sync 3.0 branch with head

[ira/wip.git] / WHATSNEW.txt

              WHATS NEW IN Samba 3.0 alphaX
              =============================

Changes in alpha19
 - Heavy registry updates (jerry)
 - Use 850 as the default DOS character set in smb.conf (tpot)
 - printer fixes - removed encoding of queueid in job number (jra)
 - A lot of small fixes (jra)
 - virtual registry framework with initial printing hooks (jerry)
 - Don't crash on setfileinfo on printer fsp(jra)
 - fixed line buffer mode in XFILE(jra)
 - update samba.schema from 2.2 (jerry,idra)
 - Fix problem with oplock breaks and win2k - 
   noticed by Lev Iserovich <lev@ciprico.com> (jra)
 - Give different error message when PDC is down - 
   thanks to Mark Kaplan from Quantum (abartlet)
 - Add wrapper for dup2() (abartlet)
 - Update smbgroupedit to document -d - thanks to metze (abartlet)
 - Support weird behaviour used by win9x pass-through auth (abartlet,tpot)
 - Support for duplicating stderr in log files (abartlet)
 - Move startup time initialisation to server.c (abartlet)
 - *A lot* of fixes and cleanups (abartlet)
 - Fix up compiler warnings (abartlet)
 - Few small fixes (tpot)
 - Renamed new_cli_netlogon_* -> cli_netlogon_* (tpot)
 - Fixed segfault in net time when host is unavailable (tridge)
 - Ensure to be root when opening printer backend tdb (jra)
 - Merges from APPLIANCE_HEAD (tpot,jerry)
 - configure updates (tridge)
 - particularly getgrouplist() (tridge)
 - Make sure to be root when accessing pdb (abartlet)
 - Better PAM error message (abartlet)
 - Support for pdbedit to query account policy values (abartlet)
 - Fix few typos (mimir, abartlet)
 - Allow one to create trusting domain account using smbpasswd (mimir,abartlet)
 - 'Net rpc trustdom list' (mimir, abartlet)
 - Fix fallback to anonymous connection (mimir, abartlet)
 - Add debugging info to secrets.c (mimir, abartlet)
 - Fix for pdb_ldap and OpenLDAP 2.1
 - Added support in swat to determine whether winbind is running (idra)
 - Add 'hide unwritable' option (idra)
 - Correct pickup of [homes] share after subsequent session setups (abartlet)
 - Update rebind code in pdb_ldap (abartlet)
 - Add some info levels to RPC srvsvc code - 
   thanks to Nigel Williams" <nigel@veritas.com> (abartlet)
 - Small doc fixes (tridge)
 - good security patch from Timothy.Sell@unisys.com (tridge)
 - fix minor nits in nmbd from adtam@cup.hp.com (tridge)
 - make sure async dns nmbd child dies (tridge)
 - interim fix for nmbd not registering DOMAIN#1b (tridge)
 - fix for smbtar filename matching (tridge)
 - Better quote handling in smb.conf (abartlet)
 - Support browsers setting multiple languages in swat (idra)
 - Changed str_list_make to be able to use a different separator string (idra)
 - Remove use of strtof because of portability issues (idra)
 - Common popt definition for -d option (tpot)
 - Samsync support to insert account info into the pdb (tpot)
 - Don't hide unwritable dirs when 'hide unwritable' is enabled - 
   suggested by Alexander Oswald <oswald@is.haw-hamburg.de> (idra)
 - Fix for handling sparse files in smbd (tridge)
 - Merges from 2_2 (jerry)
 - Add cvslog.pl file
 - Minor printer fixes (jerry)
 - Fix SID lookup code to never do recursive winbind (abartlet)
 - Fix SID lookup code to never use algoritmic rid for fixed mappings (abartlet)
 - Cascaded VFS (Alexander Bokovoy, idra)
 - Optimisations when in ADS mode (tridge)
 - Try netbios-less connections when in ADS mode (tridge)
 - Minor ADS tweaks (tridge)
 - Fix plaintext passwords with win2k (tridge)
 - 'net ads info' reports IP of LDAP server (tridge)
 - Add LSA RPC 0x2E, lsa_query_info2 (jmcd)
 - Add 'smb ports = ' option (tridge)
 - Various small fixes (tridge)
 - Add 'disable netbios = yes/no' (tridge)
 - Passdb security checks (abartlet)
 - Large winbind updates (abartlet)
 - Moved rpc client routines from libsmb to rpc_client (tpot)
 - Few nmbd fixes (jmcd)
 - Fix swat to handle new debug level (idra)
 - Fix name length in namequeries (tridge)
 - Netbios-less setup ADS fixes (tridge)
 - Add SAMR 0x3e, which is samr_connect4 (jmcd)
 - Add consts to passdb (abartlet)
 - Don't client binaries depend on libs they don't use - 
   patch from Steve Langasek <vorlon@netexpress.net> (abartlet)
 - Printing change notification (merged from HEAD_APPLIANCE) (jerry)
 - fix delete printer driver (from HEAD_APPLIANCE) (jerry)
 - Added pdb_xml and pdb_mysql (jelmer)
 - Update pdb_test (jelmer)
 - Fix security issues with %m (abartlet)
 - Add client side support for samr connect4 (0x3e) (jmcd)
 - Add lsa 0x2e (queryinfo2) client side (jmcd)
 - Support for service joins from win2k AND use SPNEGO (jmcd)
 - pdbedit -i and -e fix, add -b (idra)
 - textdocs converted to sgml (jelmer, jerry)
 - Merge netbios namecache code from APPLIANCE_HEAD (tpot)
 - Fix segs in new NTLMSSP code (abartlet)
 - Always make guest rid 501 (abartlet)
 

Changes in alpha18
 - huge number of changes! really too many to list ... (and its 1am
   here, and I'm too tired) 
   See the cvs tree at http://build.samba.org/


Changes in alpha17
- OpenLinux packaging updates (jht)
- Locking updates - fix zero timeout (tridge, jra)
- Default ACL support (jra, based on code from Olaf Frczyk <olaf@cbk.poznan.pl>)
- printing updates - spoolss stuff (tpot)
- 'make install' directory creation fixes (abartlet)
- Lots of fixes for SID handling, local v domain sids etc
- better mangle debugging (abartlet)
- fixes to allow 'net' to return more than 1000 users from ADS (jmcd)
 - winbind support to come very shortly
- lock some more tdbs to allow concurrent access for backups
- 'net' help cleanups (jmcd)
- 'net join' automatic transport detection

Changes in alpha16
- LDAP schema updates (jerry)
- initial ADS LDAP printer advertising (jmcd)
- spoolss and printing updates (tpot, jerry)
  (the is the major update in this alpha, and work continues)
- Winbindd connection cache improvements (abartlet)
- spnego segfault fixes (abartlet)
- net ads segfault fixes ( Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
- header cleanups (tpot)
- Serialise domain auth requests - win2k bug (tridge)
- fix winbind talloced memory leak (dleducq@arkoon.net, tridge)
- call unmangle in don_unmangle (abartlet)
- UTF8 Charset functions - for ADS LDAP calls (Hasch@t-online.de)
- Fix security tab for mapped drives on unicode clients (tridge)
- Better configure tests for snprintf and immidiate structures (abartlet)
- allow 'passdb backend = plugin : /path/to/plugin.so : plguin args'
  (loads a passdb module) (Jelmer Vernooij <jelmer@nl.linux.org>)
- change the way we store our domain join info - you will need to
rejoin the domain (tridge)
- xcopy /o fixes (tridge)
- fix the 'convert_string' level 0 debugs.
- Patch for Domain users not showing up from "Ivan Zhakov" <vunny@mail.ru>
- tdb backup support
- The beginning of trusted and trusting domain support - net commands
  (Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>)
- nmbd signal processing fixes (jra)
- lseek-on-pipe support (jra)
- Allow Samba to trust NT4 Domains (abartlet)
- LDAPsam updates (abartlet):
    - Now runtime selectable (when configured)
    - ldap user suffix and ldap group suffix support.
    - non unix account support
    - select with 'passdb backend = ldapsam' or 'passdb backend =
    ldapsam_nua'
- start to allow NT4 domains to trust Samba, netlogon fixes (abartlet)
- make default unix charset UTF8 (tridge)
- Fix SIGSEGV on error message when trying to add a user to smbpasswd
file without a unix account (jmcd)
- better detection of dead ADS connections, so we have some chance of
reconnecting (tridge)
- removed bogus prepend_domain() call which was screwing up getpwuid()
with the new default domain code
- Domain/workstation SID fixes.
- patch from Alexey Kotovich <a.kotovich@sam-solutions.net> that adds 
  the security decsriptor code for ADS workstation accounts. 
  (allow self password change, self remove) 
  (after much review and disscussion with abartlet and tridge)

Changes in alpha15
- Improvements in pam_winbind/winbindd_pam.c: (abartlet)
  - Much better error reporting
  - Password changing is now stackable
  - now returns multiple PAM errors based on the NTSTATUS
    that winbind got.
  - returns an error string the client can use in their own logs.
- Print form updates (tpot)
- added 'wbinfo --sequence' to show sequence numbers of 
  all domains (tridge)
- better winbind memory mangement (tridge)
- make signal processing work correctly in winbindd
  Michael Steffens <michael_steffens@hp.com>
- Inital ADS printer publishing work.  (jmcd)
- Debian packaging
- large debian packaging checking from Eloy. (merge by jerry)
- Make smbgroupedit a little easier on the user (select groups
  by name rather than by sid) (abartlet)
- rework parts of smbtorture (tridge)

Changes in alpha14
- 'Winbind Default Domain' support:
  This allows winbind to supply usernames without a 'DOMAIN\' 
  prefix.  Particularly handy for shell and e-mail servers,
  as well as Unix workstations in NT domains.
- Associated cleanups in winbindd and smbd.
  (Alexander Bokovoy <a.bokovoy@sam-solutions.net> and 
   abartlet)
- Winbind protocol changes for better Squid intergration
  (current version is 3) (abartlet)
- pam_winbind password changing 
  (Samuel Ziegler <sam@xpedion.com>, tpot)
- runtime selectable pluggable passdb interface. 
  (abartlet)
- 'non unix account' support (abartlet)
  (This allows machines and even users not to exist
  in /etc/passwd)
- Inital implementation of the WINS replication deamon
  (jfm)
- Changes for better winbind PDC/BDC failover support
  (tpot)
- Various Winbind/ADS mode stabilty and flexablity fixes
  (tridge)
- Mangle names like .bashrc properly (trige)
- CIFS UNIX extensions (client and server) (jra)
- Universal group support outside smbd (via a cache)
  (Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
- Write cache fixes (jra)

Changes in alpha13
- updates to try to get more out-of-the-box compiles
  (mostly kerberos and ldap stuff) (various)
- 'net rpc shutdown' remote shutdown of servers 
  (abartlet, original code from idra)
- authentication subsystem rework, including move to
  new RPC client code (abartlet)
- winbind changes:
    - use new client code (abartlet)
    - change winbind_auth_pam_crap interface for squid's 
      benifit. (abartlet)
    - new interface versioning functionality (abartlet)
    - cope better when inteface does change (tpot)
    - better winbind trusted domain code (tpot)
- doc updates (jerry)
- new NTSTAUS -> DOS error map (abartlet)
- large user list (> 1500) enumeration (jra)
- dmalloc support (mbp)
- spoolss changes (tpot)
- talloc accounting (mbp)
- rename fixes (jra)
- smbmount trivial fixup (abartlet)
- start of new unix extenions to CIFS (jra) 

Changes in alpha12
- doc updates (jerry)
- store domain sid on ADS join (tridge)
- allow a winbind username on ADS connection (tridge)

Changes in alpha11
- fixed fallback to "ads server" option (tridge)
- fix ACL failure on HP HFS (jra)
- net ads password and net ads chostpass commands (Remus Koos)
- fixed valid char array generation (tridge)
- fixed QFS_INFO for win98 long filenames (tridge)
- added net lookup command (tridge)
- fixed map to guest with spnego (tridge)
- fixed irix warnings (tridge)


Changes in alpha10
- hide unreadable fix using acl fns (jra)
- lsa_open_policy cleanup (jfm)
- mangled directories fix (jra)
- fix error return on bad pipe (jra)
- fix homes share with no home dir (tpot)
- fixed handling of dead or empty domains in winbindd (tridge)
- added talloc torture program (mbp)
- talloc debug code (mbp)
- added trusted domains to winbindd/ADS (tridge)
- fix trusted domains in auth code (tridge)
- new gss error handling code (a.bokovoy@sam-solutions.net & tridge)
- support mixed ADS/NT4 domains (tridge)

Changes in alpha9
- nicer net error messages (tpot)
- trust account patches (mimir)
- solaris link option update (davecb)
- added lsa_query_secobj() server fn (jfm)
- spoolss changeid fix (jerry)
- domain auth error fix (jmcd)
- HPUX acl code (jra)
- set filetime on close fix (jra)
- allow select of org unit in ads join (tridge)

Changes in alpha8
- fixed compile of wb_client.c (tridge)
- fixed net time to use localtime (tridge)
- net help cleanups (jmcd)
- debug level fix (tpot)
- utmp string length fixes (monyo)


Changes in alpha7

- added "net ads info" to probe basic into on your ads server without
  any authentication
- improved some error handling

Changes in alpha6

- added "net time zone" command (tridge)
- pam_smbpass updates (a.bokovoy@sam-solutions.net)
- irix updates (herb)
- net rpc join handles existing machine acct (tridge)

Changes in alpha5

- added "net time" command (tridge)
- allow client tools to specify a hostname of form HOST#xx (tridge)
- added wbinfo --set-auth-user (tpot)
- added lsaquerysecobj to rpcclient (tpot)

Changes in alpha4

- fixed nexus/win9x user list (jfm)
- fixed large user/group lists in winbindd (tridge)
- fixed gssapi headers in redhat (jmcd)
- fixed rap error code handling (jra)
- more usermanager rpc calls (jfm)
- re-added RAP calls at top level to net command (tridge)

Changes in alpha3

- fixed a silly tdb bug in alpha2 that affected internal databases

Changes in alpha2

- we no longer use cyrus-sasl for LDAP SASL/gssapi. This makes our ADS
  code much more robust.
- winbindd cache code rewritten to be much more efficient. It also
  copes much better with server outages.
- jfm implemented full group mapping and smb.conf option 'domain admin
  group' is now gone. Consult the GROUP-MAPPING-HOWTO.txt to know how
  to gain back administrator rights.
- docs update started
- numerous small bugfixes

Changes in alpha1

 - winbindd now uses LDAP and works correctly with an ADS server in
   native mode
 - XFS quotas code on Linux
 - group mapping code from JFM
 - "net rpc join" command replaces smbpasswd -j
 - fixed winbind initgroups

--------------

This is a pre-release of Samba 3.0 alpha0. This is NOT a stable
release. Use at your own risk.

The purpose of this alpha release is to get wider testing of the major
new pieces of code in the current Samba 3.0 development tree. We are
planning on ceasing development on the 2.2.x release of Samba very
shortly and after that we will be concentrating on Samba 3.0. To
reduce the time before the final Samba 3.0 release we need as many
poeple as possible to start testing these alpha releases, and
hopefully giving us some high quality feedback on what needs fixing.

Note that Samba 3.0 is not anywhere near feature complete yet. There
is a lot more coding we have planned, but unless we get what we have
done already more widely tested we will have a hard time doing a
stable release in a reasonable time frame.

This release is also missing major pieces of documentation, and there
are many parts of the docs that have not been updated to reflect the
new options and features in 3.0. 

Major new features:
-------------------

- Active Directory support. This release is able to join a ADS realm
  as a member server and authenticate users using
  LDAP/kerberos. Please read ADS-HOWTO.txt in the release for a very
  rough guide on how to set this up.

- Unicode support. Samba will now negotiate unicode on the wire and
  interally there is now a much better infrastructure for multi-byte
  and unicode character sets. You may need the "dos charset", "unix
  charset" and "display charset" options. The unicode support is not
  yet documented. 

- New authentication system. The internal authentication system has
  been almost completely rewritten. Most of the changes are internal,
  but the new auth system is also very configurable. Not documented
  yet.

- new filename mangling system. The filename mangling system has been
  completely rewritten. An internal database now stores mangling maps
  persistantly. This needs lots of testing.

- new "net" command. A new "net" command has been added. It is
  somewhat similar to the "net" command in windows. Eventually we plan
  to replace a bunch of other utilities (such as smbpasswd) with
  subcommands in "net", at the moment only a few things are
  implemented.

- Samba now negotiates NT-style status32 codes on the wire. This
  improves error handling a lot.

- better w2k printing support. The support for printing from win2000
  clients has improved greatly. 

Plus lots of other changes!

Note that many new features are not documented. Don't let this stop
you from using Samba 3.0. It is particularly important that the basic
file/print serving abilities of Samba 3.0 are widely tested to ensure
that we have not broken any of the basic functionality. As we do more
alpha releases we will start to document the new features.


Reporting bugs & Development Discussion
---------------------------------------

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.openprojects.net

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.