Removal of nmbd and introduction of process models
==================================================
-smbd now implements several network protocols other then just CIFS and
+smbd now implements several network protocols other than just CIFS and
DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
various 'process models' that specify how concurrent connections are
handled (when to fork, use threads, etc).
Samba now stores most of its persistent data in a LDAP-like database
called LDB (see ldb(7) for more info).
-Much improved SWAT
-===============
-SWAT has had some rather large improvements and is now more then just a
-direct editor for smb.conf. Its layout has been improved. SWAT can now also
-be used for editing run-time data - maintaining user information, provisioning,
-etc. TLS is supported out of the box.
+Removed SWAT
+==================
+Unlike previous versions, Samba4 does not provide a web interface at this time.
Built-in KDC
============
-FIXME
+Samba4 ships with an integrated KDC (Kerberos Key Distribution
+Center). Backed directly onto our main internal database, and
+integrated with custom code to handle the PAC, Samba4's KDC is an
+integral part of our support for AD logon protocols.
+
+Built-in LDAP Server
+====================
+Like the situation with the KDC, Samba4 ships with it's own LDAP
+server, included to provide simple, built-in LDAP services in an AD
+(rather than distinctly standards) matching manner. The database is
+LDB, and it shares that in common with the rest of Samba.
Changed configuration options
=============================
Several configuration options have been removed in Samba4 while others have
been introduced. This section contains a summary of changes to smb.conf and
-where these settings moved.
+where these settings moved. Configuration options that have disappeared may be
+re-added later when the functionality that uses them gets reimplemented in
+Samba 4.
The 'security' parameter has been split up. It is now only used to choose
between the 'user' and 'share' security levels (the latter is not supported
in Samba 4 yet). The other values of this option and the 'domain master' and
'domain logons' parameters have been merged into a 'server role' parameter
-that can be either 'bdc', 'pdc', 'member server' or 'standalone'. Note that
+that can be either 'domain controller', 'member server' or 'standalone'. Note that
member server support does not work yet.
-'password server' now takes a DCE/RPC binding string (see prog_guide.txt)
-rather then simply a NetBIOS name.
-
The following parameters have been removed:
- passdb backend: accounts are now stored in a LDB-based SAM database,
see 'sam database' below.
- domain master
- browse list
- enhanced browsing
-- dns proxy
- wins proxy
- wins hook
- wins partners
- locking
- lock spin count
- lock spin time
-- oplocks
- level2 oplocks
- oplock break wait time
- oplock contention limit
Default: Set at compile-time
+ ntvfs handler
- Backend to the NT VFS to use (more then one can be specified). Available
+ Backend to the NT VFS to use (more than one can be specified). Available
backends include:
- posix:
+ client use spnego principal
Tells the client to use the Kerberos service principal specified by the
- server during the security protocol negotation rather then
+ server during the security protocol negotation rather than
looking up the principal itself (cifs/hostname).
Default: false