- ==============================
- Release Notes for Samba 3.0.13
- Mar 24, 2005
- ==============================
+ WHATS NEW IN Samba 3 SVN
+ ========================
-This is the latest stable release of Samba. This is the version
-that production Samba servers should be running for all current
-bug-fixes. Please read the following important changes in this
-release.
-
-Common bugs fixed in 3.0.13 include:
-
- o Infinite FindNext() loop from Windows 9x client when
- copying or deleting files on a Samba file share using
- explorer.exe.
- o Numerous smbclient bugs when listing directories.
- o Failures in smbclient when connecting to a Windows 9x
- file server.
-
-
-######################################################################
-Changes
-#######
-
-Changes since 3.0.12
---------------------
-
-o Jeremy Allison <jra@samba.org>
- * Fix typo bug in smbclient where flags overwrote info level
- in the cli_list_new().
- * Fix old smbclient bug where ff_searchcount was being compared
- to -1 resulting in processing a filename twice.
- * Fix segv in smbclient caused by overwriting the last 2 bytes
- in cli_list_new().
- * BUG 2530: Fix potential segv in smbclient when talking to a
- Windows 9x file server.
- * Fix last entry offset in cli_list_new() when using a
- FindFirst/FindNext info level of 0x104.
- * BUG 2501: Stop Win98 from looping doing FindNext on a
- singleton directory.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * BUG 2497: Fix bug in rpcclient's deletedriverex when asking
- to delete all versions of a driver.
- * BUG 2517: use the realm from smb.conf for 'net ads info' when
- 'disable netbios = yes'.
- * BUG 2530: Ensure that smbclient correctly detects MS-DFS root
- shares.
- * Update RedHat packaging files to require cups support. Also
- remove requirement for 'idmap {uid,gid}' settings in smb.conf
- from winbindd init script.
- * BUG 2516: fix compile issue on True64.
-
-
-
-o Guenther Deschner <gd@samba.org>
- * Check for the correct cli-struct when copying files in 'net
- rpc printer' routines.
-
-
-o Herb Lewis <herb@samba.org>
- * Fix incorrect test in 'net rpc user' when the user is not
- a member of any groups.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * Make sure that enum_group_members() searches the correct suffix.
-
-
-
-Release Notes for older release follow:
-
- --------------------------------------------------
- ==============================
- Release Notes for Samba 3.0.12
- Mar 18, 2005
- ==============================
-
-Common bugs fixed in 3.0.12 include:
-
- o Winbind failures when using 'disable netbios = yes'
- o Failure to establish a trust relationship via 'net rpc trust
- establish'
- o Various portability & compiler issues.
- o Read only file deletion failure caused by new delete semantics
- in Windows XP SP2 and the MS 04-044 security hotfix.
- o Error messages from shared Excel workbooks residing on Samba
- file shares.
- o Missing files in the output of smbclient -c 'dir' when run
- against Windows file servers.
- o Inability for Print Administrators to pause/resume/purge print
- queues.
-
-Additional features introduced in Samba 3.0.12:
-
- o Performance enhancements when serving directories containing
- large number of files.
- o MS-DFS support added to smbclient.
- o More performance improvements when using Samba/OpenLDAP based
- DC's via the 'ldapsam:trusted=yes' option.
- o Support for the Novell NDS universal password when using the
- ldapsam passdb backend.
- o New 'net rpc trustdom {add,del}' functionality to eventually
- replace 'smbpasswd {-a,-x} -i'.
- o New libsmbclient functionality.
-
-
-
-=======================
-Large Directory Support
-=======================
-
-Samba 3.0.12pre1 introduces a specific mechanism for dealing
-with file services that frequently contain a large number of files
-per directory. Historically Samba's performance has suffered
-in such environments due to the translation from case
-insensitive lookups by Windows client to the case sensitive
-storage mechanisms used by UNIX filesystems.
-
-Configuration details along with a short HOWTO can be found at:
-
-http://www.samba.org/samba/ftp/HOWTO/Samba-LargeDirectory-HOWTO
-
-
-==================================
-libsmbclient Binary Compatibility
-==================================
-
-Please note that a change has been made to the _SMBCCTX structure
-in source/include/libsmbclient.h. This change is not backwards
-compatible with applications linked against the libsmbclient.so
-library from Samba 3.0.11. However, it is compatible with all
-other Samba 3.0.x releases. This means that it will be most likely
-be necessary to recompile any applications linked against the
-3.0.11 version of the library.
-
-
-######################################################################
-Changes
-#######
-
-smb.conf changes
-----------------
-
- Parameter Name Action
- -------------- ------
- allocation roundup size New
- log nt token command New
- write cache Deprecated
-
-Changes since 3.0.12rc1
------------------------
-
-
-o Jeremy Allison <jra@samba.org>
- * Debug log message cleanups.
- * Add case insensitive search for a principal match on logon
- verification in the system keytab (based on patch by
- Michael Brown <mbrown@fensystems.co.uk>).
- * Revert the previous SMB signing change from Nalin Dahyabhai
- when using DES keys.
- * Add missing RESOLVE_DFSPATH() calls for older SMB commands.
- * Fix FindFirst() server code to deal with resume names of ".."
- and "." (found by Jim McDonough).
- * BUG 2451: Fix missing functions in full audit VFS module.
- * Ensure that smbd logs failures reported by DISK_FREE()
- (reported by Ying Li <ying.li2@hp.com>).
- * Ensure that smbclient obeys the max protocol argument again.
- * BUG 2335: Return correct error code for OS/2 clients (based on
- negotiated protocol level).
- * BUG 2460, 2464: remove dead code and unused variables
- (reported by Jason Mader).
-
-
-o Vince Brimhall <vbrimhall@novell.com>
- * BUG 2453: Change the way pdb_nds.c handles users with no
- Universal or Simple Password.
- * NDS schema file corrections.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Various small compile fixes and cleanup warnings.
- * BUG 2456: Fix compile failure on non-gcc platforms due to
- non-standard pragma.
-
-
-o Guenther Deschner <gd@samba.org>
- * Add example perl script to check for multiple LDAP entries
- after running 'net rpc vampire'.
- * Add more output when listing printer forms via rpcclient.
- * Debug log message cleanup.
-
-
-o William Jojo <jojowil@hvcc.edu>
- * BUG 2445: Patch to avoid default ACLs on AIX.
-
-
-o Derrell Lipman <derrell.lipman@unwireduniverse.com>
- * Implement better solution for backwards binary compatibility
- in libsmbclient while adding new fields to struct _SMBCCTX.
-
-
-o Mark Loeser <halcy0n@gentoo.org>
- * BUG 2443: Compile fix for gcc4.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * BUG 2338: Fix coredump when OS/2 checks for long file name
- support (with .+,;=[].) (thanks to Guenter Kukkukk).
-
-
-o John Terpstra <jht@samba.org>
- * Add the capability to set account description using pdbedit.
-
-
-o Doug VanLeuven <roamdad@sonic.net>
- * Add more case/realm/name permutations to the kerberos keytab.
-
-
-Changes since 3.0.11
---------------------
-
-commits
--------
-o Jeremy Allison <jra@samba.org>
- * BUG 2146: Return correct allocation sizes so as not to crash
- the VC++ compiler.
- * BUG 962: Ensure that parsing of service names in smb.conf is
- multibyte safe.
- * BUG 2201, 2227: Support new delete semantics used by MS04-044
- and XP SP2.
- * BUG 1525: Correctly timestamps interpreted on 64-bit time_t
- values (patch submitted by Jay Fenlason <fenlason@redhat.com>).
- * Add special hooks when serving directories containing large
- numbers of files.
- * Ensure that WINS negative name query responses and WACK
- packets use the correct RR type of 0xA instead of reflecting
- back what the query RR type was (0x20).
- * BUG 2310: Only do 16-bit normalization on small dfree request.
- * BUG 2323: Correct authentication failure when using plaintext
- passwords from Windows XP clients.
- * BUG 2146: Add new smb.conf option 'allocation roundup size' to
- work around issues building MS Visual Studio 6.0 project
- on a Samba file share while restoring the pre-3.0.21pre1
- behavior by default.
- * BUG 2399 (partial): Ensure we use SMB_VFS_STAT instead of
- stat when checking for existence of a pathname.
- * Check the sticky bit on the parent directory for supporting
- the new WinXP SP2 file deletion semantics.
- * Various oplock, share mode, and byte range locking fixes
- found by Connectathon tests.
- * BUG 2271: Fix resume key issues in trans2FindFirst() client
- code.
- * BUG 2382, 2045: More pending modtime and delayed write fixes
- for MS Excel (incorporates partial patches from
- ke_miyata@itg.hitachi.co.jp).
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Avoid length-limited intermediate copy of NT and LM responses
- in NETLOGON client.
- * Debug message cleanups in the NTLMSSP implementation.
-
-
-o Manuel Baena <mbaena@lcc.uma.es>
- * Print actual error message in smbmnt.c:fullpath().
-
-
-o Vince Brimhall <vbrimhall@novell.com>
- * Add support for Novell NDS universal password.
- * BUG 2424: Ensure that uidNumber and gidNumber use match
- the RFC2307 schema
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Add trans2 client call for checking dfs referrals
- * Convert smbclient to use TRANS_QPATHINFO(SMB_QUERY_FILE_BASIC_INFO)
- when checking directories on modern CIFS servers.
- * Add MS-DFS support to smbclient.
- * Code cleanup of adt_tree.[ch].
- * Add missing checks to allow root to manage user rights.
- * Allow domain admins to manage rights assignments on domain members
- servers.
- * BUG 2333: Use the lpq command to pass in the correct printer name
- for cups_queue_get(). CUPS backend now sets 'lpq command= %p' as
- the default.
- * BUG 1439: make sure to initialize pointer to prevent invalid
- free()'s on exit.
- * BUG 2329: fix to re-enable winbindd to locate DC's when 'disable
- netbios = yes'.
- * Add cups-devel to BuidlRequires directive in Fedora spec file.
- * BUG 858: Fix order of popt args evaluation so we don't crash
- when given no command line args.
- * Remove dependency on bash for source/autogen.sh.
- * Fix clitar.c compile issues caused by broken MIT 1.4 headers.
- * Implement MS-DFS for recursive directory listings in smbclient.
- * BUG 2394: Fix nmbd linking issue on IRIX.
- * Only display the publish check box in the client's printer
- properties dialog if we are a member of an AD domain.
- * BUG 2363: allow 'in use' driver to be removed as long as
- one 'Windows NT x86' driver remains.
- * BUG 1881: Allow PRINT_SPOOL_PREFIX to be set in local.h for
- porting purposes.
- * Enforce better printer.tdb cache consistency when removing
- jobs from a print queue via SMB.
- * Ensure that pause/resume/purge print queue commands are run
- with the appropriate level of privilege necessary to actually
- work.
- * BUG 2355: Use bsd style commands (lpq, lpr, etc...) for default
- for 'printing = cups' installations that do not actually have
- libcups.
- * BUG 2425: Remove incorrect checks for Win98 DFS clients.
- * BUG 2215: Rewrite questionable code that was causing gcc to
- choke.
- * Add server support for LsaLookupPrivValue().
-
-
-o Kevin Dalley <kevin@kelphead.org>
- * BUG 2398: Don't force smbclient to assume a dry run if the
- target tarfile is /dev/null.
-
-
-o Guenther Deschner <gd@samba.org>
- * Fix crash bug in the client-spoolss enumdataex-call.
- * Expand the valid-workstation-scheme by expanding names
- beginning with a plus (+) as a unix group.
- * Allow own netbios name to be set in smbclient's session setup.
- * Better handling of LDAP over IPC connections that have expired
- on the LDAP-Server.
- * Fix pipe-mismatch for NETDFS in cli_dfs.c.
- * Add examples/misc/adssearch.pl.
- * BUG 2343: Build fixes.
- * Support get_user_info_7 in SAMR server RPC.
- * Fix server_role in the samr_query_dom_info calls.
-
-
-o Steve French <sfrench@us.ibm.com>
- * On failed mount (ENXIO) retry share name in uppercase (fix
- mount to FastConnect AIX SMB server).
- * Add missing FILE_ATTRIBUTE_XXX defines to smb.h.
- * Ignore user_xattr mount parm (mount.cifs) so as not to confuse
- it with a user name.
- * Update for new CIFS POSIX info levels.
- * Ignore users mount parm in mount.cifs.
-
-
-o SATOH Fumiyasu <fumiya@samba.gr.jp>
- * BUG 1549: Don't truncate service names in smbstatus.
-
-
-o S Murthy Kambhampaty <smk_va@yahoo.com>
- * Add idmap_rid module to Fedora and RedHat spec files.
-
-
-o Volker Lendecke <vl@samba.org>
- * BUG 2401: Flush internal getpwnam() cache after deleting a
- user.
- * BUG 1604: Make winbind work with more than 10 trusted domains.
- * Cleanup various compiler warnings.
- * Fix a memory leaks in privileges code and passdb backends.
- * Fixes for samr_lookup_sids() client call.
- * Optimize _samr_query_groupmem with LDAP backend for large
- domains.
- * Support SIDs as %s replacements in the afs username map
- parameter.
- * Add 'log nt token command' parameter. If set, %s is replaced
- with the user sid, and %t takes all the group sids.
- * Do not use the "Local Unix Group"-default description for
- all kinds of group-mappings.
- * Fix uninitialized variable in Linux nss_winbind library.
- * Move 'net afskey' into a subcommand of its own, 'net afs key'.
- * Implement 'net afs impersonate'.
-
-
-o Herb Lewis <herb@samba.org>
- * Fix build problem when HAVE_POSIX_ACL is not defined.
- * BUG 2417: Add help lines for net rpc group addmem and
- delmem commands.
-
-
-o Jason Mader <jason@ncac.gwu.edu>
- * Compiler warning fixes (BUGS BUG 2132, 2134, 2289, 2327, 2340, 2341,
- 2342)
-
-
-o Derrell Lipman <derrell.lipman@unwireduniverse.com>
- * Add support to libsmbclient for getting and setting DOS
- attributes using EA functions.
- * Fix libsmbclient's URL encoding/decoding.
- * Replace browse listing URI queries with an internal options
- structure (previous method violated the SMB URI syntax).
- * Allow tree connects to be multiplexed over a single CIFS server
- connection context.
- * Ensure that cli_tdis() sets the cnum field to -1 so that callers
- can determine a dead tree connection.
-
-
-o Justin Ossevoort <justin@snt.utwente.nl>
- * BUG 2316: Fix crashes in pdb_pgsql.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * Fixes for server schannel implementation when 'restrict
- anonymous = 1' is set in smb.conf.
- * Fix bug in server side lookupsids reply that crashed lsass.exe
- on Windows clients.
- * Fix 'net rpc trustdom establish'.
- * BUG 2062: Turn off broadcast for all 390 NICs.
- * Fix 'net rpc trustdom add' to correctly add new domain trust
- accounts. This will eventually replace 'smbpasswd -a -i'.
- * Implement 'net rpc trustdom del', including client side of
- samr_remove_sid_from_foreign_domain.
- * Bring IBM Directory Server schema up to date with openldap
- schema.
- * Allow for better protection of sensitive attributes in IBM
- Directory Server.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Fix memleaks in the nttrans code.
-
-
-o Mike Nix <mnix@wanm.com.au>
- * Add SMBsplopen and SMBsplclose client calls.
-
-
-o James Peach <jpeach@sgi.com>
- * Fixes in string handling code.
- * Fix oplock2 test in client smbtorture.
-
-
-o Tim Potter <tpot@samba.org>
- * Fix up example pdb modules after prototype change for
- setsampwent.
- * BUG 2058: Fix for shared object creation in examples.
- * BUG 2315: Fix segv in LSA privileges server code.
- * Build fixes for python wrapper libraries.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * BUG 2044: Fix segv in profiles tool.
- * Fix bogus error messages when enumerating user group
- membership via 'net rpc'.
-
-
-o Simo Sorce <idra@samba.org>
- * Debian packaging fixes.
-
-
-o Doug VanLeuven <roamdad@sonic.net>
- * AIX compile fixes.
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * BUG 892: Default unknown_6 field to 1260 in mySQL pdb module.
- * BUG 1957: Implement minimal update of fields in mySQL pdb
- module.
-
-
-o Torsten Werner <torsten.werner@assyst-intl.com>
- * BUG 2405: Define 'lpstat' printcap output on HPUX.
-
-
-o Shlomi Yaakobovich" <Shlomi@exanet.com>
- * Detect infinite loops when traversing tdbs.
-
-
- --------------------------------------------------
- ==============================
- Release Notes for Samba 3.0.11
- Feb 5, 2005
- ==============================
-
-Common bugs fixed in 3.0.11 include:
-
- o Crash in smbd when using CUPS printing.
- o Parsing error of other SIDs included in the user_info_3
- structure returned from domain controllers.
- o Inefficiencies when searching non-AD LDAP directories.
- o Failure to expand variables in user domain attributes
- in tdbsam and ldapsam.
- o Memory leaks.
- o Failure to retrieve certain attribute when migrating from
- a Windows DC to a Samba DC via 'net rpc vampire'.
- o Numerous printing bugs bugs including memory
- bloating on large/busy print servers.
- o Compatibility issues with Exchange 5.5 SP4.
- o sendfile fixes.
-
-Additional features introduced in Samba 3.0.11:
-
- o Winbindd performance improvements.
- o More 'net rpc vampire' functionality.
- o Support for the Windows privilege model to assign rights
- to specific SIDs.
- o New administrative options to the 'net rpc' command.
-
-
-============
-LDAP Changes
-============
-
-If "ldap user suffix" or "ldap machine suffix" are defined in
-smb.conf, all user-accounts must reside below the user suffix,
-and all machine and inter-domain trust-accounts must be located
-below the machine suffix. Previous Samba releases would fall
-back to searching the 'ldap suffix' in some cases.
-
-
-===============
-Privilege Model
-===============
-
-Samba 3.0.11 supports the following assignable rights
-
-SeMachineAccountPrivilege Add machines to domain
-SePrintOperatorPrivilege Manage printers
-SeAddUsersPrivilege Add users and groups to the domain
-SeRemoteShutdownPrivilege Force shutdown from a remote system
-SeDiskOperatorPrivilege Manage disk shares
-
-These rights can be assigned to arbitrary users or groups
-via the 'net rpc rights grant/revoke' command. More details
-of Samba's privilege implementation can be found in the
-Samba-HOWTO-Collection.
-
-
-######################################################################
-Changes
-#######
-
-Changes since 3.0.10
---------------------
-
-smb.conf changes
-----------------
-
- Parameter Name Action
- -------------- ------
- afs token lifetime New
- enable privileges New
- ldap password sync Alias
- min password length Deprecated
- winbind enable local accounts Deprecated
-
-
-commits
--------
-o Jeremy Allison <jra@samba.org>
- * Extend vfs to add seekdir/telldir/rewinddir.
- * Fix dirent return.
- * Fix bugs when handling secondary trans2 requests.
- * Implementation of get posix acls in UNIX extensions.
- * Added set posix acl functionality into the UNIX extensions code.
- * Updated config.guess/config.sub .
- * Fix error reply when 'follow symlinks = no'.
- * BUG 1061, 2045: Only set mtime from pending_modtime if it's
- not already zero.
- * Fixes for LARGE_READX support.
- * Fix the problem we get on Linux where sendfile fails, but we've
- already sent the header using send().
- * BUG 2081: Ensure SE_DESC_DACL_PROTECTED is set if 'map acl
- inherit = no'.
- * BUG 2088: Ensure inherit permissions is only applied on a new
- file, not an existing one.
- * Don't go fishing for the krb5 authorization data unless we know
- it's there.
- * Fixes for libsmbclient to ensure that interrupted system calls
- are restarted minus the already expired portion of the timeout
- (based on work by Derrell Lipman).
- * More Unicode string parsing fixes.
- * Convert the winreg pipe to use WERROR returns.
- * Make all LDAP timeouts consistent (input from Joe Meadows
- <jameadows@webopolis.com>).
- * BUG 2231: Remove double "\\" from client findfirst.
- * BUG 2238: Fix memory leak in shadow copy vfs.
- * Return correct DOS/NT error code on transact named pipe on
- closed pipe handle.
- * BUG 2211: Fix security descriptor parsing bug (based on work by
- Mrinal Kalakrishnan <mail@mrinal.net>).
- * BUG 2270: Fix memory leaks in cups printing backend support
- (based on work by Lars Mueller).
- * BUG 2255: Fix debug level in kerberos error messages.
- * BUG 2110: Ensure we convert to ucs2 correctly after the
- CAN-2004-0930 patch.
- * Make strict locking an enum. Auto means use oplock optimization.
- * Fix client & server to allow 127k READX calls.
- * More *alloc fixes (includes additional fixes by Albert Chin.
- * Catch sendfile errors correctly and return the correct values
- we want the caller to return.
- * BUG 2092: Prevent auto-anonymous logins via libsmbclient
- for better use by desktop environments such as GNOME.
- * Ensure we can't remove a level II oplock without having the
- shared memory area locked.
-
-
-o Timur Bakeyev <timur@com.bat.ru>
- * BUG 2100: change the way we check for errors after a dlopen().
- * BUG 2263: Guard base64_encode_data_blob() against empty blobs.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Clarify error message when 'lanman auth = no'.
- * Remove the unnecessary UTF-8 conversion calls in the calls to
- auth_winbind from smbd.
- * Don't store the auth-user credentials with the cli_state* as
- this can cause the schannel setup to fail when the auth-user
- domain is not our primary domain.
-
-
-o Grigory Batalov <bga@altlinux.org>
- * Fix encoding while receiving of a message which was actually
- sent using STR_ASCII.
-
-
-o Daniel Beschorner <db@unit-netz.de>
- * BUG 603: Correct access mask check for _samr_lookup_domain()
- to work with Windows RAS server
-
-
-o Jerome Borsboom <j.borsboom@erasmusmc.nl>
- * Fix missing printer_tdb reference decrement.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * BUG 2073: fall back to smb_name if current_user_info is not
- available in lp_file_list_changed().
- * Fixes the spurious 'register_message_flags: tdb fetch failed'
- errors.
- * Don't run the background LPQ daemon when we are running in
- interactive mode.
- * prevent the background LPQ daemon from updating the print queue
- cache just because multiple smbd processes sent a message that
- it was out of date.
- * consolidate printer searches to use find_service rather than
- for(...) loops.
- * BUG 2091: don't remove statically defined printers in
- remove_stale_printers().
- * Fix logic error in add_a_form() that only compared N characters
- instead of the entire form name.
- * BUG 2107: fix memory bloating caused by large numbers of
- print_queue_updates() requests sent via messages.tdb.
- * Check the setprinter(3) based on the access permissions on
- the handle and avoid the call to print_access_check().
- * Re-instantiate previous semantics for calling init_unistr2()
- with a NULL source buffer.
- * Support Windows privilege model for assigning rights
- to specific SIDs. Based on work by Simo Sorce in the trunk
- svn branch. This feature is controlled by the 'enable
- privileges = [yes|no]' smb.conf(5) option.
- * Add some smb.conf scripts for add/delete/change shares and
- deleting cups printers.
- * Expand variables in the profile path, logon home and logon script
- values when using either tdbsam or ldapsam.
- * Add Domain Admins (Full Control) to the default printer security
- descriptor if we are a DC.
- * RedHat and Fedora Packaging fixes for perl dependencies.
- * Remove unused schema items from OpenLDAP schema file.
- * Remove duplicate enumeration of "Windows x86" architecture
- when listing printer drivers via rpcclient.
- * Fail set_privileges() if 'enable privileges = no' to prevent
- confused admins.
- * Fix segfault in cups_queue_get().
- * Tighten restrictions on changing user passwords when
- the connected user possesses the SeMachineAccountPrivilege.
- * Ensure we set NETBIOSNAME.domainname for the long machine name
- when publishing printers in AD (based on input from Rob Foehl).
- * Mark 'winbind enable local accounts' as deprecated.
- * Mark testprns tool as deprecated.
- * Allow root to grant/revoke privilege assignments.
- * Correct interaction between user rights and se_access_check() on
- SAMR objects.
- * BUG 2286: Fix typo OpenLDAP schema file for sambaConfig object
- class.
- * BUG 2262: Add support in configure.in for *freebsd6*.
- * BUG 2266: Portability fixes for quota code on FreeBSD4.
- * BUG 2264: Remove shutdown and abortshutdown commands from
- rpcclient in favor of using the same functions in 'net'.
- * BUG 2295: Prevent smbd from returning an empty server name
- in certain lanman api calls.
- * BUG 2290: Fix autogen.sh script in examples (based on original
- patch from Lars Mueller).
- * Fix bug enumerating domain trusts in security = ads.
- * Fix segv in rpcclient's dsenumdomtrusts.
- * Fix bug in expansion of %U and %G in included filenames.
- * BUG 2291: Restrict creation of server trust and domain trust
- accounts to members of the "Domain Admins" group.
-
-o Nadav Danieli <nadavd@exanet.com>
- * Short circuit some is_locked() tests if we are oplocked.
-
-
-o Guenther Deschner <gd@samba.org>
- * Allow 'localhost' as a valid server name in the smbd for the
- spoolss calls.
- * Fix KRB5_SETPW-defines, no change in behavior (Thanks to Luke
- Mewburn for the input).
- * BUG 2059: Add additional checks needed after logic change to the
- HAVE_WRFILE_KEYTAB detection test.
- * BUG 1076: Fix interaction with Exchange 5.5. SP4 and a
- Samba DC. Allow us to lookup at least our own SID.
- * More fixes to have proper German in swat (Thanks to Reiner
- Klaproth and Björn Jacke.
- * BUG 404, 2076: Allow to set OWNER- and GROUP-entries while
- setting security descriptors with smbcacls and using with
- the -S or -M switch.
- * Include the munged_dial, bad_password_count, logon_count, and
- logon_hours attributes when running 'net rpc vampire'.
- * Fix segfault in idmap_rid.
- * When winbindd is operating in the multi-mapping mode of
- idmap_rid, allow BUILTIN domain-mapping.
- * Display infolevel 12 in query_dom_info in rpcclient.
- * Fix bug in winbindd's lowercasing of usernames.
- * Allow -v or -l for displaying verbose groupmap-listing
- as well as "verbose".
- * Backport Samba4 SAM_DELTA_DOMAIN_INFO for use in 'net rpc
- vampire'.
- * Close LDAP-Connection before retrying to open a new connection
- in the retry-loop.
- * Marking "min password length" as depreciated.
- * Implement SAMR query_dom_info-call info-level 8 server- and
- client-side, based on samba4-idl.
- * Allow rpcclient to define a port to use when connecting
- to a remote server.
- * Allow Account Lockout with Lockout Duration "forever" (until
- admin unlocks) to be set and displayed in User Manager.
- * Allow to set acb_mask in rpcclient's enumdomusers.
- * Add more generic rootDSE inspection function to check
- for given controls or extensions and remember these on a
- per server basis.
- * Improve LDAP search efficiency by passing the acb_mask to
- pdb_setsampwent().
- * Fixes for ldapsam_enum_group_memberships().
- * Add createdomgroup to rpcclient.
- * Add "net rpc user RENAME"-command.
- * Display sam_user_info_7 in rpcclient.
- * Make multi-domain-mode in idmap_rid accessible from outside
- (can be compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS).
- * When vampiring account policy AP_LOCK_ACCOUNT_DURATION honor
- "Lockout Duration: Forever".
- * Fix configure.in tests using KRB5_CONFIG variable and krb5-
- config utility.
- * Require assignment of Administrator SID in the passdb
- backend. Fall back to the default name of 'Administrator' if
- the lookup fails rather than using the first name in the
- default 'admin users' list.
- * Enhance LDAP failure debug messages.
- * BUG 2291: Call the 'add machine script' for server trust and
- domain trust accounts as well as workstation accounts.
-
-
-o Levente Farkas <lfarkas@lfarkas.org>
- * BUG 2299: Better logrotate scripts for RedHat and Fedora
- packages.
-
-
-o Jay Fenlason <fenlason@redhat.com>
- * Fix crash in 'net join' due to calling free on
- static buffers.
- * Several patches from RedHat's Fedora Core RPMS.
-
-
-o Rob Foehl <rwf@loonybin.net>.
- * Compiler warnings.
- * Try modifying printer published attributes before adding it a
- new entry in AD.
- * Solaris packaging fixes.
- * Don't force the cups printer-make-and-model tag as the comment
- for autoloaded printers.
- * Implement caching of names from printcap to support a true
- 'printcap cache time'.
-
-
-o Johann Hanne <jhml@gmx.net>
- * BUG 2038: Only fail winbindd_getgroups() if all lookups fail.
-
-
-o Jeff Hardy <hardyjm@potsdam.edu>
- * Example script for 'add print command' when using CUPS.
-
-
-o Deryck Hodge <deryck@samba.org>
- * Add -P (--password-only-menu) to SWAT for displaying only the
- password change page to non-root users.
-
-
-o David Hu <david.hu@hp.com>
- * Copy structure from print_queue_update() message rather than
- referencing it. Fixes seg fault on HP-UX.
-
-
-o Buck Huppmann <buckh@pobox.com>
- * BUG 2186: Don't free uninitialized credentials.
- * BUG 2189: Add the HOST/fqdn servicePrincipalName even when
- dnsDomainName != realm.
-
-
-o Björn Jacke <bjoern@j3e.de>
- * BUG 2040: Ensure the locale is reset to C to get ASCII-
- compatible toupper/lower functions.
-
-
-o William Jojo <jojowil@hvcc.edu>
- * Fix HPUX sendfile and add configure.in tests and code for
- sendfile on AIX.
- * AIX 5.3 compile fixes.
-
-
-o Volker Lendecke <vl@samba.org>
- * Optimize anonymous session setups by workstations in a
- Samba domain.
- * Reimplment the QueryUserAliases() server RPC reply.
- * Re-add the getpwnam-cache for performance.
- * Cache the result of a pdb_getsampwnam for later SID lookup
- queries.
- * Unify the means of localtaing a user's global groups on a
- Samba DC.
- * Fix bug when serving the 'Start Menu' in a roaming user profile..
- * Map more pre-defined NT security descriptors to AFS acls.
- * Add timeout to AD search requests.
- * If a connection to a DC is requested (in winbindd), open
- connections simultaneously to all DCs found.
- * Memleak fixes.
- * Fix logic error in handling of 'printcap name' parameter.
- * Prevent winbindd from SPAM'ing the log files with 'user root
- does not exist'.
- * Backport samr_DomInfo2 IDL specification from Samba 4.
- * Implement smbstatus -n, don't lookup users and groups.
- * Implement simple mapping that maps the space to another character
- defined by afsacl:space.
- * Add support for 'net idmap delete <idmap-file> <SID>'.
- * Add new parameter 'afs token lifetime' tells the AFS client
- when to throw away a token (patch from kllin@it.su.se).
- * Initial work to allow support for multiple pipe opens on a
- single cli_state*.
- * Ensure that we still retrieve the netbios name of any DC
- listed as a 'password server' to work around cases where the
- DC was defined using an IP address or fqdn.
- * Fix memleak in winbindd connection code.
- * Fix cli_samr_queryuseraliases.
- * Allow wbinfo --user-sids to expand expand domain local groups.
- * Allow 'rpcclient -c enumtrust' to enumerate more than 10 trusts.
- * Fix parsing of other_sids in net_user_info3.
- * Correct bad failure logic when user was not a member of any
- domain local groups.
-
-
-o Jason Mader <jason@ncac.gwu.edu>
- * BUG 2113, 2289: Remove dead code.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * BUG 1952: Try INITSHUTDOWN pipe first, used by newer
- clients. If it fails, fall back to WINREG.
- * BUG 1770: Remove READ_ATTRIBUTES from GENERIC_EXECUTE.
- * BUG 2198: Set password last change time when running 'net rpc
- vampire'.
- * Add "refuse machine password change" policy field.
-
-
-o Luke Mewburn <lukem@NetBSD.org>
- * BUG 2150: shmget() - Use POSIX definitions instead of non-
- standard SHM_.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * autogen.sh fixes.
-
-
-o Buchan Milne <bgmilne@mandrake.org>
- * Mandrake packaging fixes.
-
-
-o Lars Mueller <lmuelle@suse.de>
- * Fix build of libsmbclient on x86_64.
- * BUG 2013: Fix testsuite build issues when libsmbclient.so
- is installed in a non-default location.
- * BUG 2050: Calculate max_fd for select correctly.
- * Fix inverted logic heck for HAVE_WRFILE_KEYTAB in autoconf
- script.
-
-
-o Jason Mader <jason@ncac.gwu.edu>
- * BUG 2069: Remove unused variables.
- * BUG 2075: Remove dead code paths.
- * BUG 2083: Fix compiler warnings caused by bad type casts.
-
-
-o James Peach <jpeach@sgi.com>
- * Fix rewinddir -> rewind_dir when using VFS macros.
-
-
-o Gavrie Philipson <gavrie@disksites.com>
- * BUG 1838: Remove stale printers imeeddiately when
- processing a SIGHUP and during smb.conf reload.
-
-
-o Tim Potter <tpot@samba.org>
- * BUG 2080: Fix duplicate call to pdb_get_acct_desc().
- * BUG 2168: Fix cast in SMB_XMALLOC_ARRAY.
- * Change the license for the winbindd external interface
- more liberal.
- * HP-UX compile fixes.
- * Compile fixes after new setsampwent() API.
-
-
-o Richard Renard <rrenard@idealx.com>
- * Update Netscape DS 5.2 LDAP schema.
-
-
-o Simo Sorce <idra@samba.org>
- * Backport pdbedit changes from trunk.
- * Allows the add/change share command to create the shared
- directory directory on disk.
- * Log a warning in testparm if a print command is defined for
- a print service using 'printing = cups'.
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Bug fixes for pdb_{xml,pqsql,xml}
- * Fixes for pdb_mysql.
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Bring Samba3 into line with the Samba4 password change code.
-
-
-o Shiro Yamada <shiro@miraclelinux.com>
- * BUG 2190: Force SWAT to display parameters in unix charset and
- not UTF-8.
-
-
- --------------------------------------------------
- ==============================
- Release Notes for Samba 3.0.10
- Dec 16, 2004
- ==============================
-
-Common bugs fixed in 3.0.10 include:
-
- o Fix for security issues described in CAN-2004-1154.
-
-
-Changes since 3.0.9
--------------------
-
-commits
--------
-
-o Jeremy Allison <jra@samba.org>
- * Added checks surrounding all *alloc() calls to fix
- CAN-2004-1154.
- * Fix long standing memory size bug in bitmap_allocate().
- * Remove bogus error check in deferred open file serving
- code.
-
-
-o Thomas Bork <tombork@web.de>
- * Fix autoconf script on platforms using a version of GNU ld
- that does not include a date stamp in the output of --version.
-
-
-o Luke Mewburn <lukem@NetBSD.org>
- * Fix the swat install script to deal with the new image
- destination directory used by the docs.
-
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.9
- Nov 15, 2004
- =============================
-
-Common bugs fixed in 3.0.9 include:
-
- o Problem updating roaming user profiles.
- o Crash in smbd when printing from a Windows 9x client.
- o Unresolved symbols in libsmbclient which caused
- applications such as KDE's konqueror to fail when
- accessing smb:// URLs.
-
-
-Changes since 3.0.8
--------------------
-
-
-commits
--------
-
-o Jeremy Allison <jra@samba.org>
- * Correctly detect errno for no acl/ea support.
- * BUG 2036: Fix seg fault in 'net ads join'.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Solaris packaging fixes.
- * Fix seg fault in lanman printing code.
- * BUG 2017: fix testparm reporting for the passwd program
- string.
- * Fix output of smbstatus to match the man page.
- * BUG 2027: fix conflict with declaration MD5_CTX in system
- headers.
- * 2028: Avoid false error messages when copying a long
- printer name to the device mode.
-
-
-o Guenther Deschner <gd@samba.org>
- * Allow deldriverex in rpcclient to delete drivers for a
- specific architecture and a specific version.
- * Fix a couple of rpcclient spoolss commands (setprinter,
- setprintername, getdriver) w.r.t to printer-naming scheme.
- Allow 'localhost' in the server string for certain server-side
- spoolss functions.
- * BUG 2015: Do not fail on setting file attributes with
- acl support enabled.
-
-
-o Michel Gravey <michel.gravey@optogone.com>
- * Fix build when using gcc 3.0.
-
-
-o Volker Lendecke <vl@samba.org>
- * Fix tdb open logic when checking our local_pid after
- the fork().
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * BUG 1932: Fix crash in 'net getlocalsid' when run as
- non-root user.
-
-
-o Luke Mewburn <lukem@NetBSD.org>
- BUG 1661: Fix KRB5_SETPW-defines
-
-
-o Buchan Milne <bgmilne@mandrake.org>
- * BUG 2023: Mandrake packaging fixes for building 3.0.9.
-
-
-o Lars Müller <lmuelle@suse.de>
- * BUG 2013: Fix unresolved symbols in libsmbclient.so.
-
-
-o Martin Zielinski <mz@seh.de>
- * Add DeletePrinterDriverEx() functionality to rpcclient.
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.8
- Nov 7, 2004
- =============================
-
-Common bugs fixed in 3.0.8 include:
-
- o Compile fixes for HP-UX
- o Fixes for the printer publishing code used when joined to
- an AD domain.
- o Incompatibilities with file system quotas.
- o Several bugs in the spoolss printing code and print system
- backends.
- o Inconsistencies in the username map functionality when
- configured on domain member servers.
- o Various compile warnings and errors on various platforms.
- o Fixes for kerberos interoperability with Windows 200x
- domains when using DES keys.
- o Fix for CAN-2004-0930 -- smbd remote DoS vulnerability.
- o Fix for CAN-2004-0882 -- possible buffer overrun in smbd.
-
-
-New features included in the 3.0.8 release are:
-
- o New migration functionality added the the net tool
- for files/directories, printers, and shares.
- o New experimental idmap backend for assigning uids/gids
- directly based on the user/group RID when acting as a
- member of single domain without any trusts.
- o Additional printer migration support for XP/2003 platforms.
-
-
-===========================
-Change in Winbindd Behavior
-===========================
-
-All usernames returned by winbindd are now converted to lower
-case for better consistency. This means any winbind installation
-relying on the winbind username will need to rename existing
-directories and/or files based on the username (%u and %U) to lower
-case (e.g. mv $name `echo $name | tr '[A-Z]' '[a-z]'`). This may
-include mail spool files, home directories, valid user lines in
-smb.conf, etc....
-
-
-======================
-Change in Username Map
-======================
-
-Previous Samba releases would only support reading the fully qualified
-username (e.g. DOMAIN\user) from the username map when performing a
-kerberos login from a client. However, when looking up a map
-entry for a user authenticated by NTLM[SSP], only the login name would be
-used for matches. This resulted in inconsistent behavior sometimes
-even on the same server.
-
-Samba 3.0.8 obeys the following rules when applying the username
-map functionality:
-
- * When performing local authentication, the username map is
- applied to the login name before attempting to authenticate
- the connection.
- * When relying upon a external domain controller for validating
- authentication requests, smbd will apply the username map
- to the fully qualified username (i.e. DOMAIN\user) only
- after the user has been successfully authenticated.
-
-
-######################################################################
-Changes
-#######
-
-Changes since 3.0.7
--------------------
-
-smb.conf changes
-----------------
- Parameter Name Action
- -------------- ------
- force printername New
- sendfile disabled by default
-
-
-commits
--------
-
-o Jeremy Allison <jra@samba.org>
- * Ensure extended security bit is on only if we negotiated
- extended security.
- * Simplify statcache to use an in-memory tdb.
- * If you're selecting a hash algorithm for tdb, you need
- to do it at open time.
- * Removed old dir caching code - not being used now we
- have the statcache anyway.
- * Simplify the mangle hash code to use an in-memory tdb.
- * Merge iconv changes from Samba 4 branch.
- * Fix parsing of names ending in dot and a few other error
- returns.
- * BUG 1667: Smbpasswd file could be left locked on some
- error exits.
- * Fixes for smbclient tar functionality.
- * BUG 1743: Fix logic bug the deferred open code.
- * Don't try to set security descriptors on shares where
- this has been turned off.
- * Return correct error codes on old SEARCH call.
- * Ensure we set errno = E2BIG when we overflow in the
- fast-path character conversion code.
- * Fix the roundup problem (returning 1mb roundup) for
- non-Windows clients.
- * Added 'stat' command to smbclient to exercise the
- UNIX_FILE_BASIC info level.
- * Fix bug where we could incorrectly set sparse attribute.
- * Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys()
- (reported by Taj Khattra <taj.khattra@gmail.com>).
- * Remove locked keys tdb code.
- * BUG 1886: Prevent delete on close being set for readonly files
- (and return the correct error code).
- * Ensure we pass most of the new lock tests except for the cancel
- lock which is yet to be added (merged from Samba 4 branch).
- * BUG 1947: Fix incorrect use of getpwnam() etc. interface.
- * BUG 1956: Ensure errno is saved and restored consistently on a
- normal_close.
- * BUG 1651: Adapted patch from Nalin Dahyabhai for ensuring
- that all of the appropriate service principal names are set
- upon joining an AD domain.
- * Fix the correct use of resume name in the trans2 code.
- * BUG 1717: Adapted patch from Nalin Dahyabhai to detect the
- correct salt used when generated the DES key after joining an
- AD domain.
- * Enhanced krb5 detection routines in the autoconf scripts.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Avoid changing the machine account password in the passdb
- backend, when it has 'already been changed'. This occurs
- in situations where the secure channel between the workstation
- and the DC breaks down, such as occurred in the MS04-11
- security patch.
- * Fix utility name in error message in ntlm_auth.
- * Fix NTLMv2 for use with pam_winbind.
- * Remove conversion to and from UTF8 on the winbind pipe.
- * Allow 'require_membership_of' and 'require-membership-of'.
- * Fix the error code for 'you didn't specify a domain' in
- ntlm_auth.
- * Use sys_getgroups() rather than scanning all groups
- when generating SAMR replies.
-
-
-o Igor Belyi <sambauser@katehok.ac93.org>
- * Ensure pdb user is deleted first before deleting UNIX
- user (LDAP backend needs this ordering).
-
-
-o Cornelio Bondad Jr <Corny.Bondad@hp.com>
- * Fix core dump in 'net rpc vampire'.
-
-
-o Vince Brimhall <vbrimhall@novell.com>
- * Make ldapsam_compat robust against NULL attributes.
-
-
-o Gerald Carter <jerry@samba.org>
- * Don't limit the number of groups returned by winbindd_getgroups()
- by NGROUPS_MAX.
- * BUG 1519: Match Windows 2000 behavior when opening a
- printer using a servername in the form of an IP address or
- DNS name.
- * BUG 1907: remove extra slashes from the printer name in
- getprinterdriverdir_1().
- * Fix standard_sub_snum() to use the current user's gid.
- * Fix background queue update bug (based on Volker's initial work
- in 3.1.0).
- * Add 'force printername' service parameter for people that want
- to enforce printername == sharename for spoolss printing.
- * Ensure consistent usage of the username map. Use the fully
- qualified DOMAIN\user format for 'security = domain|ads' and
- apply after authentication has succeeded.
- * Cosmetic fix for getent output -- lowercase the username only
- and not the complete domain\username string.
- * Packaging fixes for Solaris, Redhat, & Fedora.
-
-
-o Sean Chandler <sean.chandler@verizon.net>
- * Fix memlieak in cliconnect.c.
-
-
-o Darren Chew <darrenc@vicscouts.asn.au>
- * Solaris packaging fixes.
-
-
-o Nalin Dahyabhai <nalin@redhat.com>
- * SMB signing fix for 56-bit DES session keys.
-
-
-o Guenther Deschner <gd@samba.org>
- * add IA64 to the architecture table of printer-drivers.
- * Add file/share/printer migration functionality to
- the net command.
- * Show correct help for net groupmap commands.
- * Fix deadlock loop in winbind's required_membership_sid
- verification.
- * Bring the same level of "required_membership"-functionality
- that ntlm_auth uses, to pam_winbindd as well.
- * Prevent "net lookup kdc" from seg-faulting when
- using our own implementation of krb5_lookup_kdc with
- heimdal.
- * Adding getprinter level 7 to rpcclient.
- * Support migrating printers|shares|files from Server A
- to Server B while running the net-command on client C.
- * Fixed krb5_krbhost_get_addrinfo()-parameters and make
- failure of this call non-critical (Thanks to Love @ Heimdal
- for the explanation and patch).
- * Fix typos in net's usage-output.
- * Fix the paranoia-check to ensure the ldap-attribute and the
- smb.conf-parameter for samba's "algorithmic rid base" in ldapsam
- are identical.
- * Fix several bugs in the _samr_query_useraliases() rpc reply.
- * Check correct string length when verifying password-policies
- and using extended characters (Thanks to Uwe Morgenroth from CC
- Compunet and Volker).
- * Make 'password history'-behavior in ldapsam more consistent.
- * Adding "Windows x64" as architecture string and driverdir "x64"
- for the 64bit AMD platform.
- * BUG 1343: Readd WKGUID-binding to match the correct default-
- locations of new User-, Group- and Machine-Accounts in Active
- Directory (this got lost during the last trunk-merge).
- * Fix printer-migration w.r.t. to new naming-convention for
- policy-handles.
- * Allow to migrate win2k3/xp-drivers as well.
- * Add client-side support of triggering ads printer publishing
- over msrpc setprinter calls inside the net-tool.
- * Add the idmap_rid module (written in conjunction with
- Sumit Bose <sbose@suse.de>).
- * BUG 1661: Fix build with recent heimdal releases.
- * Prevent idmap_rid from making unnecessary calls to domain
- controllers for trusted domains.
-
-
-o Arthur van Dongen <avdongen@xs4all.nl>
- * Fix typos in pam_winbind log messages and SuSE
- packaging files.
-
-
-o Rob Foehl <rwf@loonybin.net>
- * Typo fixes for log messages in printer publishing code.
- * Fix memory leak in printer publishing code.
- * Ensure print_backend_init() only gets called once.
- * Have smbd check the published status of all printers
- at startup.
- * Cleanup up the XXX_a_printer() API for consistency.
- * Refactored the printer publishing code and include better
- error handling.
-
-
-o Steve French <sfrench@us.ibm.com>
- * Fix IP address override in mount.cifs mount helper and clean
- up warning messages from the sparse tool and expand syntax help.
- * Strip guest mount option off before sending to kernel mount
- routine to avoid logging spurious message.
-
-
-o Satoh Fumiyasu <fumiya@samba.gr.jp>
- * BUG 1732: Limit share names returned by RAP based on windows
- character width, not unix character width.
- * BUG 1498: Ensure that acl entries are stored in the correct
- order.
-
-
-o Brett Funderburg <brett@deepfile.com>
- * Pass create options parameter to nt_create_andx() function
- from the python bindings.
- * BUG 1864: Add sd->type field to security descriptor Python
- representation.
- * Return an error if a Netapp filer returns NT_STATUS_ACCESS_DENIED
- when trying to return the security descriptor for a file.
- * BUG 1884: Fixes for the Python bindings to use the value
- of the desired_access filed passed into the lsa_open_policy()
- routines.
-
-
-o Michael Gravey <michel.gravey@optogone.com>
- * BUG 1776: Fix warnings when building modules caused by
- certain versions of GNU ld not using the the default
- --allow-shlib-undefined flag.
-
-
-o Chris Hertel <crh@samba.org>
- * Fix logic bug in splay tree data structure when finding
- a leaf node.
- * Fix bug where an invalid MAC address would be printed by
- a node status lookup from nmblookup.
-
-
-o Uli Iske <iske@elkb.de>
- * Update the DNS/eDirectory LDAP schema file.
-
-
-o Björn Jacke <bjacke@sernet.de>
- * BUG 1766: Unify charset-handling in Content-Type:-headers to
- UTF-8. Reformat msgstr in msg-files to UTF-8.
- * Do not use display charset for swat output.
- * Convert the share names correctly from unix encoding to web
- encoding and vice versa.
- * Convert files from status page from unix charset to UTF-8.
-
-
-o Guenter Kukkukk <guenter.kukkukk@kukkukk.com>
- * BUG 1590: Fix for talking to OS/2 clients (max_mux ignored).
-
-
-o Tom Lackemann <cessnatomny@yahoo.com>
- * BUG 1954: Fix memory leak in posix acl code.
-
-
-o Volker Lendecke <vl@samba.org>
- * Robustnss fix for winbindd when sending multiple requests
- at a high rate for a slow operation.
- * Solve the problem of user sids ending up with gid's
- and vice versa.
- * Use sys_fork instead of fork for the dual daemon so that
- we get the correct debug pid in the logfiles.
- * Based on patch from jmcd, implement special lists for the LDAP
- user attributes to delete.
- * Fix creation of aliases via usrmgr. Winbind was too strict
- checking the type of sids.
- * Lowercase all usernames returned by winbind.
- * BUG 1545, 1823: Only issue the ldap extended password change
- operation if the ldap server supports it. Also ignore object
- class violation errors from the extended operation.
- * Optimization for 'idmap backend = ldap': When asking sid2id
- for the wrong type, don't ask ldap when we have the opposite mapping
- in the local tdb.
- * Fix ldapsam_compat homeDrive.
- * Add usersidlist and allowedusers subcommands to the net tool
- in order to support scanning a file server's share and list
- all users who have permission to connect there.
- * Allow for multiple DC's to be named as #1c names in lmhosts.
- * Memory leak fixes.
- * Fix checks for the local pid of an smbd process after
- reopening tdbs.
-
-
-o Herb Lewis <herb@samba.org>
- * Added tdbtool to be built by default.
-
-
-o Love <lha@stacken.kth.se>
- * BUG 1955: Inconsistent error return.
-
-
-o Sorin Manolache <sorinm@gmail.com>
- * Memory leak fix.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * Allow 'net ads lookup' to rely on command line arguments
- if contacting an ADS server fails; utilize cldap for lookups.
- * Fixup formatting errors in TDB_LOG calls; add printf attribute
- support to tdb log functions.
-
-
-o Bill McGonigle <bill+samba@bfccomputing.com>
- * BUG 1926: Type in debug message.
-
-
-o Sean McGrath
- * BUG 1822: Add -D_REENTRANT to CPPFLAGS and -lthread to LDFLAGS
- for libsmbclient.
-
-
-o Luke Mewburn <lukem@NetBSD.org>
- * BUG 1782: Prevent testparm from displaying parameter synonyms.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Fix crash in smbcquotas and smbcacls caused by setup_logging().
- * Fix client quota support.
- * Fix opening of system quota file.
-
-
-o Lars Mueller <lmuelle@suse.de>
- * Small fixes for autogen.sh to deal with version detection
- of autoconf and autoheader; fixes for examples using
- libtool to adhere to stricter syntax of newer version.
-
-
-o Henrik Nordstrom <hno@squid-cache.org>
- * Allow winbindd to return the correct number of groups
- when the groups array must be enlarged.
-
-
-o Narayana Pattipati <narayana.pattipati@wipro.com>
- * Solaris autoconf detection fixes.
-
-
-o Tim Potter <tpot@samba.org>
- * BUG 1360: (correct fix) Use -Wl when passing flags to
- the linker.
- * HP-UX compile fixes (from JBravo on #samba-technical).
- * BUG 1731: More HP-UX compiles fixes.
- * BUG 1778: Include yp_prot.h before ypclnt.h as AIX 5.2
- spits the dummy otherwise.
- * Fix bug in Python printerdata wrapper.
- * BUG 1762: nss_winbind fixes on AIX 5.x (patch from
- <bugzilla-samba@thewrittenword.com>).
- * Fix parameter confusion in priming of name-to-sid cache
- (Found by Qiao Yang).
- * BUG 1888: Remove '..' from all pre-processor commands.
- * BUG 1903: Change some #if DEBUG_PASSWORD's to #ifdef
- DEBUG_PASSWORD.
-
-
-o Matt Selsky <selsky@columbia.edu>
- * BUG 350: use autoconf 2.57 feature for checking header file
- preprocessing (fixes configure warnings on Solaris).
-
-
-o Richard Renard <rrenard@idealx.com>
- * Fix usermgr.exe and trust relationships.
-
-
-o Paul Szabo <psz@maths.usyd.edu.au>
- * Fix to make find_workgroup use the same
- truncation as create_workgroup.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * Ensure cli_write() can support writes >= 65536 bytes.
-
-
-o Simo Sorce <idra@samba.org>
- * Added check password script code in examples/auth/crackcheck/
- * Fix memory corruption bug caused in freeing static memory.
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Remove lp_use_mmap() from map_file() since the latter
- is for read only and does not require coherence.
- * Ensure that the uuid pack/unpack routines do not go past
- the end of the structure.
- * Converted Samba 3 tree to use the new utf-16 aware iconv
- code.
- * Changed iconv to recognise UCS-2LE and UTF-16LE as synonyms.
- * Ensure configure only uses '=' instead of the bashism '=='.
- * Reduces the number of tdb locking calls made on file IO.
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Convert internal data to UTF-8 before calling libxml2.
- * Complain if 'password chat' doesn't contain the %u variable
- (based on a patch by Ronan Waide).
-
-
-o Josef Zlomek
- * BUG 1541: Fix recursive ls in smbclient.
-
-
-o Igor Zhbanov <bsg@uniyar.ac.ru>
- * BUG 1797: Prevent winbind and nmbd from ignoring the "-l"
- option.
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.7
- Sept 13, 2004
- =============================
-
-This is the latest stable release of Samba. This is the version
-that production Samba servers should be running for all
-current bug-fixes. There have been several important issues
-fixes since the 3.0.6 release. See the "Changes" section for
-details on exact updates.
-
-Common bugs fixed in 3.0.7 include:
-
- o Fixes for two Denial of Service vulnerabilities
- (CVE ID# CAN-2004-0807 & CAN-2004-0808).
- o Winbind failure to return user entries under certain
- conditions.
- o Syntax errors in the OpenLDAP schema file (samba.schema).
- o Printing errors caused by not setting default values
- for the various printing commands.
-
-
-Changes since 3.0.6
--------------------
-
-smb.conf changes
-----------------
-
- Parameter Name Action
- -------------- ------
- winbind enable local accounts disabled by default
-
-
-commits
--------
-o Jeremy Allison <jra@samba.org>
- * Fix parsing of names ending in dot and a few other error
- returns.
- * BUG 1674: Move the symlinks checks into reduce_name().
- * Fix memleak when checking the valid names smb.conf option.
- * Fix memleak on error return path in the file open code.
- * More paranoia checks in the hash2 mangling code.
- * Fix syntax error in configure.in.
- * Match Win2k3's behavior for pathname parsing error returns.
- * Make nmbd more robust against bad netbios packets
- (CAN-2004-0808).
- * Add more checks for invalid ASN.1 packets for SPNEGO packets
- (CAN-2004-0807).
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Janitor work in loadparm.c -- remove unused parameters.
-
-
-o Gerald Carter <jerry@samba.org>
- * BUG 1464: Ensure that printing commands are initialized even
- if the 'printing' parameter is not explicitly set.
- * Resolve name conflict on DEC OSF-5.1 (inspired by patch from
- Adharsh Praveen <rprav@india.hp.com>)
- * Work around parsing error in the print change notify code.
- * remove duplicate declaration of getprintprocdir from
- rpcclient.
- * Only use sAMAccountName and not userPrincipalName when looking
- up a username in AD since the breaks winbindd (lookup_name()
- only works with the sAMAccountName).
- * Fix bug with winbindd_getpwnam() caused by Microsoft DC's not
- filling in the username in the user_info3.
- * Fix logic bug in the check for creating a user's home directory
- in register_vuid(); caused home directory to be mismatched to
- the first share in smb.conf under certain conditions.
- * BUG 1656: rename auto.a to auto.smb.
- * Ensure that we assign our pid to print jobs (and not our
- parent's pid); ensures that spooling jobs from dead smbds
- are removed from the tdb.
- * Disable 'winbind enable local accounts' by default.
- * Adding some initial checks for DragonFly (same as
- FreeBSD 4.1).
-
-
-o Guenther Deschner <gd@samba.org>
- * Use SMB_ASSERT() to track down NULL printer names in
- the tdb open code.
- * Revert fix for BUG 1474 to avoid unnecessary packaging
- dependencies.
-
-
-o Olaf Flebbe <o.flebbe@science-computing.de>.
- * BUG 1627: fix for NIS compiles on HPUX 11.00, AIX 4.3
- and 5.1.
- * BUG 1626: More compile fixes.
-
-
-o Rob Foehl <rwf@loonybin.net>
- * Don't clear the PRINT_ATTRIBUTE_PUBLISHED was getting reset
- by attempts to sanitize the defined attributes.
-
-
-o SATOH Fumiyasu <fumiya@miraclelinux.com>
- * BUG 1546: Preserve errno in MB strupper_m/strlower_m.
-
-
-o Helmut Heinreichsberger <helmut.heinreichsberger@chello.at>.
- * BUG 1657: Remove used initialized variable,
- * BUG 1658: Add a little bit of const.
-
-
-o Volker Lendecke <vl@samba.org>
- * If there's garbage in the pidfile, we should not panic
- but assume that no one else is around. We can't find the
- other guy anyway.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * Fixup format string in the tdb error messages.
-
-
-o Jonas Olsson <lexicon@lysator.liu.se>
- * BUG 1416: Don't reuncture a users list to NGROUPS_MAX when
- reporting the list in usrmgr.exe.
-
-
-o Tim Potter <tpot@samba.org>
- * Fix out-of-tree builds (problem with the script to generate
- the svn version number).
- * BUG 1360: Need to use -Wl when passing flags to the linker.
- * BUG 1741: Define a struct nss_groupsbymem for HPUX 11 which
- doesn't have one of its own.
-
-o Simo Sorce <idra@samba.org>
- * Fixup compile issues on AIX caused by broken strlen() and
- strdup().
- * Update debian packaging files.
-
-
-o Dimitri van der Spek <dwspek@aboveit.nl>
- * Use the correct counter when copying group rids from the
- user_info3 struct in pam_winbind.
-
-
-o Qiao Yang <qyang@stbernard.com>
- * BUG 1622: Only cache the user
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.6
- Aug 19, 2004
- =============================
-
-Common bugs fixed in 3.0.6 include:
-
- o Schannel failure in winbindd.
- o Numerous memory leaks.
- o Incompatibilities between the 'write list' and 'force user'
- smb.conf options.
- o Premature optimization of the open_directory() internal
- function that broke tools such as the ArcServe backup
- agent, Macromedia HomeSite, and Robocopy.
- o Corrupt workgroup names in nmbd's browse.dat.
- o Sharing violation errors commonly seen when opening
- when serving Microsoft Office documents from a Samba
- file share.
- o Browsing problems caused by an apostrophe (') in the
- computer's description field.
- o Problems creating special file types from UNIX CIFS
- clients and enabling 'unix extensions'.
- o Fix stalls in smbd caused by inaccessible LDAP servers.
- o Remove various memory leaks.
- o Fix issues in the password lockout feature.
-
-New features introduced in this release include:
-
- O Support symlinks created by CIFS clients which
- can be followed on the server.
- o Using a cups server other than localhost.
- o Maintaining the service principal entry in the system
- keytab for integration with other kerberized services.
- Please refer to the 'use kerberos keytab' entry in
- smb.conf(5). When using the heimdal kerberos libraries,
- you must also specify the following in /etc/krb5.conf:
- [libdefaults]
- default_keytab_name = FILE:/etc/krb5.keytab
- o Support for maintaining individual printer names
- stored separately from the printer's sharename.
- o Support for maintaining user password history.
- o Support for honoring the logon times for user in a
- Samba domain.
-
-
-============================================
-unix extensions = yes (default) and symlinks
-============================================
-
-Beginning with Samba 3.0.6pre1 (formerly known as 3.0.5pre1),
-clients supporting the UNIX extensions to the CIFS protocol
-can create symlinks to absolute paths which will be **followed**
-by the server. This functionality has been requested in order
-to correctly support certain applications when the user's home
-directory is mounted using some type of CIFS client (e.g. the
-cifsvfs in the Linux 2.6 kernel).
-
-If this behavior is not acceptable for your production environment
-you can set 'wide links = no' in the specific share declaration in
-the server's smb.conf. Be aware that disabling wide link support
-out of a share in Samba may impact the server's performance due
-to the fact that smbd will now have to check each path additional
-times before traversing it.
-
-
-========================
-Password History Support
-========================
-
-The new password history feature allows smbd to check the new
-password in password change requests against a list of the user's
-previous passwords. The number of previous passwords to save can
-be set using pdbedit (4 in this example):
-
- root# pdbedit -P "password history" -C 4
-
-When using the ldapsam passdb backend, it is vital to secure the
-following attributes from access by non-administrative users:
-
- * sambaNTPassword
- * sambaLMPassword
- * sambaPasswordHistory
-
-You should refer to your directory server's documentation on how
-to implement this restriction.
-
-
-Changes since 3.0.5
--------------------
-
-smb.conf changes
-----------------
-
- Parameter Name Action
- -------------- ------
- cups server New
- defer sharing violations New
- force unknown acl user New
- ldap timeout New
- printcap cache time New
- use kerberos keytab New
-
-commits
--------
-o Jeremy Allison <jra@samba.org>
- * Correct path parsing bug that broke DeletePrinterDriverEx().
- * Fix bugs in check_path_syntax() caught by asserts.
- * Internal change - rearrange internal global case setting
- variables to a per connection basis.
- * BUG 1345: Fix premature optimization in unix_convert().
- * Allow clients to truncate a locked file.
- * BUG 1319: Always check to see if a user as write access
- to a share, even when 'force user' is set.
- * Fix specific case of open that doesn't cause oplock break,
- or share mode check.
- * Correct sid type is WKN_GROUP, not alias. Added some
- more known types (inspired by patch from Jianliang Lu).
- * Allow creation of absolute symlink paths via CIFS clients.
- * Fix charset bug in when invoking send_mailslot().
- * When using widelinks = no, use realpath to canonicalize
- the connection path on connection create for the user.
- * Enhance stat open code.
- * Fix unix extensions mknod code path.
- * Allow unix domain socket creation via unix extensions.
- * Auto disable the 'store dos attribute' parameter if the
- underlying filesystem doesn't support EAs.
- * Implement deferred open code to fix a bug with Excel files
- on Samba shares.
- * BUG 1427: Catch bad path errors at the right point. Ensure
- all our pathname parsing is consistent.
- * Fix SMB signing error introduced by the new deferred open
- code.
- * Change default setting for case sensitivity to "auto". (see
- commit message -- r1154 -- for details).
- * Add new remote client arch -- CIFSFS.
- * Allow smbd to maintain the service principal entry in the
- system keytab file (based on patch Dan Perry <dperry@pppl.gov>,
- Guenther Deschner, et. al.).
- * Fix longstanding memleak bug with logfile name.
- * Fix incorrect type in printer publishing (struct uuid,
- not UUID_FLAT).
- * Heimdal compile fixes after introduction of the new ketyab
- feature.
- * Ensure we check attributes correctly on rename request.
- * Ensure we defer a sharing violation on rename correctly.
- * BUG 607: Ensure we remove DNS and DNSFAIL records immediately
- on timeout.
- * Fix bogus error message when using "mangling method = hash"
- rather than hash2.
- * Turn on sendfile by default for non-Win9x clients.
- * Handle non-io opens that cause oplock breaks correctly.
- * Ensure ldap replication sleep time is not more than 5 seconds.
- * Add support for storing a user's password history.
- LDAP portion of the code was based on a patch from
- Jianliang Lu <j.lu@tiesse.com>.
- * Correct memory leaks found in the password change code.
- * Fix support for the mknod command with the Linux CIFS client.
- * Remove support for passing the new password to smbpasswd
- on the command line without using the -s option.
- * Ensure home directory service number is correctly reused
- (inspired by patches from Michael Collin Nielsen
- <michael@hum.aau.dk>).
- * Fix to stop printing accounts from resetting the bas
- password and account lockout flags.
- * If a account was locked out by an admin (and has a bad
- password count of zero) leave it locked out until an admin
- unlocks it (but log a message).
- * Ensure we return the same ACL revision on the wire that
- W2K3 does.
- * BUG 1578: Hardcode replacement for invalid characters as '_'
- (based on fix from Alexander E. Patrakov <patrakov@ums.usu.ru>).
- * Fix hashed password history for LDAP backends.
- * Enforce logon hours restrictions if confiogured (based on code
- from Richard Renard <rrenard@idealx.com>).
- * BUG 1606: Force smbd to disable sendfile with DOS clients
- and ensure that the chained header is filled in for ...&X
- commands.
- * BUG 1602: Fix access to shares when all symlink support
- has been disabled.
-
-
-
-o Tom Alsberg <alsbergt@cs.huji.ac.il>
- * Allow pdbedit to export a single user from a passdb backend.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Fix parsing bug in GetDomPwInfo().
- * Fix segfault in 'ntlm_auth --diagnostics'.
- * Re-enable code to allow sid_to_gid() to perform a group
- mapping lookup before checking with winbindd.
- * Fix memory leak in the trans2 signing code.
- * Allow more flexible GSS-SPENGO client and server operation
- in ntlm_auth.
- * Improve smbd's internal random number generation.
- * Fix a few outstanding long password changes in smbd.
- * Fix LANMAN2 session setup code.
-
-
-o Eric Boehm <boehm@nortelnetworks.com>
- BUG 703: Final touches on netgroup case lookups.
-
-
-o Jerome Borsboom <j.borsboom@erasmusmc.nl>
- * Ensure error status codes don't get overwritten in
- lsa_lookup_sids() server code.
- * Correct bug that caused smbd to overwrite certain error
- codes when returning up the call stack.
- * Ensure the correct sid type returned for builtin sids.
-
-
-o Gerald Carter <jerry@samba.org>
- * Fix a few bugs in the Fedora Packaging files.
- * Fix for setting the called name to by our IP if the
- called name was *SMBSERVER and *SMBSERV. Fixes issue
- with connecting to printers via \\ip.ad.dr.ess\printer
- UNC path.
- * BUG 1315: fix for schannel client connections to servers
- when we haven't specifically negotiated AUTH_PIPE_SEAL.
- * Allow PrinterDriverData valuenames with embedded backslashes
- (Fixes bug with one of the Konica Fiery drivers).
- * Fixed string length miscalculation in netbios names that
- resulted in corrupt workgroup names in browse.dat.
- * When running smbd as a daemon, launch child smbd to update
- the lpq cache listing in the background.
- * Allow printers "Printers..." folder to be renamed to a string
- other than the share name.
- * Allow winbindd to use domain trust account passwords when
- running on a Samba DC to establish an schannel to remote
- domains.
- * Fix bad merge and ensure that we always use tdb_open_log()
- instead of tdb_open_ex() (the former call enforce the 'use
- mmap' parameter).
- * BUG 1221: revert old change that used single and double
- quotes as delimeters in next_token(), and change
- print_parameter() to print out parm values surrounded by
- double quotes (instead of single quotes).
- * Prevent home directories added during the SMBsesssetup&X from
- being removed as unused services.
- * Invalidate the print object cache for open printer handles when
- smbd receives a message that an attribute on a given printer
- has been changed.
- * Cause the configure script to exit if --enable-cups[=yes] is
- defined and the system does not have the cups devel files
- installed.
- * BUG 1297: Prevent map_username() from being called twice
- during logon.
- * Ensure that we use the userPrincipalName AD attribute
- value for LDAP SASL binds.
- * Ensure we remove the tdb entry when deleting a job that
- is being spooled.
- * BUG 1520: Work around bug in Windows XP SP2 RC2 where the
- client sends a FindNextPrintChangeNotify() request without
- previously sending a FindFirstPrintChangeNotify(). Return
- the same error code as Windows 2000 SP4.
- * BUG 1516: Manually declare ldap_open_with_timeout() to
- workaround compiler errors on IRIX (or other systems without
- LDAP headers).
- * Merge security fixes for CAN-2004-0600, CAN-2004-0686 from
- 3.0.5.
- * Corrected syntax error in the OID for sambaUnixIdPool,
- sambaSidEntry, & sambaIdmapEntry object classes.
- * Tighten the cache consistency with the ntprinters.tdb entry
- an the in memory cache associated with open printer handles.
- * Make sure that register_messages_flags() doesn't overwrite
- the originally registered flags.
-
-
-o Fabien Chevalier <fabien.chevalier@supelec.fr>
- * Debian BUG 252591: Ensure that the return value from the
- number of available interfaces is initialized in case no
- interfaces are actually available.
-
-
-o Guenther Deschner <gd@sernet.de>
- * Implement 'rpcclient setprintername'.
- * Add local groups to the user's NT_TOKEN since they are
- actually supported now.
- * Heimdal compile fixes after introduction of the new keytab
- feature.
- * Correctly honor the info level parameter in 'rpcclient
- enumprinters'.
- * Reintroduce 'force unknown acl user' parameter. When getting a
- security descriptor for a file, if the owner sid is not known,
- the owner uid is set to the current uid. Same for group sid.
- * Ensure that REG_SZ values in the SetPrinterData actually
- get written in UNICODE strings rather than ASCII.
- * Ensure that the last kerberos error return is not invalid.
- * Display share ACL entries from rpcclient.
- * Correct infinite loop in pam_winbind's verification of
- group membership in the 'other sids' field in the user_info3
- struct.
-
-
-o Fabian Franz <FabianFranz@gmx.de>
- * Support specifying a port in the device URL passed to smbspool.
-
-
-o Steve French <sfrench@us.ibm.com>
- * Handle -S and user mount parms in mount.cifs.
- * Fix user unmount of shares mount with suid mount.cifs.
- * prevent infinite recusion in reopen_logs() when expanding
- the smb.conf variable %I.
-
-
-o Bjoern Jacke <bj@sernet.de>
- * Install libsmbclient into $(LIBDIR), not into hard coded
- ${prefix}/lib. This helps amd64 systems with /lib and /lib64
- and an explicit configure --libdir setting.
-
-
-o <kawasa_r@itg.hitachi.co.jp>
- * Correct more memory leaks and initialization bugs.
- * Fix bug that prevented core dumps from being generated
- even if you tried.
- * Connect to the winbind pipe in non-blocking mode to
- prevent processes from hanging.
- * Memory leak fixes.
-
-
-o Stephan Kulow <coolo@suse.de>
- * Fix crash bug in libsmbclient.
-
-
-o Volker Lendecke <vl@samba.org>
- * Added vfs_full_audit module.
- * Add vfs_afsacl.c which can display & set AFS acls via
- the NT security editor.
- * Fix crash bug caused by trying to Base64 encode a NULL string.
- * Fix DOS error code bug in reply_chkpath().
- * Correct misunderstanding of the max_size field in
- cli_samr_enum_als_groups; it is more like an account_control
- field with individual bits what to retrieve.
- * Implement 'net rpc group rename' -- rename domain groups.
- * Implement the 'cups server' option. This makes it possible
- to have virtual smbd's connect to different cups daemons.
- * Paranoia fixes when adding local aliases to a user's NT_TOKEN.
- * Fix sid_to_gid() calls in winbindd to prevent loops.
- * Ensure that local_sid_to_gid() sets the type of the group on
- return.
- * Make sure that the clients are given back the IP address to
- which they connected in the case of a multi-homed host. Only
- affects strings the spoolss printing replies.
- * Fix the bad password lockout. This has not worked as pdb_ldap.c
- did not ask for the modifyTimestamp attribute, so it could
- not find it. Try not to regress by not putting that attrib
- in the main list but append it manually for the relevant searches.
- * Fix two memleaks in login_cache.c.
- * fixes memory bloat when unmarshalling strings.
- * Fix compile errors using gcc 3.2 on SuSE 8.2.
- * Fix the build for systems without kerberos headers.
- * Allow winbindd to handle authentication requests only when
- started without either an 'idmap uid' or 'idmap gid' range.
- * Fix the build for systems without ldap headers.
- * Fix interaction between share security descriptor and the
- 'read only' smb.conf option.
- * Fix bug that caused _samr_lookupsids() with more than 32 (
- MAX_REF_DOMAINS) SIDs to fail.
- * Allow the 'idmap backend' parameter to accept a list of
- LDAP servers for failover purposes.
- * Revert code in smbd to remove a tdb when it has become
- corrupted.
- * Add paranoid checks when mapping SIDs to a uid/gid to
- ensure that the type is correct.
- * Initial work on getting client support for sending mailslot
- datagrams.
- * Add 'ldap timeout' parameter.
- * Dont always uppercase 'afs username map'.
- * Expand aliases for getusersids as well.
- * Improved NT->AFS ACL mapping VFS module.
-
-
-o Herb Lewis <herb@samba.org>
- * Add the acls debug class.
- * Fix logic bug in netbios name truncate routine.
- * Fix smbd crash caused by smbtorture IOCTL test.
- * Fix errno tromping before calling iconv to reset the
- conversion state.
- * need to leave empty dacl so we can remove last ACE.
-
-
-o Jianliang Lu <Jianliang.Lu@getronics.com>
- * Fix to stop smbd hanging on missing group member in
- get_memberuids().
- * Make sure Samba returns the correct group types.
- * Reset the bad password count password counts upon a successful login.
-
-
-o Jason Mader <jason@ncac.gwu.edu>
- * BUG 1385: Don't use non-consts in a structure initialization.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * BUG 1279: SMBjobid fix for Samba print servers running on
- Big-Endian platforms.
-
-
-o Joe Meadows <jameadows@webopolis.com>
- * Add optional timeout parameter to ldap open calls.
- * Allow get_dc_list() to check the negative cache.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * fix a configure logic bug for linux/XFS quotas when
- using --with-sys-quotas.
- * Use quota debug class in quota code.
- * print out the SVN revision by configure,
-
-
-o Buchan Milne <bgmilne@mandrake.org>
- * Mandrake packaging fixes.
-
-
-o Lars Mueller <lmuelle@suse.de>
- * BUG 1279: Added 'printcap cache time' parameter.
- * Fix afs related build issues on SuSE.
- * Fix compiler warnings in the kerberos client code.
-
-
-o James Peach <jpeach@sgi.com>
- * More iconv detection fixes for IRIX.
- * Compile fixed for systems that do not have C99/UNIX98 compliant
- vsnprintf by default.
- * Prevent smbd from attempting to use sendfile at all if it is
- not supported by the server's OS.
- * Allow SWAT to search for index.html when serving html files
- in a directory.
-
-
-o Dan Peterson
- * Implement NFS quota support on FreeBSD.
-
-
-o Tim Potter <tpot@samba.org>
- * BUG 1360: Use -Bsymbolic when creating shared libraries to
- avoid conflicts with identical symbols in the global namespace
- when loading libnss_wins.so.
-
-
-o Richard Renard <rrenard@idealx.com>
- * Save the current password as it is being changed into the
- password history list.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * Fix error return codes on some lock messages.
- * BUG 1178: Make the libsmbclient routines callable
- by C++ programs.
- * BUG 1333: Make sure we return an error code when
- things go wrong.
- * BUG 1301: Return NT_STATUS_SHARING_VIOLATION when
- share mode locking requests fail.
-
-
-o Simo Sorce <idra@samba.org>
- * Update Debian stable & unstable packaging.
- * Tidy up parametric options in testparm output.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * Add sigchild handling to winbindd to restart the child
- daemon if necessary.
-
-
-o Tom Shaw <tomisfaraway@gmail.com>
- * Use winbindd_fill_pwent() consistently.
-
-
-o Nick Thompson <nickthompson@agere.com>
- * Protect smbd against broken filesystems which return zero
- blocksize.
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Fixed bug in handling of timeout in socket connections.
-
-
-o Nick Wellnhofer <wellnhofer@aevum.de>
- * Prevent lp_interfaces() list from being corrupted. Fixes
- bug where nmbd would lose the list of network interfaces
- on the system and consequently shutdown.
-
-
-o James Wilkinson <jwilk@alumni.cse.ucsc.edu>
- * Fix ntlm_auth memory leaks.
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Additional NT status to unix error mappings.
- * BUG 478: Rename vsnprintf to smb_vsnprintf so we don't
- get duplicate symbol errors.
- * Return an error when the last command read from stdin
- fails in smbclient.
- * Prepare for better error checking in tar.
- * BUG 1474: Fix build of --with-expsam stuff on Solaris.
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.5
- July 20, 2004
- =============================
-
-Please note that Samba 3.0.5 is identical to Samba 3.0.4 with
-the exception of correcting the two security issues outlined
-below.
-
-######################## SECURITY RELEASE ########################
-
-Summary: Multiple Potential Buffer Overruns in Samba 3.0.x
-CVE ID: CAN-2004-0600, CAN-2004-0686
- (http://cve.mitre.org/)
-
-
-This is the latest stable release of Samba. This is the version
-that production Samba servers should be running for all current
-bug-fixes.
-
-It has been confirmed that versions of Samba 3 prior to v3.0.4
-are vulnerable to two potential buffer overruns. The individual
-details are given below.
-
-=============
-CAN-2004-0600
-=============
-
-Affected Versions: Samba 3.0.2 and later
-
-The internal routine used by the Samba Web Administration
-Tool (SWAT v3.0.2 and later) to decode the base64 data
-during HTTP basic authentication is subject to a buffer
-overrun caused by an invalid base64 character. It is
-recommended that all Samba v3.0.2 or later installations
-running SWAT either (a) upgrade to v3.0.5, or (b) disable
-the swat administration service as a temporary workaround.
-
-This same code is used internally to decode the
-sambaMungedDial attribute value when using the ldapsam
-passdb backend. While we do not believe that the base64
-decoding routines used by the ldapsam passdb backend can
-be exploited, sites using an LDAP directory service with
-Samba are strongly encouraged to verify that the DIT only
-allows write access to sambaSamAccount attributes by a
-sufficiently authorized user.
-
-The Samba Team would like to heartily thank Evgeny Demidov
-for analyzing and reporting this bug.
-
--------------
-CAN-2004-0686
--------------
-
-Affected Versions: Samba 3.0.0 and later
-
-A buffer overrun has been located in the code used to support
-the 'mangling method = hash' smb.conf option. Please be aware
-that the default setting for this parameter is 'mangling method
-= hash2' and therefore not vulnerable.
-
-Affected Samba 3 installations can avoid this possible security
-bug by using the default hash2 mangling method. Server
-installations requiring the hash mangling method are encouraged
-to upgrade to Samba 3.0.5.
-
-
-##################################################################
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.4
- May 8, 2004
- =============================
-
-Common bugs fixed in Samba 3.0.4 include:
-
- o Password changing after applying the patch described in
- the Microsoft KB828741 article to Windows clients.
- o Crashes in smbd.
- o Managing print jobs via Windows on Big-Endian servers.
- o Several memory leaks in winbindd and smbd.
- o Compile issues on AIX and *BSD.
-
-Changes since 3.0.3
---------------------
-
-commits
--------
-
-o Jeremy Allison <jra@samba.org>
- * Fix path processing for DeletePrinterDriverEx().
- * BUG 1303: Fix for Microsoft hotfix MS04-011 password change
- breakage.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Fix alignment bug in GetDomPwInfo().
-
-
-o Alexander Bokovoy <ab@samba.org>
- * Fix utime[s]() issues in smbwrapper on systems
- that can boot both the 2.4 and 2.6 Linux kernels.
-
-
-o Gerald Carter <jerry@samba.org>
- * Fedora packaging fixes.
- * BUG 1302: Fix seg fault by not trying to optimize a list of
- invalid gids using the wrong array size.
- * BUG 1309: fix seg fault caused by trying to strdup(NULL)
- seen when 'security = share'.
- * Fix problems when using IBM's compiler on AIX.
- * Link Developer's Guide, Example Guide, and multi-page HOWTO
- into SWAT's welcome page.
- * BUG 1293: fix double free in printer publishing code.
-
-
-o Wim Delvaux <wim.delvaux@adaptiveplanet.com>
- * Fix for handling timeouts in socket connections.
-
-
-o Michel Gravey <michel.gravey@optogone.com>
- * BUG 483: patch from to fix password hash creation in SWAT.
-
-
-o Volker Lendecke <vl@samba.org>
- * Close the open NT pipes before the tdis.
- * Fix AFS related build issues.
- * Handle error conditions when base64 encoding a blob of 0 bytes.
-
-
-o Herb Lewis <herb@samba.org>
- * Added 'acls' debug class.
-
-o kawasa_r@itg.hitachi.co.jp
- * Multiple variable initialization and memory leak fixes.
-
-
-o Stephan Kulow <coolo@suse.de>
- * Fix string length bug in libsmbclient that caused KDE's
- Konqueror to crash.
- * BUG 429: More libsmbclient fixes.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * BUG 1007, 1279: Store the print job using a little-endian key.
-
-
-o Eric Mertens
- o Compile fix for OpenBSD (ENOTSUP not supported).
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Correct bug in disks quota views from explorer.
-
-
-o Tim Potter <tpot@samba.org>
- BUG 1305: Correct debug output.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * Fix incorrect error code mapping.
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Add additional NT_STATUS errorm mappings.
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.3
- April 29, 2004
- =============================
-
-
-Common bugs fixed in Samba 3.0.3 include:
-
- o Crash bugs and change notify issues in Samba's printing code.
- o Honoring secondary group membership on domain member servers.
- o TDB scalability issue surrounding the TDB_CLEAR_IF_FIRST flag.
- o Substitution errors for %[UuGg] in smb.conf.
- o winbindd crashes when using ADS security mode.
- o SMB signing errors.
- o Delays in winbindd startup caused by unnecessary
- connections to trusted domain controllers.
- o Various small memory leaks.
- o Winbindd failing due to expired Kerberos tickets.
-
-New features introduced in Samba 3.0.3 include:
-
- o Improved support for i18n character sets.
- o Support for account lockout policy based on
- bad password attempts.
- o Improved support for long password changes (>14
- characters) and strong password enforcement.
- o Support for Windows aliases (i.e. nested groups).
- o Experimental support for storing DOS attribute on files
- and folders in Extended Attributes.
- o Support for local nested groups via winbindd.
- o Specifying options to be passed directly to the CUPS libraries.
-
-Please be aware that the Samba source code repository was
-migrated from CVS to Subversion on April 4, 2004. Details on
-accessing the Samba source tree via anonymous svn can be found
-at http://svn.samba.org/samba/subversion.html.
-
-
-Changes since 3.0.2a
---------------------
-smb.conf changes
-----------------
-
- Parameter Name Action
- -------------- ------
- cups options New
- ea support New
- only user Deprecated
- store dos attributes New
- unicode Removed
- winbind nested groups New
-
-
-commits
--------
-
-o Jeremy Allison <jra@samba.org>
- * Ensure that Kerberos mutex is always properly unlocked.
- * Removed Heimdal "in-memory keytab" support.
- * Fixup the 'multiple-vuids' bugs in our server code.
- * Correct return code from lsa_lookup_sids() on unmapped
- sids (based on work by vl@samba.org).
- * Fix the "too many fcntl locks" scalability problem
- raised by tridge.
- * Fixup correct (as per W2K3) returns for lookupsids
- as well as lookupnames.
- * Fixups for delete-on-close semantics as per Win2k3 behavior.
- * Make SMB_FILE_ACCESS_INFORMATION call work correctly.
- * Fix "unable to initialize" bug when smbd hasn't been run with
- new system and a user is being added via pdbedit/smbpasswd.
- * Added NTrename SMB (0xA5).
- * Fixup correct timeout values for blocking lock timeouts.
- * Fix various bugs reported by 'gentest'.
- * More locking fixes in the case where we own the lock.
- * Fix up regression in IS_NAME_VALID and renames.
- * Don't set allocation size on directories.
- * Return correct error code on fail if file exists and target
- is a directory.
- * Added client "hardlink" comment to test doing NT rename with
- hard links. Added hardlink_internals() code - UNIX extensions
- now use this as well.
- * Use a common function to parse all pathnames from the wire for
- much closer emulation of Win2k3 error return codes.
- * Implement check_path_syntax() and rewrite string sub
- functions for better multibyte support.
- * Ensure msdfs referrals are multibyte safe.
- * Allow msdfs symlink syntax to be more forgiving.
- eg. sym_link -> msdfs://server/share/path/in/share
- or sym_link -> msdfs:\\server\share\path\in\share.
- * Cleanup multibyte netbios name support in nmbd ( based on patch
- by MORIYAMA Masayuki <moriyama@miraclelinux.com>).
- * Fix check_path_syntax() for multibyte encodings which have
- no '\' as second byte (based on work by ab@samba.org.
- * Fix the "dfs self-referrals as anonymous user" problem
- (based on patch from vl@samba.org).
- * BUG 1064: Ensure truncate attribute checking is done correctly
- on "hidden" dot files.
- * Fix bug in anonymous dfs self-referrals again.
- * Fix get/set of EA's in client library
- * Added support for OS/2 EA's in smbd server.
- * Added 'ea support' parameter to smb.conf.
- * Added 'store dos attributes' parameter to smb.conf.
- * Fix wildcard identical rename.
- * Fix reply_ctemp - make compatible with w2k3.
- * Fix wildcard unlink.
- * Fix wildcard src with wildcard dest renames.
- * BUG 1139: Fix based on suggestion by jdev@panix.com.
- swap lookups for user and group - group will do an
- algorithmic lookup if it fails, user won't.
- * Make EA's lookups case independent.
- * Fix SETPATHINFO in 'unix extensions' support.
- * Make 3.x pass the Samba 4.x RAW-SEARCH tests - except for
- the UNIX info levels, and the short case preserve names.
-
-
-o Timur Bakeyev <timur@com.bat.ru>
- * BUG 1144: only set --with-fhs when the argument is 'yes'
- * BUG 1152: Allow python modules to build despite libraries added
- to LDFLAGS instead of LDPATH.
- * BUG 1141: Fix nss*.so names on FreeBSD 5.x.
-
-
-o Craig Barratt <cbarratt@users.sourceforge.net>
- * BUG 389: Allow multiple exclude arguments with smbclient
- tar -Xr options (better support for Amanda backup client).
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Include support for linking with cracklib for enforcing strong
- password changes.
- * Add support for >14 character password changes from Windows
- clients.
- * Add 'admin set password' capability to 'net rpc'.
- * Allow 'net rpc samdump' to work with any joined domain
- regardless of smb.conf settings.
- * Use an allocated buffer for count_chars.
- * Add sanity checks for changes in the domain SID in an
- LDAP DIT.
- * Implement python unit tests for Samba's multibyte string
- support.
- * Remove 'unicode' smb.conf option.
- * BUG 1138: Fix support for 'optional' SMB signing and other
- signing bugs.
- * BUG 169: Fix NTLMv2-only behavior.
- * Ensure 'net' honors the 'netbios name' in the smb.conf by
- default.
- * Support SMB signing on connections using only the LANMAN
- password and generate the correct the 'session key' for these
- connections.
- * Implement --required-membership-of=, an ntlm_auth option
- that restricts all authentication to members of this particular
- group.
- * Improve our fall back code for password changes.
- * Only send the ntlm_auth 'ntlm-server-1' helper client a '.'
- after the server had said something (such as an error).
- * Add 'ntlm-server-1' helper protocol to ntlm_auth.
-
-
-o Alexander Bokovoy <ab@samba.org>
- * Fix incorrect size calculation of the directory name
- in recycle.so.
- * Fix problems with very long filenames in both smbd and smbclient
- caused by truncating paths during character conversions.
- * Fix smbfs problem with Tree Disconnect issued before smbfs
- starts its work.
-
-
-o Gerald Carter <jerry@samba.org>
- * BUG 850: Fix 'make installmodules' bug on True64.
- * BUG 66: mark 'only user' deprecated.
- * Remove corrupt tdb and shutdown (only for printing tdbs,
- connections, sessionid & locking).
- * decrement smbd counter in connections.tdb in smb_panic().
- * RedHat specfile updates.
- * Fix xattr.h build issue on Debian testing and SuSE 8.2.
- * BUG 1147; bad pointer case in get_stored_queue_info()
- causing seg fault.
- * BUG 761: read the config file before initialized default
- values for printing options; don't default to bsd printing
- Linux.
- * Allow the 'printing' parameter to be set on a per share basis.
- * BUG 503: RedHat/Fedora packaging fixes regarding logrotate.
- * BUG 848: don't create winbind local users/groups that already
- exist in the tdb.
- * BUG 1080: fix declaration of SMB_BIG_UINT (broke compile on
- LynxOS/ppc).
- * BUG 488: fix the 'show client in col 1' button and correctly
- enumerate active connections.
- * BUG 1007 (partial): Fix abort in smbd caused by byte ordering
- problem when storing the updating pid for the lpq cache.
- * BUG 1007 (partial): Fix print change notify bugs.
- * BUG 1165, 1126: Fix bug with secondary groups (security = ads)
- and winbind use default domain = yes. Also ensures that
- * BUG 1151: Ensure that winbindd users are passed through
- the username map.
- * Fix client rpc binds for ASU derived servers (pc netlink,
- etc...).
- * BUG 417, 1128: Ensure that the current_user_info is set
- consistently so that %[UuGg] is expanded correctly.
- * BUG 1195: Fix crash in winbindd when the ADS server is
- unavailable.
- * BUG 1185: Set reconnect time to be the same as the
- 'winbind cache time'.
- * Ensure that we return the sec_desc in smb_io_printer_info_2.
- * Change Samba printers Win32 attribute to PRINTER_ATTRIBUTE_LOCAL.
- * BUG 1095: Honor the '-l' option in smbclient.
- * BUG 1023: surround get_group_from_gid() with become_unbecome_root()
- block.
- * Ensure server schannel uses the auth level requested by the
- client.
- * Removed --with-cracklib option due to potential crash issue.
- * Fix -lcrypto linking problem with wbinfo.
- * BUG 761: allow printing parameter to set defaults on a per
- share basis.
- * Add 'cups options' parameter to allow raw printing without
- changing /etc/cups/cupsd.conf.
- * BUG 1081, 1183: Added remove_duplicate_gids() to smbd and
- winbindd.
- * BUG 1246: Fix typo in Fedora /etc/init.d/winbind.
- * BUG 1288: resolve any machine netbios name (0x00) and not just
- servers (0x20).
- * BUG 1199: Fix potential symlink issue in
- examples/printing/smbprint.
-
-
-o Robert Dahlem <Robert.Dahlem@gmx.net>
- * BUG 1048: Don't return short names when when 'mangled names = no'
-
-
-o Guenther Deschner <gd@suse.com>
- * Remove hard coded attribute name in the ads ranged retrieval
- code.
- * Add --with-libdir and --with-mandir to autoconf script.
-
-
-o Bostjan Golob <golob@gimb.org>
- * BUG 1046: Fix getpwent_list() so that the username is not
- overwritten by other fields.
-
-
-o Landon Fuller <landonf@opendarwin.org>
- * BUG 1232: patch from landonf@opendarwin.org (Landon Fuller)
- to fix user/group enumeration on systems whose libc does not
- call setgrent() before trying to enumerate users (i.e.
- FreeBSD 5.2).
-
-
-o Steve French <sfrench@us.ibm.com>
- * Update mount.cifs to version 1.1.
- * Disable dev (MS_NODEV) on user mounts from cifs vfs.
- * Fixes to minor security bug in the mount helper.
- * Fix credential file mounting for cifs vfs.
- * Fix free of incremented pointer in cifsvfs mount helper.
- * Fix path canonicalization of the mount target path and help
- text display in the cifs mount helper.
- * Add missing guest mount option for mount.cifs.
-
-
-o SATOH Fumiyasu <fumiya@miraclelinux.com>
- * BUG 1055; formatting fixes for 'net share'.
- * BUG 692: correct truncation of share names and workgroup
- names in smbclient.
- * BUG 1088: use strchr_m() for query_host (smbclient -L).
- * Patch from to internally count characters correctly.
-
-
-o Paul Green <paulg@samba.org>
- * Update VOS _POSIX_C_SOURCE macro to 200112L.
- * Fix bug in configure.ion by moving the first use of
- AC_CHECK_HEADERS so it is always executed.
- * Fix configure.in to only use $BLDSHARED to select whether to
- build static or shared libraries.
-
-
-o Pat Haywarrd <Pat.Hayward@propero.net>
- * Make the session_users list dynamic (max of 128K).
-
-
-o Cal Heldenbrand <calzplace@yahoo.com>
- * Fix for for 'pam_smbpass migrate' functionality.
-
-
-o Chris Hertel <crh@samba.org>
- * fix enumeration of shares 12 characters in length via
- smbclient.
-
-
-o Ulrich Holeschak <ulrich@holeschak.de>
- * BUG 932: fix local password change using pam_smbpass
-
-
-o Krischan Jodies <kj@sernet.de>
- * Implement 'net rpc group delete'
-
-
-o John Klinger <john.klinger@lmco.com>
- * Return NSS_SUCCESS once the max number of gids possible
- has been found in initgroups() on Solaris.
- * BUG 1182: Re-enable the -n 'no cache' option for winbindd.
-
-
-o Volker Lendecke <vl@samba.org>
- * Fix success message for net groupmap modify.
- * Fix errors when enumerating members of groups in 'net rpc'.
- * Match Windows behavior in samr_lookup_names() by returning
- ALIAS(4) when you search in BUILTIN.
- * Fix server SAMR code to be able to set alias info for
- builtin as well.
- * Fix duplication of logic when creating groups via smbd.
- * Ensure that the HWM values are set correctly after running
- 'net idmap'.
- * Add 'net rpc group add'.
- * Implement 'net groupmap set' and 'net groupmap cleanup'.
- * Add 'net rpc group [add|del]mem' for domain groups and aliases.
- * Fix wb_delgrpmem (wbinfo -o).
- * As a DC we should not reply to lsalookupnames on DCNAME\\user.
- * Fix sambaUserWorkstations on a Samba DC.
- * Implement wbinfo -k: Have winbind generate an AFS token after
- authenticating the user.
- * Add expand_msdfs VFS module for providing referrals based on the
- the client's IP address.
- * Implement client side NETLOGON GetDCName function.
- * Fix caching of name->sid lookups.
- * Add support in winbindd for expanding nested local groups.
- * Fix memleak in winbindd.
- * Fix msdfs proxy.
- * Don't list domain groups from BUILTIN.
- * Fix memleak in policy handle utility functions.
- * Decrease winbindd startup time by only contacting trusted
- domains as necessary.
- * Allow winbindd to ask the DC for its domain for a trusted
- DC.
- * Fix Netscape DS schema based on comments from
- <thomas.mueller@christ-wasser.de>.
- * Correct case where adding a domain user to a XP local group
- did a lsalookupname on the user without domain prefix, and
- failed.
- * Fix segfault in winbindd caused by 'wbinfo -a'.
-
-
-o Herb Lewis <herb@samba.org>
- * Fix typo for tag in proto file.
- * Add missing #ifdef HAVE_BICONV stuff.
- * Truncate Samba's netbios name at the first '.' (not
- right to left).
-
-
-o Derrell Lipman <Derrell.Lipman@UnwiredUniverse.com>
- * Bug fixes and enhancements to libsmbclient library.
-
-
-o Jianliang Lu <j.lu@tiesse.com>
- * Enforce the 'user must change password at next login' flag.
- * Decode meaning of 'fields present' flags (improves support
- for usrmgr.exe).
- * NTLMv2 fixes.
- * Don't force an upper case domain name in the ntlmssp code.
-
-
-o L. Lucius <ib@digicron.com>.
- * type fixes.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * Add versioning support to tdbsam.
- * Update the IBM Directory Server schema with the OpenLDAP
- file.
- * Various decoding fixes to improve usrmgr.exe support.
- * Fix statfs redeclaration of statfs struct on ppc
- * Implement support for password lockout of Samba domain
- controllers and standalone servers.
- * Get MungedDial attribute actually working with full TS
- strings in it for pdb_ldap.
- * BUG 1208 (partial): Improvements for working with expired krb5
- tickets in winbindd.
- * Use timegm, or our already existing replacement instead of
- timezone (spotted by Andrzej Tobola <san@iem.pw.edu.pl>).
- * Remove modifyTimestamp from list of our attributes.
- * Fix lsalookupnames to check for domain users as well as local
- users.
- * Merge struct uuid replacement for GUID from trunk.
- * BUG 1208: Finish support for handling expired tickets in
- winbindd (in conjunction with Guenther Deschner <gd@suse.de>).
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Implement new VERSION schema based on subversion revision
- numbers.
- * Add shadow_copy vfs module.
- * Fix segault in login_cache support.
-
-
-o Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
- o BUG 979 -- Fix quota display on AIX.
-
-
-o James Peach <jpeach@sgi.com>
- * Correct check for printf() format when using the SGI MIPSPro
- compiler.
- * BUG 1038: support backtrace for 'panic action' on IRIX.
- * BUG 768: Accept profileing arg to IRIX init script.
- * BUG 748: Relax arg parsing to sambalp script (IRIX).
- * BUG 758: Fix pdma build.
- * Search IRIX ABI paths for libiconv. Based on initial fix from
- Jason Mader.
-
-
-o Kurt Pfeifle <kpfeifle@danka.de>
- * Add example shell script for migrating drivers and printers
- from a Windows print server to a Samba print server using
- smbclient/rpcclient (examples/printing/VamireDriversFunctions).
-
-
-o Tim Potter <tpot@samba.org>
- * Fix logic bug in tdb non-blocking lock routines when
- errno == EAGAIN.
- * BUG 1025: Include sys/acl.h in check for broken nisplus
- include files.
- * BUG 1066: s/printf/d_printf/g in SWAT.
- * BUG 1098: rename internal msleep() function to fix build
- problems on AIX.
- * BUG 1112: Fix for writable printerdata problem in python bindings.
- * BUG 1154: Remove reference to <sys/mman.h> in tdbdump.c.
- * BUG 1155: enclose use of fchown() with guards.
- * Relicense tdb python module as LGPL.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * Add support to smbclient for multiple logins on the same
- session (based on work by abartlet@samba.org).
- * Correct blocking condition in smbd's use of accept() on IRIX.
- * Add support for printing out the MAC address on nmblookup.
-
-
-o Simo Sorce <idra@samba.org>
- * Replace unknown_3 with fields_present in SAMR code.
- * More length checks in strlcat().
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Rewrote the AIX UESS backend for winbindd.
- * Fixed compilation with --enable-dmalloc.
- * Change tdb license to LGPL (see source/tdb/tdb.c).
- * Force winbindd to use schannel in clients connections to
- DC's if possible.
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Fix ETA Calculation when resuming downloads in smbget.
- * Add -O (for writing downloaded files to standard out)
- based on patch by Bas van Sisseren <bas@dnd.utwente.nl>.
- * Fix syntax error in example mysql table
-
-
-o TAKEDA yasuma <yasuma@miraclelinux.com>
- * BUG 900: fix token processing in cmd_symlink, cmd_link,
- cmd_chown, cmd_chmod smbclient functions.
-
-
-o Shiro Yamada <shiro@miraclelinux.com>
- * BUG 1129: install image files for SWAT.
-
-
- --------------------------------------------------
-
- ==============================
- Release Notes for Samba 3.0.2a
- February 13, 2004
- ==============================
-
-Samba 3.0.2a is a minor patch release for the 3.0.2 code base
-to address, in particular, a problem when using pdbedit to
-sanitize (--force-initialized-passwords) Samba's tdbsam
-backend. This is the latest stable release of Samba. This
-is the version that all production Samba servers should be
-running for all current bug-fixes.
-
-******************* Attention! Achtung! Kree! *********************
-
-Beginning with Samba 3.0.2, passwords for accounts with a last
-change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
-ldapsam, etc...) of zero (0) will be regarded as uninitialized
-strings. This will cause authentication to fail for such
-accounts. If you have valid passwords that meet this criteria,
-you must update the last change time to a non-zero value. If you
-do not, then 'pdbedit --force-initialized-passwords' will disable
-these accounts and reset the password hashes to a string of X's.
-
-******************* Attention! Achtung! Kree! *********************
-
-
-Changes since 3.0.2
--------------------
-
-commits
--------
-
-Please refer to the CVS log for the SAMBA_3_0 branch for complete
-details. The list of changes per contributor are as follows:
-
-
-o Jeremy Allison <jra@samba.org>
- * Added paranoia checks in parsing code.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Ensure that changes to uninitialized passwords in ldapsam
- are written to the DIT.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Fixed iterator in tdbsam.
- * Fix bug that disabled accounts with a valid NT password
- hash, but no LanMan hash.
-
-
-o Steve French <sfrench@us.ibm.com>
- * Added missing nosetuid and noexec options.
-
-
-o Bostjan Golob <golob@gimb.org>
- * BUG 1046: Don't overwrite usernames of entries returned
- by getpwent_list().
-
-
-o Sebastian Krahmer <krahmer@suse.de>
- * Fixed potential crash bug in NTLMSSP parsing code.
-
-
-o Tim Potter <tpot@samba.org>
- * Fixed logic in tdb_brlock error checking.
-
-
-o Urban Widmark <urban@teststation.com>
- * Set nosuid,nodev flags in smbmnt by default.
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.2
- February 9, 2004
- =============================
-
-It has been confirmed that previous versions of Samba 3.0 are
-susceptible to a password initialization bug that could grant an
-attacker unauthorized access to a user account created by the
-mksmbpasswd.sh shell script.
-
-The Common Vulnerabilities and Exposures project (cve.mitre.org)
-has assigned the name CAN-2004-0082 to this issue.
-
-Samba administrators not wishing to upgrade to the current
-version should download the 3.0.2 release, build the pdbedit
-tool, and run
-
- root# pdbedit-3.0.2 --force-initialized-passwords
-
-This will disable all accounts not possessing a valid password
-(e.g. the password field has been set a string of X's).
-
-Samba servers running 3.0.2 are not vulnerable to this bug
-regardless of whether or not pdbedit has been used to sanitize
-the passdb backend.
-
-Some of the more visible bugs in 3.0.1 addressed in the 3.0.2
-release include:
-
- o Joining a Samba domain from Pre-SP2 Windows 2000 clients.
- o Logging onto a Samba domain from Windows XP clients.
- o Problems with the %U and %u smb.conf variables in relation to
- Windows 9x/ME clients.
- o Kerberos failures due to an invalid in memory keytab detection
- test.
- o Updates to the ntlm_auth tool.
- o Fixes for various SMB signing errors.
- o Better separation of WINS and DNS queries for domain controllers.
- o Issues with nss_winbind FreeBSD and Solaris.
- o Several crash bugs in smbd and winbindd.
- o Output formatting fixes for smbclient for better compatibility
- with scripts based on the 2.2 version.
-
-
-Changes since 3.0.1
--------------------
-
-smb.conf changes
-----------------
-
- Parameter Name Action
- -------------- ------
- ldap replication sleep New
- read size removed (unused)
- source environment removed (unused)
-
-
-commits
--------
-
-Please refer to the CVS log for the SAMBA_3_0 branch for complete
-details. The list of changes per contributor are as follows:
-
-o Jeremy Allison <jra@samba.org>
- * Revert change that broke Exchange clear text samlogons.
- * Fix gcc 3.4 warning in MS-DFS code.
- * Tidy up of NTLMSSP code.
- * Fixes for SMB signing errors
- * BUG 815: Workaround NT4 bug to support plaintext
- password logins and UNICODE.
- * Fix SMB signing bug when copying large files.
- * Correct error logic in mkdir_internals() (caused a panic
- when combined with --enable-developer).
- * BUG 830: Protect against crashes due to bad character
- conversions.
-
-
-o Petri Asikainen <paca@sci.fi>
- * BUG 330, 387:Fix single valued attribute updates when
- working with Novell NDS.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Correctly handle per-pipe NTLMSSP inside a NULL session.
- * Fix segfault in gencache
- * Fix early free() of encrypted_session_key.
- * Change DC lookup routines to more carefully separate
- DNS names (realms) from NetBIOS domain names.
- * Add new sid_to_dn() function for internal winbindd use.
- * Refactor cli_ds_enum_domain_trusts().
- * BUG 707: Implement range retrieval of ADS attributes (based
- on work from Volker <vl@samba.org> and Guenther Deschner
- <gd@suse.com>).
- * Automatically initialize the signing engine if a session key
- is available.
- * BUG 916: Do not perform a + -> ' ' substitution for squid URL
- encoded strings, only form input in SWAT.
- * Resets the NTLMSSP state for new negotiate packets.
- * Add 2-byte alignments in net_samlogon() queries to parse
- odd-length plain text passwords.
- * Allow Windows groups with no members in winbindd.
- * Allow normal authentication in the absence of a server
- generated session key.
- * More optimizations for looking up UNIX group lists.
- * Clean up error codes and return values for pam_winbindd
- and winbindd PAM interface.
- * Fix string return values in ntlm_auth tool.
- * Fix segfault when 'security = ads' but no realm is defined.
- * BUG 722: Allow winbindd to map machine accounts to uids.
- * More cleanups for winbindd's find_our_domain().
- * More clearly detect whether a domain controller is an NT4
- or mixed-mode AD DC (additional bug fixes by jerry & jmcd).
- * Increase separation between DNS queries for hosts and queries
- for AD domain controllers.
- * Include additional NT_STATUS to PAM error mappings.
- * Password initialization fixes.
-
-
-o Justin Baugh <justin.baugh@request.com>
- * BUG 948: Implement missing functions required for FreeBSD
- nss_winbind support.
-
-
-o Alexander Bokovoy <ab@samba.org>
- * BUG 922: Make sure enable fast path for strlower_m() and
- strupper_m().
-
-
-o Luca Bolcioni <Luca.Bolcioni@yacme.com>
- * Fix crash when using 'security = server' and 'encrypt
- passwords = no' by always initializing the session key.
-
-
-o Dmitry Butskoj <buc@odusz.elektra.ru>
- * Fix for special files being hidden from admins.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Fix bug in the lanman session key generation. Caused
- "decode_pw: incorrect password length" error messages.
- * Save the right case for the located user name in
- fill_sam_account(). Fixes %U/%u expansion for win9x clients.
- * BUG 897: Add well known rid for pre win2k compatible access
- group.
- * BUG 887: Correct typo in delete user script example.
- * Use short lived TALLOC_CTX* for allocating printer objects
- from the print handle cache.
- * BUG 912: Fix check for HAVE_MEMORY_KEYTAB.
- * Fix several warnings reported by the SUN Forte C compiler.
- * Fully control DNS queries for AD DC's using 'name resolve order'.
- * BUG 770: Send the SMBjobid for UNIX jobs back to the client.
- * BUG 972: Fix segfault in cli_ds_getprimarydominfo().
- * BUG 936: fix bind credentials for schannel binds in smbd.
- * BUG 446: Fix output of smbclient for better compatibility
- with scripts based on the 2.2 version (including Amanda).
- * BUG 891, 949: Fedora packaging fixes.
- * Fix bug that caused rpcclient to incorrectly retrieve
- the SID for a server (this causing all calls that required
- this information to fail).
- * BUG 977: Don't create a homes share for a user if a static
- share already exists by the same name.
- * Removed unused smb.conf options.
- * Password initialization fixes.
- * Set the disable flag for template accounts created by
- mksmbpasswd.sh.
- * Disable any account has no passwords and does not have the
- ACB_PWNOTREQ bit set.
-
-
-o Guenther Deschner <gd@suse.com>
- * Install smbwrapper.so should be put into the $(libdir)
- and not $(bindir).
- * Add the capability to specify the new user password
- for "net ads password" on the command line.
- * Correctly detect AFS headers on SuSE.
-
-
-o James Flemer <jflemer@uvm.edu>
- * Fix AIX compile bug by linking HAVE_ATTR_LIST to
- HAVE_SYS_ATTRIBUTES_H.
-
-
-o Luke Howard <lukeh@PADL.COM>
- * Fix segfault in session setup reply caused by a early free().
-
-
-o Stoian Ivanov <sdr@bultra.com>
- * Implement grepable output for smbclient -L.
-
-
-o LaMont Jones <lamont@debian.org>
- * BUG 225328 (Debian): Correct false failure LFS test that resulted
- in _GNU_SOURCE not being defined (thus resulting in strndup()
- not being defined).
-
-
-o Volker Lendecke <vl@samba.org>
- * BUG 583: Ensure that user names always contain the short
- version of the domain name.
- * Fix our parsing of the LDAP uri.
- * Don't show the 'afs username map' in the SWAT basic view.
- * Fix SMB signing issues in relation to failed NTLMSSP logins.
- * BUG 924: Fix return codes in smbtorture harness.
- * Always lower-case usernames before handing it to AFS code.
- * Add a German translation for SWAT.
- * Fix a segfaults in winbindd.
- * Fix the user's domain passed to register_vuid() from
- reply_spnego_kerberos().
- * Add NSS example code in nss_winbind to convert UNIX
- id's <-> Windows SIDs.
- * Display more descriptive error messages for login via 'net'.
- * Fix compiler warning in the net tool.
- * Fix length bug when decoding base64 strings.
- * Ensure we don't call getpwnam() inside a loop that is iterating
- over users with getpwent(). This broke on glibc 2.3.2.
-
-
-o Herb Lewis <herb@samba.org>
- * Fix bit rot in psec.
-
-
-o Jianliang Lu <j.lu@tiesse.com>
- * Ensure we delete the group mapping before calling the delete
- group script.
- * Define well known RID for managing the "Power Users" group.
- * BUG 381: check builtin (not local) group SID when updating
- group membership.
- * BUG 101: set the SV_TYPE_PRINTQ_SERVER flag in host announcement
- packet.
-
-
-o John Klinger <john.klinger@lmco.com>
- * Implement initgroups() call in nss_winbind on Solaris.
-
-
-o Jim McDonough <jmcd@us.ibm.com>
- * Fix regression in net rpc join caused by recent changes
- to cli_lsa_query_info_policy().
- * BUG 964: Fix crash bug in 'net rpc join' using a preexisting
- machine account.
-
-
-o MORIYAMA Masayuki <moriyama@miraclelinux.com>
- * BUG 570: Ensure that configure honors the LDFLAGS variable.
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Implement LDAP rebind sleep patch.
- * Revert to 2.2 quota code because of so many broken quota files
- out there.
- * Fix XFS quotas: HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS
- XFS_USER_QUOTA -> USRQUOTA
- XFS_GROUP_QUOTA -> GRPQUOTA
- * Fix disk_free calculation with group quotas.
- * Add debug class 'quota' and a lot of DEBUG()'s
- to the quota code.
- * Fix sys_chown() when no chown() is present.
- * Add SIGABRT to fault handling in order to catch got a
- backtrace if an error occurs the OpenLDAP client libs.
-
-
-o <ndb@theghet.to>
- * Allow an existing LDAP machine account to be re-used when
- joining an AD domain.
-
-
-o James Peach <jpeach@sgi.com>
- * BUG 889: Change smbd to use pread/pwrite on platforms that
- support these calls. Can lead to a significant speed increase.
-
-
-o Tim Potter <tpot@samba.org>
- * BUG 905: Remove POBAD_CC to fix Solaris Forte compiles.
- * BUG 924: Fix typo in RW2 torture test.
-
-
-o Richard Sharpe <rsharpe@samba.org>
- * Small fixes to torture.c to cleanup the error handling
- and prevent crashes.
-
-
-o J. Tournier <jerome.tournier@IDEALX.com>
- * Small fixes for the smbldap-tool scripts.
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Fix src len check in pull_usc2().
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Put functions for generating SQL queries in pdb_sql.c
- * Add pgSQL backend (based on patch by Hamish Friedlander)
- * BUG 908: Fix -s option to smbcontrol.
- * Add smbget utility - a wget-clone for the SMB/CIFS protocol.
- * Fix for libnss_wins on IRIX platforms.
- * Fix swatdir for --with-fhs.
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.1
- December 15, 2003
- =============================
-
-Some of the more common bugs in 3.0.0 addressed in the release
-include:
-
- o Substitution problems with smb.conf variables.
- o Errors in return codes which caused some applications
- to fail to open files.
- o General Protection Faults on Windows 2000/XP clients
- using Samba point-n-print features.
- o Several miscellaneous crash bugs.
- o Access problems when enumerating group mappings are
- stored in an LDAP Directory.
- o Several common SWAT bugs when writing changes to
- smb.conf.
- o Internal inconsistencies when 'winbind use default
- domain = yes'
-
-
-
-Changes since 3.0.0
-----------------------
-
- Parameter Name Action
- -------------- ------
- hide local users Removed
- mangled map Deprecated
- mangled stack Removed
- passwd chat timeout New
-
-
-commits
--------
-
-o Change the interface for init_unistr2 to not take a length
- but a flags field. We were assuming that
- 2*strlen(mb_string) == length of ucs2-le string. (bug 480).
-o Allow d_printf() to handle strings with escaped quotation
- marks since the msg file includes the escape character (bug 489).
-o Fix bad html table row termination in SWAT wizard code (bug 413).
-o Fix to parse the level-2 strings.
-o Fix for "valid users = %S" in [homes]. Fix read/write
- list as well.
-o Change AC_CHECK_LIB_EXT to prepend libraries instead of append.
- This is the same way AC_CHECK_LIB works (bug 508).
-o Testparm output fixes for clarity.
-o Fix broken wins hook functionality -- i18n bug (bug 528).
-o Take care of condition where DOS and NT error codes must differ.
-o Default to using only built-in charsets when a working iconv
- implementation cannot be located.
-o Wrap internals of sys_setgroups() so the sys_XX() call can
- be done unconditionally (bug 550).
-o Remove duplicate smbspool link on SWAT's front page (bug 541).
-o Save and restore CFLAGS before/after AC_PROG_CC. Ensures that
- --enable-debug=[yes|no] works correctly.
-o Allow ^C to interrupt smbpasswd if using our getpass
- (e.g. smbpasswd command).
-o Support signing only on RPC's (bug 167).
-o Correct bug that prevented Excel 2000 clients from opening
- files marked as read-only.
-o Portability fix bugs 546 - 549).
-o Explicitly initialize the value of AR for vendor makes that don't
- do this (e.g. HPUX 11). (bug 552).
-o More i18n fixes for SWAT (bug 413).
-o Change the cwd before the postexec script to ensure that a
- umount will succeed.
-o Correct double free that caused winbindd to crash when a DC
- is rebooted (bug 437).
-o Fix incorrect mode sum (bug 562).
-o Canonicalize SMB_INFO_ALLOCATION in the same was as
- SMB_FS_FULL_SIZE_INFORMATION (bug 564).
-o Add script to generate *msg files.
-o Add Dutch SWAT translation file.
-o Make sure to call get_user_groups() with the full winbindd
- name for a user if he/she has one (bug 406).
-o Fix up error code returns from Samba4 tester. Ensure invalid
- paths are validated the same way.
-o Allow Samba3 to pass the Samba4 RAW-READ tests.
-o Refuse to configure if --with-expsam=$BACKEND was used but no
- libraries were found for $BACKEND.
-o Move sysquotas autoconf tests to a separate file.
-o Match W2K w.r.t. writelock and writeclose. Samba4 torture
- tester
-o Make sure that the files that contain the static_init_$subsystem;
- macro get recompiled after configure by removing the object
- files.
-o Ensure canceling a blocking lock returns the correct error
- message.
-o Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value.
-o Updated Japanese welcome file in SWAT.
-o Fix to nt-time <-> unix-time functions reversible.
-o Ensure that winbindd uses the the escaped DN when querying
- an AD ldap server.
-o Fix portability issues when compiling (bug 505, 550)
-o Compile fix for tdbbackup when Samba needs to override
- non-C99 compliant implementations of snprintf().
-o Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574).
-o Make sure we break out of samsync loop on error.
-o Ensure error code path doesn't free unmalloc()'d memory
- (bug 628).
-o Add configure test for krb5_keytab_entry keyblock vs key
- member (bug 636).
-o Fixed spinlocks.
-o Modified testparm so that all output so all debug output goes
- to stderr, and all file processing goes to stdout.
-o Fix error return code for BUFFER_TOO_SMALL in smbcacls
- and smbcquotas.
-o Fix "NULL dest in safe_strcpy()" log message by ensuring that
- we have a devmode before copying a string to the devicename.
-o Support mapping REALM.COM\user to a local user account (without
- running winbindd) for compatibility with 2.2.x release.
-o Ensure we don't use mmap() on blacklisted systems.
-o fixed a number of bugs and memory leaks in the AIX
- winbindd shim
-o Call initgroups() in SWAT before becomming the user so that
- secondary group permissions can be used when writing to
- smb.conf.
-o Fix signing problems when reverse connecting back to a
- client for printer notify
-o Fix signing problems caused by a miss-sequence bug.
-o Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
- Fixes NEXUS tools running on Win9x clients (bug 64).
-o Don't leave the domain field uninitialized in cli_lsa.c if some
- SID could not be mapped.
-o Fix segfault in mount.cifs helper when there is no options
- specified during mount.
-o Change the \n after the password prompt to go to tty instead
- of stdout (bug 668).
-o Stop net -P from prompting for machine account password (bug 451).
-o Change in behavior to Not only change the effective uid but also
- the real uid when becoming unprivileged.
-o Cope with Exchange 5.5 cleartext pop password auth.
-o New files for support of initshutdown pipe. Win2k doesn't
- respond properly to all requests on the winreg pipe, so we need
- to handle this new pipe (bug 534).
-o Added more va_copy() checks in configure.in.
-o Include fixes for libsmbclient build problems.
-o Missing UNIX -> DOS codepage conversion in lanman.c.
-o Allow DFMS-S filenames can now have arbitrary case (bug 667).
-o Parameterize the listen backlog in smbd and make it larger by
- default. A backlog of 5 is way too small these days.
-o Check for an invalid fid before dereferencing the fsp pointer
- (bug 696).
-o Remove invalid memory frees and return codes in pdb_ldap.c.
-o Prompt for password when invoking --set-auth-user and no
- password is given.
-o Bind the nmbd sending socket to the 'socket address'.
-o Re-order link command for smbd, rpcclient and smbpasswd to ensure
- $LDFLAGS occurs before any library specification (bug 661).
-o Fix large number of printf() calls for 64-bit size_t.
-o Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the
- keyblock in the krb5 structs.
-o Remove #include <compat.h> in hopes to avoid problems with
- apache header files.
-o Correct winbindd build problems on HP-UX 11.
-o Lowercase netgroups lookups (bug 703).
-o Use the actual size of the buffer in strftime instead of a made
- up value which just happens to be less than sizeof(fstring).
- (bug 713).
-o Add ldaplibs to pdbedit link line (bug 651).
-o Fix crash bug in smbclient completion (bug 659).
-o Fix packet length for browse list reply (bug 771).
-o Fix coredump in cli_get_backup_list().
-o Make sure that we expand %N (bug 612).
-o Allow rpcclient adddriver command to specify printer driver
- version (bug 514).
-o Compile tdbdump by default.
-o Apply patches to fix iconv detection for FreeBSD.
-o Do not allow the 'guest account' to be added to a passdb backend
- using smbpasswd or pdbedit (bug 624).
-o Save LDFLAGS during iconv detection (bug 57).
-o Run krb5 logins through the username map if the winbindd
- lookup fails (bug 698).
-o Add const for lp_set_name_resolve_order() to avoid compiler
- warnings (bug 471).
-o Add support for the %i macro in smb.conf to stand in for the for
- the local IP address to which a client connected.
-o Allow winbindd to match local accounts to domain SID when
- 'winbind trusted domains only = yes' (bug 680).
-o Remove code in idmap_ldap that searches the user suffix and group
- suffix. It's not needed and provides inconsistent functionality
- from the tdb backend.
-o Patch to handle munged dial string for Windows 2000 TSE.
- Thanks to Gaz de France, Direction de la Recherche, Service
- Informatique Métier for their supporting this work by Aurelien
- Degrémont <adegremont@idealx.com>.
-o Correct the "smbldap_open: cannot access when not root error"
- messages when looking up group information (bug 281).
-o Skip over the winbind separator when looking up a user.
- This fixes the bug that prevented local users from
- matching an AD user when not running winbindd (bug 698).
-o Fix a problem with configure on *BSD systems. Make sure
- we add -liconv etc to LDFLAGS.
-o Fix core dump bug when "security = server" and the authentication
- server goes away.
-o Correct crash bug due to an empty munged dial string.
-o Show files locked by a specific user (smbstatus -u 'user')
- (bug 590).
-o Fix bug preventing print jobs from display in the queue
- monitor used by Windows NT and later clients (bug 660).
-o Fix several reported problems with point-n-print from
- Windows 2000/XP clients due to a bug in the EnumPrinterDataEx()
- reply (bug 338, 527 & 643).
-o Fix a handful of potential memory leaks in the LDAP code used
- by ldapsam[_compat] and the LDAP idmap backend.
-o Fix for pdbedit error code returns (bug 763).
-o Make sure we only enumerate group mapping entries (not
- /etc/group) even when doing local aliases.
-o Relax check on the pipe name in a dce/rpc bind response to work
- around issues with establishing trusts to a Windows 2003 domain.
-o Ensure we mangle names ending in '.' in hash2 mangling method.
-o Correct parsing issues with munged dial string.
-o Fix bugs in quota support for XFS.
-o Add a cleaner method for applications that need to provide
- name->SID mappings to do this via NSS rather than having to
- know the winbindd pipe protocol.
-o Adds a variant of the winbindd_getgroups() call called
- winbindd_getusersids() that provides direct SID->SIDs listing of
- a users supplementary groups. This is enough to allow non-Samba
- applications to do ACL checking.
-o Make sure we don't append the 'ldap suffix' when writing out the
- 'ldap XXX suffix' values in SWAT (bug 328).
-o Fix renames across file systems.
-o Ensure that items in a list of strings containing whitespace are
- written out surrounded by single quotes. This means that both
- double and single quotes are now used to surround strings in
- smb.conf (bug 481).
-o Enable SWAT to correctly determine if winbindd is running (bug
- 398).
-o Include WWW-Authenticate field in 401 response for bad auth
- attempt (bug 629).
-o Add support for NTLM2 (NTLMv2 session security).
-o Add support for variable-length session keys.
-o More privilege fixes for group enumeration in LDAP (bug 281).
-o Use the dns name (or IP) as the originating client name when
- using CUPS (bug 467).
-o Fix various SMB signing bugs.
-o Fix ACL propagation on a DFS root (bug 263).
-o Disable NTLM2 for RPC pipes.
-o Allow the client to specify the NTLM2 flags got NTLMSSP
- authentication.
-o Change the name of the job passed off to cups from "Test Page"
- to "smbprn.00000033 Test Page" so that we can get the smb
- jobid back. This allow users to delete jobs with cups printing
- backend (partial work on bug 770).
-o Fix build of winbindd with static pdb modules.
-o Retrieve the correct ACL group bits if the file has an ACL
- (bug 802).
-o Implement "net rpc group members": Get members of a domain group
- in human-readable format.
-o Add MacOSX (Darwin) specific charset module code.
-o Use samr_dispinfo(level == 1) for enumerating domain users so we
- can include the full name in gecos field (bug 587).
-o Add support for winbind's NSS library on FeeeBSD 5.1 (bug 797).
-o Implement 'net rpc group list [global|local|builtin]*' for a
- select listing of the respective user databases.
-o Don't automatically set NT status code flag unless client tells
- us it can cope.
-o Add 'net status [sessions|shares] [parseable]'.
-o Don't mistake pre-existing UNIX jobs for smb jobs (remainder of
- bug 770).
-o Add 'Replicator' and 'RAS Servers' to list of builtin SIDs
- (bug 608).
-o Fix inverted logic in hosts allow/deny checks caused by
- s/strcmp/strequal/ (bug 846).
-o Implement correct version SamrRemoveSidForeignDomain() (bug 252).
-o Fix typo in 'hash' mangling algorithm.
-o Support munged dial for ldapsam (bug 800).
-o Fix process_incoming_data() to return the number of bytes handled
- this call whether we have a complete PDU or not; fixes bug
- with multiple PDU request rpc's broken over SMBwriteX calls
- each.
-o Fix incorrect smb flags2 for connections to pre-NT servers
- (causes smbclient to fail to OS2 for example) (bug 821).
-o Update version string in smbldap-tools Makefile to 0.8.2.
-o Correct a problem with "net rpc vampire" mis-parsing the
- alias member info reply.
-o Ensure the ${libdir} is created by the installclientlib script.
-o Fix detection of Windows 2003 client architecture in the smb.conf
- %a variable.
-o Ensure that smbd calls the add user script for a missing UNIX
- user on kerberos auth call (bug 445).
-o Fix bugs in hosts allow/deny when using a mismatched
- network/netmask pair.
-o Protect alloc_sub_basic() from crashing when the source string
- is NULL (partial work on bug 687).
-o Fix spinlocks on IRIX.
-o Corrected some bad destination paths when running "configure
- --with-fhs".
-o Add packaging files for Fedora Core 1.
-o Correct bug in SWAT install script for non-english languages.
-o Support character set ISO-8859-1 internally (bug 558).
-o Fixed more LDAP access errors when looking up group mappings
- (bug 281).
-o Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID
- resolution to fail on local files on on domain members
- (bug 875).
-o Fix uninitialized variable in passdb.c.
-o Fix formal parameter type in get_static() in nsswitch/wins.c.
-o Fix problem mounting directories when mount.cifs is installed
- with the setuid bit on.
-o Fix bug that prevent --mandir from overriding the defaults
- given in the --with-fhs macro.
-o Fix bug in in-memory Kerberos keytab detection routines
- in configure.in
-
-
-
-######################################################################
-
- The original 3.0.0 release notes follow
- =======================================
- WHATS NEW IN Samba 3.0.0
- September 24, 2003
- =======================================
-
-
-Major new features:
--------------------
-
-1) Active Directory support. Samba 3.0 is now able to
- join a ADS realm as a member server and authenticate
- users using LDAP/Kerberos.
-
-2) Unicode support. Samba will now negotiate UNICODE on the wire
- and internally there is now a much better infrastructure for
- multi-byte and UNICODE character sets.
-
-3) New authentication system. The internal authentication system
- has been almost completely rewritten. Most of the changes are
- internal, but the new auth system is also very configurable.
-
-4) New default filename mangling system.
-
-5) A new "net" command has been added. It is somewhat similar to
- the "net" command in windows. Eventually we plan to replace
- numerous other utilities (such as smbpasswd) with subcommands
- in "net".
-
-6) Samba now negotiates NT-style status32 codes on the wire. This
- improves error handling a lot.
-
-7) Better Windows 2000/XP/2003 printing support including publishing
- printer attributes in active directory.
-
-8) New loadable module support for passdb backends and character
- sets.
-
-9) New default dual-daemon winbindd support for better performance.
-
-10) Support for migrating from a Windows NT 4.0 domain to a Samba
- domain and maintaining user, group and domain SIDs.
-
-11) Support for establishing trust relationships with Windows NT 4.0
- domain controllers.
-
-12) Initial support for a distributed Winbind architecture using
- an LDAP directory for storing SID to uid/gid mappings.
-
-13) Major updates to the Samba documentation tree.
-
-14) Full support for client and server SMB signing to ensure
- compatibility with default Windows 2003 security settings.
-
-15) Improvement of ACL mapping features based on code donated by
- Andreas Grünbacher.
-
-
-Plus lots of other improvements!
-
-
-Additional Documentation
-------------------------
-
-Please refer to Samba documentation tree (included in the docs/
-subdirectory) for extensive explanations of installing, configuring
-and maintaining Samba 3.0 servers and clients. It is advised to
-begin with the Samba-HOWTO-Collection for overviews and specific
-tasks (the current book is up to approximately 400 pages) and to
-refer to the various man pages for information on individual options.
-
-We are very glad to be able to include the second edition of
-"Using Samba" by Jay Ts, Robert Eckstein, and David Collier-Brown
-(O'Reilly & Associates) in this release. The book is available
-on-line at http://samba.org/samba/docs/ and is included with
-the Samba Web Administration Tool (SWAT). Thanks to the authors and
-publisher for making "Using Samba" under the GNU Free Documentation
-License.
-
-
-######################################################################
-Upgrading from a previous Samba 3.0 beta
-########################################
-
-Beginning with Samba 3.0.0beta3, the RID allocation functions
-have been moved into winbindd. Previously these were handled
-by each passdb backend. This means that winbindd must be running
-to automatically allocate RIDs for users and/or groups. Otherwise,
-smbd will use the 2.2 algorithm for generating new RIDs.
-
-If you are using 'passdb backend = tdbsam' with a previous Samba
-3.0 beta release (or possibly alpha), it may be necessary to
-move the RID_COUNTER entry from /usr/local/samba/private/passdb.tdb
-to winbindd_idmap.tdb. To do this:
-
-1) Ensure that winbindd_idmap.tdb exists (launch winbindd at least
- once)
-2) build tdbtool by executing 'make tdbtool' in the source/tdb/
- directory
-3) run: (note that 'tdb>' is the tool's prompt for input)
-
- root# ./tdbtool /usr/local/samba/private/passdb.tdb
- tdb> show RID_COUNTER
- key 12 bytes
- RID_COUNTER
- data 4 bytes
- [000] 0A 52 00 00 .R.
-
- tdb> move RID_COUNTER /usr/local/samba/var/locks/winbindd_idmap.tdb
- ....
- record moved
-
-If you are using 'passdb backend = ldapsam', it will be necessary to
-store idmap entries in the LDAP directory as well (i.e. idmap backend
-= ldap). Refer to the 'net idmap' command for more information on
-migrating SID<->UNIX id mappings from one backend to another.
-
-If the RID_COUNTER record does not exist, then these instructions are
-unneccessary and the new RID_COUNTER record will be correctly generated
-if needed.
-
-
-
-########################
-Upgrading from Samba 2.2
-########################
-
-This section is provided to help administrators understand the details
-involved with upgrading a Samba 2.2 server to Samba 3.0.
-
-
-Building
---------
-
-Many of the options to the GNU autoconf script have been modified
-in the 3.0 release. The most noticeable are:
-
- * removal of --with-tdbsam (is now included by default; see section
- on passdb backends and authentication for more details)
-
- * --with-ldapsam is now on used to provided backward compatible
- parameters for LDAP enabled Samba 2.2 servers. Refer to the passdb
- backend and authentication section for more details
-
- * inclusion of non-standard passdb modules may be enabled using
- --with-expsam. This includes an XML backend and a mysql backend.
-
- * removal of --with-msdfs (is now enabled by default)
-
- * removal of --with-ssl (no longer supported)
-
- * --with-utmp now defaults to 'yes' on supported systems
-
- * --with-sendfile-support is now enabled by default on supported
- systems
-
-
-Parameters
-----------
-
-This section contains a brief listing of changes to smb.conf options
-in the 3.0.0 release. Please refer to the smb.conf(5) man page for
-complete descriptions of new or modified parameters.
-
-Removed Parameters (order alphabetically):
-
- * admin log
- * alternate permissions
- * character set
- * client codepage
- * code page directory
- * coding system
- * domain admin group
- * domain guest group
- * force unknown acl user
- * hide local users
- * mangled stack
- * nt smb support
- * postscript
- * printer driver
- * printer driver file
- * printer driver location
- * read size
- * source environment
- * status
- * strip dot
- * total print jobs
- * use rhosts
- * valid chars
- * vfs options
-
-New Parameters (new parameters have been grouped by function):
-
- Remote management
- -----------------
- * abort shutdown script
- * shutdown script
-
- User and Group Account Management
- ---------------------------------
- * add group script
- * add machine script
- * add user to group script
- * algorithmic rid base
- * delete group script
- * delete user from group script
- * passdb backend
- * set primary group script
-
- Authentication
- --------------
- * auth methods
- * realm
- * passwd chat timeout
-
- Protocol Options
- ----------------
- * client lanman auth
- * client NTLMv2 auth
- * client schannel
- * client signing
- * client use spnego
- * disable netbios
- * ntlm auth
- * paranoid server security
- * server schannel
- * server signing
- * smb ports
- * use spnego
-
- File Service
- ------------
- * get quota command
- * hide special files
- * hide unwriteable files
- * hostname lookups
- * kernel change notify
- * mangle prefix
- * map acl inherit
- * msdfs proxy
- * set quota command
- * use sendfile
- * vfs objects
-
- Printing
- --------
- * max reported print jobs
-
- UNICODE and Character Sets
- --------------------------
- * display charset
- * dos charset
- * unicode
- * unix charset
-
- SID to uid/gid Mappings
- -----------------------
- * idmap backend
- * idmap gid
- * idmap uid
- * winbind enable local accounts
- * winbind trusted domains only
- * template primary group
- * enable rid algorithm
-
- LDAP
- ----
- * ldap delete dn
- * ldap group suffix
- * ldap idmap suffix
- * ldap machine suffix
- * ldap passwd sync
- * ldap replication sleep
- * ldap user suffix
-
- General Configuration
- ---------------------
- * preload modules
- * private dir
-
-Modified Parameters (changes in behavior):
-
- * encrypt passwords (enabled by default)
- * mangling method (set to 'hash2' by default)
- * passwd chat
- * passwd program
- * restrict anonymous (integer value)
- * security (new 'ads' value)
- * strict locking (enabled by default)
- * unix extensions (enabled by default)
- * winbind cache time (increased to 5 minutes)
- * winbind uid (deprecated in favor of 'idmap uid')
- * winbind gid (deprecated in favor of 'idmap gid')
-
-
-Databases
----------
-
-This section contains brief descriptions of any new databases
-introduced in Samba 3.0. Please remember to backup your existing
-${lock directory}/*tdb before upgrading to Samba 3.0. Samba will
-upgrade databases as they are opened (if necessary), but downgrading
-from 3.0 to 2.2 is an unsupported path.
-
-Name Description Backup?
----- ----------- -------
-account_policy User policy settings yes
-gencache Generic caching db no
-group_mapping Mapping table from Windows yes
- groups/SID to unix groups
-winbindd_idmap ID map table from SIDS to UNIX yes
- uids/gids.
-namecache Name resolution cache entries no
-netsamlogon_cache Cache of NET_USER_INFO_3 structure no
- returned as part of a successful
- net_sam_logon request
-printing/*.tdb Cached output from 'lpq no
- command' created on a per print
- service basis
-registry Read-only samba registry skeleton no
- that provides support for exporting
- various db tables via the winreg RPCs
-
-
-Changes in Behavior
--------------------
-
-The following issues are known changes in behavior between Samba 2.2 and
-Samba 3.0 that may affect certain installations of Samba.
-
- 1) When operating as a member of a Windows domain, Samba 2.2 would
- map any users authenticated by the remote DC to the 'guest account'
- if a uid could not be obtained via the getpwnam() call. Samba 3.0
- rejects the connection as NT_STATUS_LOGON_FAILURE. There is no
- current work around to re-establish the 2.2 behavior.
-
- 2) When adding machines to a Samba 2.2 controlled domain, the
- 'add user script' was used to create the UNIX identity of the
- machine trust account. Samba 3.0 introduces a new 'add machine
- script' that must be specified for this purpose. Samba 3.0 will
- not fall back to using the 'add user script' in the absence of
- an 'add machine script'
-
-
-######################################################################
-Passdb Backends and Authentication
-##################################
-
-There have been a few new changes that Samba administrators should be
-aware of when moving to Samba 3.0.
-
- 1) encrypted passwords have been enabled by default in order to
- inter-operate better with out-of-the-box Windows client
- installations. This does mean that either (a) a samba account
- must be created for each user, or (b) 'encrypt passwords = no'
- must be explicitly defined in smb.conf.
-
- 2) Inclusion of new 'security = ads' option for integration
- with an Active Directory domain using the native Windows
- Kerberos 5 and LDAP protocols.
-
- MIT kerberos 1.3.1 supports the ARCFOUR-HMAC-MD5 encryption
- type which is neccessary for servers on which the
- administrator password has not been changed, or kerberos-enabled
- SMB connections to servers that require Kerberos SMB signing.
- Besides this one difference, either MIT or Heimdal Kerberos
- distributions are usable by Samba 3.0.
-
-
-Samba 3.0 also includes the possibility of setting up chains
-of authentication methods (auth methods) and account storage
-backends (passdb backend). Please refer to the smb.conf(5)
-man page for details. While both parameters assume sane default
-values, it is likely that you will need to understand what the
-values actually mean in order to ensure Samba operates correctly.
-
-The recommended passdb backends at this time are
-
- * smbpasswd - 2.2 compatible flat file format
- * tdbsam - attribute rich database intended as an smbpasswd
- replacement for stand alone servers
- * ldapsam - attribute rich account storage and retrieval
- backend utilizing an LDAP directory.
- * ldapsam_compat - a 2.2 backward compatible LDAP account
- backend
-
-Certain functions of the smbpasswd(8) tool have been split between the
-new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8)
-utility. See the respective man pages for details.
-
-
-######################################################################
-LDAP
-####
-
-This section outlines the new features affecting Samba / LDAP
-integration.
-
-New Schema
-----------
-
-A new object class (sambaSamAccount) has been introduced to replace
-the old sambaAccount. This change aids us in the renaming of
-attributes to prevent clashes with attributes from other vendors.
-There is a conversion script (examples/LDAP/convertSambaAccount) to
-modify and LDIF file to the new schema.
-
-Example:
-
- $ ldapsearch .... -b "ou=people,dc=..." > sambaAcct.ldif
- $ convertSambaAccount --sid=<Domain SID> \
- --input=sambaAcct.ldif --output=sambaSamAcct.ldif \
- --changetype=[modify|add]
-
-The <DOM SID> can be obtained by running 'net getlocalsid
-<DOMAINNAME>' on the Samba PDC as root. The changetype determines
-the format of the generated LDIF output--either create new entries
-or modify existing entries.
-
-The old sambaAccount schema may still be used by specifying the
-"ldapsam_compat" passdb backend. However, the sambaAccount and
-associated attributes have been moved to the historical section of
-the schema file and must be uncommented before use if needed.
-The 2.2 object class declaration for a sambaAccount has not changed
-in the 3.0 samba.schema file.
-
-Other new object classes and their uses include:
-
- * sambaDomain - domain information used to allocate rids
- for users and groups as necessary. The attributes are added
- in 'ldap suffix' directory entry automatically if
- an idmap uid/gid range has been set and the 'ldapsam'
- passdb backend has been selected.
-
- * sambaGroupMapping - an object representing the
- relationship between a posixGroup and a Windows
- group/SID. These entries are stored in the 'ldap
- group suffix' and managed by the 'net groupmap' command.
-
- * sambaUnixIdPool - created in the 'ldap idmap suffix' entry
- automatically and contains the next available 'idmap uid' and
- 'idmap gid'
-
- * sambaIdmapEntry - object storing a mapping between a
- SID and a UNIX uid/gid. These objects are created by the
- idmap_ldap module as needed.
-
- * sambaSidEntry - object representing a SID alone, as a Structural
- class on which to build the sambaIdmapEntry.
-
-
-New Suffix for Searching
-------------------------
-
-The following new smb.conf parameters have been added to aid in directing
-certain LDAP queries when 'passdb backend = ldapsam://...' has been
-specified.
-
- * ldap suffix - used to search for user and computer accounts
- * ldap user suffix - used to store user accounts
- * ldap machine suffix - used to store machine trust accounts
- * ldap group suffix - location of posixGroup/sambaGroupMapping entries
- * ldap idmap suffix - location of sambaIdmapEntry objects
-
-If an 'ldap suffix' is defined, it will be appended to all of the
-remaining sub-suffix parameters. In this case, the order of the suffix
-listings in smb.conf is important. Always place the 'ldap suffix' first
-in the list.
-
-Due to a limitation in Samba's smb.conf parsing, you should not surround
-the DN's with quotation marks.
-
-
-IdMap LDAP support
-------------------
-
-Samba 3.0 supports an ldap backend for the idmap subsystem. The
-following options would inform Samba that the idmap table should be
-stored on the directory server onterose in the "ou=idmap,dc=plainjoe,
-dc=org" partition.
-
- [global]
- ...
- idmap backend = ldap:ldap://onterose/
- ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
- idmap uid = 40000-50000
- idmap gid = 40000-50000
-
-This configuration allows winbind installations on multiple servers to
-share a uid/gid number space, thus avoiding the interoperability problems
-with NFS that were present in Samba 2.2.
-
-
-
-######################################################################
-Trust Relationships and a Samba Domain
-######################################
-
-Samba 3.0.0beta2 is able to utilize winbindd as the means of
-allocating uids and gids to trusted users and groups. More
-information regarding Samba's support for establishing trust
-relationships can be found in the Samba-HOWTO-Collection included
-in the docs/ directory of this release.
-
-First create your Samba PDC and ensure that everything is
-working correctly before moving on the trusts.
-
-To establish Samba as the trusting domain (named SAMBA) from a Windows NT
-4.0 domain named WINDOWS:
-
- 1) create the trust account for SAMBA in "User Manager for Domains"
- 2) connect the trust from the Samba domain using
- 'net rpc trustdom establish GLASS'
-
-To create a trustlationship with SAMBA as the trusted domain:
-
- 1) create the initial trust account for GLASS using
- 'smbpasswd -a -i GLASS'. You may need to create a UNIX
- account for GLASS$ prior to this step (depending on your
- local configuration).
- 2) connect the trust from a WINDOWS DC using "User Manager
- for Domains"
-
-Now join winbindd on the Samba PDC to the SAMBA domain using
-the normal steps for adding a Samba server to an NT4 domain:
-(note that smbd & nmbd must be running at this point)
-
- root# net rpc join -U root
- Password: <enter root password from smbpasswd file here>
-
-Start winbindd and test the join with 'wbinfo -t'.
-
-Now test the trust relationship by connecting to the SAMBA DC
-(e.g. POGO) as a user from the WINDOWS domain:
-
- $ smbclient //pogo/netlogon -U Administrator -W WINDOWS
- Password:
-
-Now connect to the WINDOWS DC (e.g. CRYSTAL) as a Samba user:
-
- $ smbclient //crystal/netlogon -U root -W WINDOWS
- Password:
-
-######################################################################
-Changes in Winbind
-##################
-
-Beginning with Samba3.0.0beta3, winbindd has been given new account
-manage functionality equivalent to the 'add user script' family of
-smb.conf parameters. The idmap design has also been changed to
-centralize control of foreign SID lookups and matching to UNIX
-uids and gids.
-
-
-Brief Description of Changes
-----------------------------
-
-1) The sid_to_uid() family of functions (smbd/uid.c) have been
- reverted to the 2.2.x design. This means that when resolving a
- SID to a UID or similar mapping:
-
- a) First consult winbindd
- b) perform a local lookup only if winbindd fails to
- return a successful answer
-
- There are some variations to this, but these two rules generally
- apply.
-
-2) All idmap lookups have been moved into winbindd. This means that
- a server must run winbindd (and support NSS) in order to achieve
- any mappings of SID to dynamically allocated UNIX ids. This was
- a conscious design choice.
-
-3) New functions have been added to winbindd to emulate the 'add user
- script' family of smbd functions without requiring that external
- scripts be defined. This functionality is controlled by the 'winbind
- enable local accounts' smb.conf parameter (enabled by default).
-
- However, this account management functionality is only supported
- in a local tdb (winbindd_idmap.tdb). If these new UNIX accounts
- must be shared among multiple Samba servers (such as a PDC and BDCs),
- it will be necessary to define your own 'add user script', et. al.
- programs that place the accounts/groups in some form of directory
- such as NIS or LDAP. This requirement was deemed beyond the scope
- of winbind's account management functions. Solutions for
- distributing UNIX system information have been deployed and tested
- for many years. We saw no need to reinvent the wheel.
-
-4) A member of a Samba controlled domain running winbindd is now able
- to map domain users directly onto existing UNIX accounts while still
- automatically creating accounts for trusted users and groups. This
- behavior is controlled by the 'winbind trusted domains only' smb.conf
- parameter (disabled by default to provide 2.2.x winbind behavior).
-
-5) Group mapping support is wrapped in the local_XX_to_XX() functions
- in smbd/uid.c. The reason that group mappings are not included
- in winbindd is because the purpose of Samba's group map is to
- match any Windows SID with an existing UNIX group. These UNIX
- groups can be created by winbindd (see next section), but the
- SID<->gid mapping is retreived by smbd, not winbindd.
-
-
-Examples
---------
-
-* security = server running winbindd to allocate accounts on demand
-
-* Samba PDC running winbindd to handle the automatic creation of UNIX
- identities for machine trust accounts
-
-* Automtically creating UNIX user and groups when migrating a Windows NT
- 4.0 PDC to a Samba PDC. Winbindd must be running when executing
- 'net rpc vampire' for this to work.
-
-
-######################################################################
-Known Issues
-############
-
-* There are several bugs currently logged against the 3.0 codebase
- that affect the use of NT 4.0 GUI domain management tools when run
- against a Samba 3.0 PDC. This bugs should be released in an early
- 3.0.x release.
-
-Please refer to https://bugzilla.samba.org/ for a current list of bugs
-filed against the Samba 3.0 codebase.
-
-
-######################################################################
-Reporting bugs & Development Discussion
-#######################################
-
-Please discuss this release on the samba-technical mailing list or by
-joining the #samba-technical IRC channel on irc.freenode.net.
-
-If you do report problems then please try to send high quality
-feedback. If you don't provide vital information to help us track down
-the problem then you will probably be ignored.
-
-A new bugzilla installation has been established to help support the
-Samba 3.0 community of users. This server, located at
-https://bugzilla.samba.org/, has replaced the older jitterbug server
-previously located at http://bugs.samba.org/.
+This file is NOT maintained but will be created during releases.
+See the SAMBA_3_0_RELEASE branch for the current WHATSNEW.
git.samba.org / tprouty / samba.git / blobdiff