix for 'hide files' bug not working correctly (bug
332 in is_in_path function - fix from Steven Hartland
333 <<a href="mailto:steven_hartland@pa.press.net">steven_hartland@pa.press.net</a>>.
334 18). Fixed bug in smbclient where debug log level on the
335 command line was being overridden by the log level in smb.conf.
336 19). Fixed bug in USE_MMAP code where client sending
337 a silly offset to readraw could cause a smbd core dump.
339 Bugfixes added since 1.9.18p2
340 -----------------------------
342 1). Fix to cause oplocked files to be broken when open
343 file table is full before giving up and reporting 'too
344 many open files'. This fix seems to help many applications
346 2). Fix to stop extra files being closed in user logoff
348 3). Fix to stop padded packet being returned on
349 trans2 call. This bug could cause Windows 95 to freeze
350 on some (rare) occasions.
351 4). Added fix for Visual C++ filetime changes (see above).
352 5). Made security check code an option (see above).
353 6). Fixed printer job enumeration in smbclient.
354 7). Re-added code into smbclient that causes it to do NetBIOS
355 broadcast name lookups (as it used to in 1.9.17).
356 8). Fixed code dump bug in smbtar.
357 9). Fixed mapping code between Appletalk and Kanji filenames.
358 10). Tuned shared memory size based on open file table size.
359 11). Made nmbd log file names consistant with smbd.
360 12). Fixed nmbd problem where packet queues could grow
361 without bound when connection to WINS server was down.
362 13). Fix for DCE login code.
363 14). Fix for system V printing to remove extra space
365 15). Patch to add a new substitution paramter (%p) in
366 a service patchname. Adds NIS home path (see the man page
367 on smb.conf for details). Patch from Julian Field.
368 16). Fix to stop smbpassword code from failing when
369 parsing invalid uid fields.
370 17). Made volume serial number constant based on machine
372 18). Added expand environment variables code from Branko
373 Cibej. See the man page on smb.conf for details.
374 19). Fixed warnings in change_lanman_password code.
377 Bugfixes added since 1.9.18p1
378 -----------------------------
380 1). A deadlock condition in the oplock code has been found
381 and fixed. This occured under heavy load at large sites. Several
382 of the sites who reported the original problem have now been
383 testing the code in this (1.9.18p2) release for a week now with
384 no problems (previously the problem occurred within 3-6 hours).
385 (Thanks to Peter Crawshaw of Mount Allison University for
386 his great help in tracking down this bug).
387 2). Fix for a share level security problem that caused
388 'valid users' not to work correctly.
389 3). Addition of Russian code page support.
390 4). Fix to the password changing code (thanks to Randy Boring
391 at Thursby Software Systems for this).
392 5). More fixes to the Windows 95 printer driver support
393 code from Herb Lewis at SGI.
394 6). Two NetBIOS over TCP source name type fixes in nmbd.
395 7). Memory leak in the dynamic loading of services in an
397 8). LPRng parsing code fix.
398 9). Fix to try and return a 'best guess' of create time
399 under UNIX (which doens't store such a file attribute).
400 10). Added parameters to samba/examples/smb.conf.default file :
401 Remote announce, Remote browse sync, username map, filename
402 case preservation and sensitivity options.
403 11). Reply to trans2 calls now aligns all parameters and
404 data on 4 byte boundary.
405 12). Fixed SIGTERM bug where nmbd would hang on exit.
406 13). Fixed WINS server bug to allow spaces in WINS names.
408 Bugfixes added since 1.9.18
409 ---------------------------
411 1). Fix for oplock-break problem. If an open crossed
412 with an oplock break on the wire it was possible for the
413 same fnum to be re-used. This caused a rare but fatal
415 2). Fix for adding printers to Windows NT 4.x. Now
416 return correct "no space error" when buffer of zero
418 3). Fix for nmbd core dumps when running on architectures
419 that cannot access structures on non-aligned boundaries
421 4). Compiler warnings in nmbd fixed.
422 5). Makefile updated for Linux 2.0 versions (new smbmount
423 commands should only be compiled for 2.1.x kernels).
424 6). Addition of a timestamp to attack warning messages.
429 This release contains several major changes and much re-written
432 The main changes are :
434 1). Oplock support now operational.
435 -----------------------------------
437 Samba now supports 'exclusive' and 'batch' oplocks.
438 These are an advanced networked file system feature
439 that allows clients to obtain a exclusive use of a
440 file. This allows a client to cache any changes it
441 makes locally, and greatly improves performance.
443 Windows NT has this feature and prior to this
444 release this was one of the reasons Windows NT
445 could be faster in some situations. Samba has
446 now been benchmarked as out performing Windows
447 NT on equivalently priced hardware.
449 The oplock code in Samba has been extensively
450 tested and is believed to be completely stable.
452 Please report any problems to the samba-bugs alias.
454 2). NetBIOS name daemon re-written.
455 -----------------------------------
457 The old nmbd that has caused some users problems
458 has now been completely re-written and now is
459 much easier to maintain and add changes to.
461 Changes include support for multi-homed hosts
462 in the same way as an NT Server with multiple
463 IP interfaces behaves (registers with the WINS
464 server as a multi-homed name type), and also
465 support for multi-homed name registration in
466 the Samba WINS server. Another added feature
467 is robustness in the face of WINS server failure,
468 nmbd will now keep trying to contact the WINS
469 server until it is successful, in the same
472 Also in this release is an implementation
473 of the Lanman announce protocol used by
474 OS/2 clients. Thanks to Jacco de Leeuw for
477 3). New Internationalization support.
478 -------------------------------------
480 With this release Samba no longer needs to be
481 separately compiled for Japanese (Kanji) support,
482 the same binary will serve both Kanji and non-Kanji
485 A new method of dynamically loading client code pages
486 has been added to allow the case insensitivity to
487 be done dependent on the code page of the client.
489 Note that Samba still will only handle one client
490 code page at a time. This will be fixed when
491 Samba is fully UNICODE enabled.
493 Please see the new man page for make_smbcodepage
494 for details on adding additional client code page
497 4). New Printing support.
498 -------------------------
500 An implementation of the Windows 95 automatic printer
501 driver installation has been added to smbd. To use this
502 new feature please read the document:
504 docs/PRINTER_DRIVER.txt
506 Thanks to Jean-Francois Micouleau, and also Herb Lewis
507 of Silicon Graphics for this new code.
509 Printer support on System V systems (notably Solaris)
510 has been improved with the addition of code generously
511 donated by Norm Jacobs of Sun Microsystems. Sun have
512 also made a Solaris SPARC workstation available to the
513 Samba Team to aid in their porting efforts.
519 Samba no longer needs the libdes library to support
520 encrypted passwords. Samba now contains a restricted
521 version of DES that can only be used for authentication
522 purposes (to comply with the USA export encryption
523 regulations and to allow USA Mirror sites to carry
524 Samba source code). The 'encrypt passwords' parameter
525 may now be used without recompiling.
527 Much of the internals of Samba has been re-structured
528 to support the oplock and Domain controller changes.
530 Samba now contains an implementation of share modes
531 using System V shared memory as well as the mmap()
532 based code. This was done to allow the 'FAST_SHARE_MODES'
533 to be used on more systems (especially HPUX 9.x) that
534 have System V shared memory, but not the mmap() call.
536 The System V shared memory code is used by default on
537 many systems as it has benchmarked as faster on many
540 The Automount code has been slightly re-shuffled, such
541 that the home directory (and profile location) can be
542 specified by \\%N\homes and \\%N\homes\profiles
543 respectively, which are the defaults for these values.
544 If -DAUTOMOUNT is enabled, then %N is the server
545 component of the user's NIS auto.home entry. Obviously,
546 you will need to be running Samba on the user's home
547 server as well as the one they just logged in on.
549 The RPC Domain code has been moved into a separate directory
550 rpc_pipe/, and a LGPL License issued specifically for code
551 in this directory. This is so that people can use this
552 code in other projects.
557 One feature that we wanted to get into this release
558 that was not possible due to the re-write of the nmbd
559 code was the scalability features in the Samba WINS server.
560 This feature is now tentatively scheduled for the next
561 release (1.9.19). Apologies to anyone who was hoping
562 for this feature to be included. The nmbd re-write
563 will make it much easier to add such things in future.
565 New parameters in smb.conf.
566 ---------------------------
568 New Global parameters.
569 ----------------------
571 Documented in the smb.conf man pages :
573 "bind interfaces only"
586 New Share level parameters.
587 ---------------------------
589 Documented in the smb.conf man pages :
594 Nascent web interface for configuration.
595 ----------------------------------------
597 source/wsmbconf.c is a cgi-bin program for editing smb.conf. It can
598 also be run standalone. This is in a very early stage of development.
603 smbd and nmbd will now modify their debug log level when
604 they receive a USR1 signal (increase debug level by one)
605 and USR2 signal (decrease debug level by one). This has
606 been added to aid administrators track down faults that
607 only occur after long periods of time, or transiently.
612 If you have problems, or think you have found a
613 bug please email a report to :
615 <a href="mailto:samba-bugs@samba.org">samba-bugs@samba.org</a>
617 Please state the version number of Samba that
618 you are running, and *full details* of the steps
619 we need to reproduce the problem.
621 As always, all bugs are our responsibility.