- =================================
- Release Notes for Samba 3.2.0pre2
- Feb 29, 2008
- =================================
+ ==============================
+ Release Notes for Samba 3.2.1
+ August 5, 2008
+ ==============================
-This is the second preview release of Samba 3.2.0. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
+This is the second stable release of Samba 3.2.
-Please be aware that Samba is now distributed under the version 3
-of the new GNU General Public License. You may refer to the COPYING
-file that accompanies these release notes for further licensing details.
-
-Major enhancements in Samba 3.2.0 include:
-
- File Serving:
- o Use of IDL generated parsing layer for several DCE/RPC
- interfaces.
- o Removal of the 1024 byte limit on pathnames and 256 byte limit on
- filename components to honor the MAX_PATH setting from the host OS.
- o Introduction of a registry based configuration system.
- o Improved CIFS Unix Extensions support.
- o Experimental support for file serving clusters.
- o Support for IPv6 in the server, and client tools and libraries.
- o Support for storing alternate data streams in xattrs.
- o Encrypted SMB transport in client tools and libraries, and server.
-
- Winbind and Active Directory Integration:
- o Full support for Windows 2003 cross-forest, transitive trusts
- and one-way domain trusts
- o Support for userPrincipalName logons via pam_winbind and NSS
- lookups.
- o Support in pam_winbind for logging on using the userPrincipalName.
- o Expansion of nested domain groups via NSS calls.
- o Support for Active Directory LDAP Signing policy.
- o New LGPL Winbind client library (libwbclient.so)
-
-
- Users & Groups:
- o New ldb backend for local group mapping tables
- o Raised level of security defaults for authentication operations.
-
-
- Documentation:
- o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
- from O'Reilly Publishing.
-
-
-Now Licensed under the GNU GPLv3
-================================
-
-The Samba Team has adopted the Version 3 of the GNU General Public
-License for the 3.2 and later releases. The GPLv3 is the updated
-version of the GPLv2 license under which Samba is currently
-distributed. It has been updated to improve compatibility with other
-licenses and to make it easier to adopt internationally, and is an
-improved version of the license to better suit the needs of Free
-Software in the 21st Century.
-
-The original announcement is available on-line at
-
- http://news.samba.org/announcements/samba_gplv3/
-
-
-New Security Defaults for Authentication
-========================================
-
-Support for LanMan passwords is now disabled in both client and server
-applications. Additionally, clear text authentication requests are
-disabled by default in client utilities such as smbclient and all
-libsmbclient based applications. This will affect connection both
-to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
-to the "Changes" section for details on the exact parameters that were
-updated.
-
-
-
-Registry Configuration Backend
-==============================
-
-Samba is now able to use a registry based configuration backed to
-supplement smb.conf setting. This feature may be enabled by setting
-"config backend = registry" and "registry shares = yes" in the [global]
-section of smb.conf and may be managed using the "net conf" command.
-
-More information may be obtained from the smb.conf(5) and net(8) man
-pages.
-
-
-Removed Features
-================
-
-Both the Python bindings and the libmsrpc shared library have been
-removed from the tree due to lack of an official maintainer.
+Major bug fixes included in Samba 3.2.1 are:
+ o Race condition in Winbind leading to a crash.
+ o Regression in Winbindd offline mode.
+ o Flushing of smb.conf when creating a new share using SWAT.
+ o Setting of ACEs in setups with "dos filemode = yes".
######################################################################
Changes
#######
-smb.conf changes
-----------------
-
- Parameter Name Description Default
- -------------- ----------- -------
- client lanman auth Changed Default No
- client ldap sasl wrapping New plain
- client plaintext auth Changed Default No
- clustering New No
- cluster addresses New ""
- config backend New file
- ctdb socket New ""
- debug class New No
- hidden New No
- lanman auth Changed Default No
- ldap debug level New 0
- ldap debug threshold New 10
- mangle map Removed
- open files database hashsize Removed
- read bmpx Removed
- registry shares New No
- winbind expand groups New 1
- winbind rpc only New No
-
-
-Changes since 3.2.0pre1:
------------------------
-
-o Michael Adam <obnox@samba.org>
- * Add library for access to the registry configuration data.
- * BUG 5023: Separate NFS4 and POSIX ACL code in file access checks.
- * BUG 4308: Fix Excel save operation ACL bug.
- * Refactor and consolidate logic for retrieving the machine
- trust password information.
- * VFS API cleanup (remove redundant parameter).
- * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
- * Add new option "debug class" to control printing of the debug class.
- in debug headers.
- * Enable building of the zfsacl and notify_fam vfs modules.
- * BUG 5083: Fix memleak in solarisacl module.
- * BUG 5063: Fix build on RHEL5.
- * New smb.conf parameter "config backend = registry" to enable registry
- only configuration.
- * Move "net conf" functionality into a separate module libnet_conf.c
- * Restructure registry code, eliminating the dynamic overlay.
- Make use of reg_api instead of backend code in most places.
- * Add support for intercepting LDAP libraries' debug output and print
- it in Samba's debugging system.
- * Libreplace fixes.
- * Build fixes.
- * Initial support for using subsystems as shared libraries.
- Use talloc, tdb, and libnetapi as shared libraries internally.
-
-
-o Jeremy Allison <jra@samba.org>
- * Added support for IPv6 client and server connections.
- * Add in the recvfile entry to the VFS layer.
- * Removal of pstring data type.
- * Remove unused utilities: smbctool and rpctorture.
- * Fix service principal detection to match Windows Vista
- (based on work from Andreas Schneider).
- * Encrypted SMB transport in client tools and libraries, and server.
-
-o Kai Blin <kai@samba.org>
- * Added support for an SMB_CONF_PATH environment variable
- containing the path to smb.conf.
- * Various fixes to ntlm_auth.
- * make test now supports more extensive SPOOLSS testing using vlp.
- * Correctly handle mixed-case hostnames in NTLMv2 authentication.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Add Winbind client library.
- * Decouple static linking between smbd and winbindd's client
- interface.
-
-
-o Guenther Deschner <gd@samba.org>
- * Enhance client and server remote registry access.
- * Add client calls for remotely joining a computer to a domain
- (including calls from "net dom" command).
- * Add libnetapi.so library for joining domains including
- sample GTK+ app.
-
-
-o Steve Langasek <vorlon@debian.org>
- * Integrate 2 out of 3 --with-fhs patches from Debian packaging
- for better adherence to the FHS standard.
-
-
-o Volker Lendecke <vl@samba.org>
- * Add talloc_stackframe() and talloc_pool() features.
- * Removal of pstring data type.
- * Add generic a in-memory cache.
- * Import the Linux red-black tree implementation.
- * Remove large amount of global variables.
- * Support for storing xattrs in tdb files
- * Support for storing alternate data streams in xattrs
- * Implement a generic in-memory cache based on rb-trees
- * Add implicit temporary talloc contexts via talloc_stack()
-
-
-o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
- * Pidl fixes.
- * Build fixes.
- * Add nss_wrapper support.
- * Start and test winbindd by 'make test'
- * Split up child_dispatch_table into domain, idmap and locator tables
- in winbindd.
- * Fix for a crash bug in pidl generated client code.
- This could have happend with [in,out,unique] pointers
- when the client sends a valid pointer, but the server
- responds with a NULL pointer (as samba-3.0.26a does for some calls).
- * Change NTSTATUS into enum ndr_err_code in librpc/ndr.
- * Remove unused calls in the struct based winbindd protocol.
- * Add --configfile option to wbinfo.
- * Convert winbind_env_set(), winbind_on() and winbind_off() into macros.
- * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode.
- * Implement wbcErrorString() and wbcAuthenticateUserEx().
- * Convert auth_winbind to use wbcAuthenticateUserEx().
-
-
-o James Peach <jpeach@samba.org>
- * Add support for DNS Service Discovery. Based on work from
- Rishi Srivatsavai <rishisv@gmail.com>.
-
-
-o Andreas Schneider <anschneider@suse.de>
- * Don't restart winbind if a corrupted tdb is found during
- initialization.
- * Fix Windows 2008 (Longhorn) join.
- * Fix crashbug in winbindd.
- * Add share parameter "hidden".
-
-
-o Karolin Seeger <ks@sernet.de>
- * Improve error messages of net subcommands.
- * Add 'net rap file user'.
- * Change LDAP search filter to find machine accounts which
- are not located in the user suffix.
-
-
-o David Shaw <dshaw@jabberwocky.com>
- * BUG 5073: Allow "delete readonly = yes" to correctly override
- deletion of a file.
-
+Changes since 3.2.0
+-------------------
-o Rishi Srivatsavai <rishisv@gmail.com>
- * Register the smb service with mDNS if mDNS is supported.
- * Add smbclient support for basic mDNS browsing.
-
-o Andrew Tridgell <tridge@samba.org>
- * Fix padding between Winbind 32bit/64bit client library in
- the request/response structures.
- * Added a syncops VFS module for file systems which do not
- guarantee meta-data operations are immediately committed to
- disk in stable form.
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Additional portability support for building shared libraries.
-
-o Corinna Vinschen <corinna@vinschen.de>
- * Get Samba version or capability information from Windows user space
-
-
-Original 3.2.0pre1 commits:
----------------------------
o Michael Adam <obnox@samba.org>
- * Unified POSIX ACL detection including support for FreeBSD and
- HP-UX.
- * Performance improvements for Winbind's lookup functions (names,
- SIDs, and group membership) when joined to an AD domain.
- * Winbind cache validation support.
- * Store domain trust passwords for Samba domain controller's in
- the domain's passdb backend.
- * Merged \winreg server code from the SAMBA_3_2 development branch.
- * Fixes for libreplace.
- * Implement new registry configuration backend.
+ * BUG 5608: Fix link creation for libtalloc.so.1 (and friends) on
+ Solaris 8.
+ * BUG 5594: Fix "make test" by adding and using a new testparm
+ switch "--skip-logic-checks".
+ * Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
+ * Update the section about net conf in the net(8) manpage.
+ * Improve processing of registry shares.
+ * Fix listing of registry shares with testparm.
+ * Fix several build issues.
o Jeremy Allison <jra@samba.org>
- * Add support for file system objectIDs.
- * Winbind cache validation support.
- * Add in the UNIX capability for 24-bit readX.
- * Improve Delete-on-Close semantics.
- * Removal of static file and path name buffers in SMB file serving
- code.
+ * BUG 5578: Fix error from strlcat.
+ * BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT.
+ * Ensure consistent use of pdb_get_nt_passwd instead of
+ pdb_get_lanman_passwd.
+ * Remove worrying warning message when safe_strcpy tries to copy a
+ pseaudo interface name that's too long.
+ * Canonicalize servername in the printer functions to remove leading
+ '\\' characters.
+ * Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
+ * Fix bug creating files using DOS clients with mixed case files.
-o Danilo Almeida <dalmeida@centeris.com>
- * Move the machine account to the OU specified when running "net
- ads join".
+o Jim Brown <jim.brown@miami.edu>
+ * Fix SGI compiler warnings.
-o Andrew Bartlett <abartlet@samba.org>
- * Tighten authentication protocol defaults in client tools and
- servers.
+o Günther Deschner <gd@samba.org>
+ * BUG 5570: Fix bogus error message during AD domain join.
+ * Fix build warning.
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Implement support for one-way trusts and two-way cross-forest
- transitive trust in winbindd.
- * Fixes for Winbind's offline/disconnected logon support when
- using remote idmap backends.
- * Fix LookupNames and LookupSids to use the same resolution
- heuristics as Windows XP.
- * Fix lockups in Winbind when running nscd.
- * UPN logon support in pam_winbind.
- * Add support for GNU linker scripts when build shared libraries
- (based on work by Julien Cristau <jcristau@debian.org> and James
- Peach).
+o SATOH Fumiyasu <fumiyas@osstech.co.jp>
+ * BUG 5202: Fix setting of ACEs for users/groups with write access
+ in setups with 'dos filemode = yes'.
+ * Re-activate 'acl group control' parameter and make it only apply
+ to owning group.
-o Guenther Deschner <gd@samba.org>
- * Additional support for decoding and downloading group policy
- objects from Active Directory.
- * Improvements to "net ads keytab" command.
- * Fixes for linking against Heimdal Kerberos client libs.
- * Support LDAP range retrieval searches.
- * Fixes for failure to refresh user ticket caches in Winbind.
- * UPN logon support in pam_winbind.
- * Add KDC locator plugin for MIT kerberos 1.6 or later.
-
-
-o Steve Langasek <vorlon@debian.org>
- * Allow SIGTERM to cause nmbd to exit while awaiting a interface
- to come up.
+o Volodymyr Khomenko <Volodymyr.Khomenko@exanet.com>
+ * Make ntimes function more like POSIX and allow NULL arg.
o Volker Lendecke <vl@samba.org>
- * Merge experimental cluster support patches from the ctdb branch.
- * Add tdb storage abstraction for ctdb.
- * Use IDL for internal message passing system.
- * Add client support for the SamLogonEx() authentication request.
- * Implement RPC proxy stubs in the Samba server code to allow
- replacing implementation functions one by one.
- * Remove static incoming and outgoing buffers from core server SMB
- packet processing code.
- * Add "net sam rights" command.
-
+ * BUG 5512: Fix alignment problems on sparc.
+ * Fix a race condition in Winbind leading to a crash.
+ * Fix a segfault in base64_encode_data_blob.
+ * Fix some uninitialized variable references via ndr_print.
+ * Fix error message if trying to join with a non-privileged user.
+ * Fix setups using "include = registry" without [global] settings
+ in the registry.
+ * Fix "net sam rights" on domain member servers.
+ * Add documentation for the vfs streams modules.
-o Steve French <sfrench@samba.org>
- * Fixes for mount.cfs Linux utility.
+o Herb Lewis <herb@samba.org>
+ * Cleanup some duplicate code by passing the password to the wbinfo_auth*
+ functions.
+ * Allow SID with 0 in subauthority to be converted properly.
-o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
- * Add support for LDAP digital signing policy.
- * Experimental clustered file system support.
+o Zach Loafman <zachary.loafman@isilon.com>
+ * Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage.
+ * Fix realpath() check so that it doesn't generate a core() when it fails.
-o Lars Mueller <lars@samba.org>
- * Makefile and build fixes.
- * Add pam_pwd_expire for pam_winbind (original patch from Andreas
- Schneider).
+o Jim McDonough <jmcd@samba.org>
+ * Fix overwriting of winbind logfiles.
-o James Peach <jpeach@apple.com>
- * Fixes for setgroups() and *BSD and Darwin.
- * Support membership of >16 groups on Darwin.
+o Lars Müller <lars@samba.org>
+ * Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic.
-o Jiri Sasek <Jiri.Sasek@Sun.COM>
- * Added vfs_zfsacl module.
+o Darshan Purandare <dpurandare@isilon.com>
+ * Add broadcasting of the debug message to all winbindd children.
-o Karolin Seeger <ks@sernet.de>
- * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
- * Cleanup internal passdb functions.
+o Karolin Seeger <kseeger@samba.org>
+ * BUG 5635: Fix updating of printer queues.
-o Simo Sorce <idra@samba.org>
- * Fixes for IDmap and Passdb backends.
+o Andreas Schneider <anschneider@suse.de>
+ * Release still reachable memory if the smbclient context is freed.
+ * Remove trailing withespace from wbinfo -m which breaks gdm auth.
-o Andrew Tridgell <tridge@samba.org>
- * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
- * Move several file serving related tdb files to use the dbwrap
- API internally.
- * Cleanup the GPFS VFS plugin.
- * Experimental clustered file system support.
+o Simo Sorce <idra@samba.org>
+ * BUG 5540: Fix "set primary group script" user option substitution.
+ * Fix regression in Winbindd offline mode.
-o Jelmer Vernooij <jelmer@samba.org>
- * Implement NDR basic to support utilizing IDL files from Samba 4
- tree for general DCE/RPC parsing stubs.
+o Bo Yang <boyang@novell.com>
+ * Allow authentication and memory credential refresh after password
+ change from gdm/xdm.
+ * Allow %u parameters for print job username.
######################################################################