Release Announcements
=====================
-This is the first preview release of Samba 4.7. This is *not*
+This is the first preview release of Samba 4.8. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
-Samba 4.7 will be the next version of the Samba suite.
+Samba 4.8 will be the next version of the Samba suite.
UPGRADING
NEW FEATURES/CHANGES
====================
-The "strict sync" global parameter has been changed from
-a default of "no" to "yes". This means smbd will by default
-obey client requests to synchronize unwritten data in operating
-system buffers safely onto disk. This is a safer default setting
-for modern SMB1/2/3 clients.
-
-Authentication and Authorization audit support
-----------------------------------------------
-
-Detailed authentication and authorization audit information is now
-logged to Samba's debug logs under the "auth_audit" debug class,
-including in particular the client IP address triggering the audit
-line. Additionally, if Samba is compiled against the jansson JSON
-library, a JSON representation is logged under the "auth_json_audit"
-debug class.
-
-Audit support is comprehensive for all authentication and
-authorisation of user accounts in the Samba Active Directory Domain
-Controller, as well as the implicit authentication in password
-changes. In the file server and classic/NT4 domain controller, NTLM
-authentication, SMB and RPC authorization is covered, however password
-changes are not at this stage, and this support is not currently
-backed by a testsuite.
+Using x86_64 Accelerated AES Crypto Instructions
+================================================
+
+Samba on x86_64 can now be configured to use the Intel accelerated AES
+instruction set, which has the potential to make SMB3 signing and
+encryption much faster on client and server. To enable this, configure
+Samba using the new option --accel-aes=intelaesni.
+
+This is a temporary solution that is being included to allow users
+to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
+but the longer-term solution will be to move Samba to a fully supported
+external crypto library.
+
+The third_party/aesni-intel code will be removed from Samba as soon as
+external crypto library performance reaches parity.
+
+The default is to build without setting --accel-aes, which uses the
+existing Samba software AES implementation.
smb.conf changes
================
- Parameter Name Description Default
- -------------- ----------- -------
- strict sync Default changed yes
- auth event notification New parameter no
+ Parameter Name Description Default
+ -------------- ----------- -------
+
KNOWN ISSUES
============
-https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.8#Release_blocking_bugs
#######################################