- WHATS NEW IN 1.9.18alpha10 Nov 1st 1997
- =======================================
+ =================================
+ Release Notes for Samba 3.2.0pre2
+ Oct XX, 2007
+ =================================
-This is NOT a production release of Samba code.
-For production servers please run Samba 1.9.17p4
-or later releases in the 1.9.17 series.
+This is the second preview release of Samba 3.2.0. This is *not*
+intended for production environments and is designed for testing
+purposes only. Please report any defects via the Samba bug reporting
+system at https://bugzilla.samba.org/.
-This release contains some experimental features and
-changes and is being made available so people can
-test and provide feedback and patches for ongoing
-Samba development.
+Please be aware that Samba is now distributed under the version 3
+of the new GNU General Public License. You may refer to the COPYING
+file that accompanies these release notes for further licensing details.
-Please note that only the Domain controller code
-is truly experimental. The other changes have
-been extensively tested and are of the same
-quality as normal Samba alpha releases. The
-Domain controller code is disabled in the Makefile
-by default and is being made available to Samba
-programmers in the interests of advancing a
-public implementation of this important protocol.
+Major enhancements in Samba 3.2.0 include:
-This release contains three major changes to the
-1.9.17 series and much re-written code.
+ File Serving:
+ o Use of IDL generated parsing layer for several DCE/RPC
+ interfaces.
+ o Removal of the 1024 byte limit on pathnames and 256 byte limit on
+ filename components to honor the MAX_PATH setting from the host OS.
+ o Introduction of a registry based configuration system.
+ o Improved CIFS Unix Extensions support.
+ o Experimental support for file serving clusters.
-The main changes are :
+ Winbind and Active Directory Integration:
+ o Full support for Windows 2003 cross-forest, transitive trusts
+ and one-way domain trusts
+ o Support for userPrincipalName logons via pam_winbind and NSS
+ lookups.
+ o Support in pam_winbind for logging on using the userPrincipalName.
+ o Expansion of nested domain groups via NSS calls.
+ o Support for Active Directory LDAP Signing policy.
-1). Oplock support now operational.
------------------------------------
-Samba now supports 'exclusive' and 'batch' oplocks.
-These are an advanced networked file system feature
-that allows clients to obtain a exclusive use of a
-file. This allows a client to cache any changes it
-makes locally, and greatly improves performance.
+ Users & Groups:
+ o New ldb backend for local group mapping tables
+ o Raised level of security defaults for authentication operations.
-Windows NT has this feature and prior to this
-release this was one of the reasons Windows NT
-could be faster in some situations.
-The oplock code in Samba has been extensively
-tested and is believed to be completely stable.
+ Documentation:
+ o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+ from O'Reilly Publishing.
-Please report any problems to the samba-bugs alias.
+Now Licensed under the GNU GPLv3
+================================
-2). Experimental Primary Domain controller code.
-------------------------------------------------
+The Samba Team has adopted the Version 3 of the GNU General Public
+License for the 3.2 and later releases. The GPLv3 is the updated
+version of the GPLv2 license under which Samba is currently
+distributed. It has been updated to improvecompatibility with other
+licenses and to make it easier to adopt internationally, and is an
+improved version of the license to better suit the needs of Free
+Software in the 21st Century.
-Samba now contains a *VERY* experimental client and
-server implementation of part of the Windows NT
-4.x Domain Controller specification, as
-published by Paul Ashton (now a Samba Team
-member).
+The original announcement is available on-line at
-This code is not enabled in the Makefile by default,
-and to work on this code you must read the file :
+ http://news.samba.org/announcements/samba_gplv3/
- docs/NTDOMAIN.txt
-Please note that as this code is not complete,
-it is being made available as part of this release
-to allow interested parties to contribute and help
-the Samba Team in documenting and implementing
-this important feature.
+New Security Defaults for Authentication
+========================================
-Please do not expect to be able to replace your
-NT Domain Controllers with Samba until this code
-is finished, tested and an announcement is made.
+Support for LanMan passwords is now disabled in both client and server
+applications. Additionally, clear text authentication requests are
+disabled by default in client utilities such as smbclient and all
+libsmbclient based applications. This will affect connection both
+to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
+to the "Changes" section for details on the exact parameters that were
+updated.
-At present the Domain Controller code is for
-programmers and people interested in Microsoft
-protocols only.
-3). New Internationalization support.
--------------------------------------
+Registry Configuration Backend
+==============================
-With this release Samba no longer needs to be
-separately compiled for Japanese (Kanji) support,
-the same binary will serve both Kanji and non-Kanji
-clients.
+Samba is now able to use a registry based configuration backed to
+supplement smb.conf setting. This feature may be enabled by setting
+"include = registry" and "registry shares = yes" in the [global]
+section of smb.conf and may be managed using the "net conf" command.
-A new method of dynamically loading client code pages
-has been added to allow the case insensitivity to
-be done dependent on the code page of the client.
+More information may be obtained from the smb.conf(5) and net(8) man
+pages.
-Note that Samba still will only handle one client
-code page at a time. This will be fixed when
-Samba is fully UNICODE enabled.
-Please see the new man page for make_smbcodepage
-for details on adding additional client code page
-support.
+Removed Features
+================
+Both the Python bindings and the libmsrpc shared library have been
+removed from the tree due to lack of an official maintainer.
-Changed code.
--------------
-Samba no longer needs the libdes library to support
-encrypted passwords. Samba now contains a restricted
-version of DES that can only be used for authentication
-purposes (to comply with the USA export encryption
-regulations and to allow USA Mirror sites to carry
-Samba source code). The 'encrypt passwords' parameter
-may now be used without recompiling.
-Much of the internals of Samba has been re-structured
-to support the oplock and Domain controller changes.
+######################################################################
+Changes
+#######
-The WINS client and WINS server capabilities in nmbd
-are also being restructured, to make it easier to
-understand and maintain.
+smb.conf changes
+----------------
-Samba supports the NT 3.51 and 4.0 Domain Authentication
-Protocol to a degree sufficient to download Profiles to an
-NT 3.51 or 4.0 Workstation ("Welcome to the SAMBA Domain").
+ Parameter Name Description Default
+ -------------- ----------- -------
+ client lanman auth Changed Default No
+ client ldap sasl wrapping New plain
+ client plaintext auth Changed Default No
+ clustering New No
+ cluster addresses New ""
+ ctdb socket New ""
+ lanman auth Changed Default No
+ mangle map Removed
+ open files database hashsize Removed
+ read bmpx Removed
+ registry shares New No
+ winbind expand groups New 1
+ winbind rpc only New No
-There is also code in smbclient to generate the same
-requests as an NT Workstation would when doing an NT
-Domain Logon. This has only been tested against a Samba
-"Experimental" PDC so far.
-Some of the new parameters for NT Domain Logons and
-Profile support are now also used by the Win95 Domain
-Logons and Profile support.
+Changes since 3.2.0pre1:
+-----------------------
-The Automount code has been slightly reshuffled, such
-that the home directory (and profile location) can be
-specified by \\%N\homes and \\%N\homes\profiles
-respectively, which are the defaults for these values.
-If -DAUTOMOUNT is enabled, then %N is the server
-component of the user's NIS auto.home entry. Obviously,
-you will need to be running Samba on the user's home
-server as well as the one they just logged in on.
-The RPC Domain code has been moved into a separate directory
-rpc_pipe/, and a GLPL License issued specifically for code
-in this directory. This is so that people can use this
-code in other projects.
+Original 3.2.0pre1 commits:
+---------------------------
+o Michael Adam <obnox@samba.org>
+ * Unified POSIX ACL detection including support for FreeBSD and
+ HP-UX.
+ * Performance improvements for Winbind's lookup functions (names,
+ SIDs, and group membership) when joined to an AD domain.
+ * Winbind cache validation support.
+ * Store domain trust passwords for Samba domain controller's in
+ the domain's passdb backend.
+ * Merged \winreg server code from the SAMBA_3_2 development branch.
+ * Fixes for libreplace.
+ * Implement new registry configuration backend.
+
+o Jeremy Allison <jra@samba.org>
+ * Add support for file system objectIDs.
+ * Winbind cache validation support.
+ * Add in the UNIX capability for 24-bit readX.
+ * Improve Delete-on-Close semantics.
+ * Removal of static file and path name buffers in SMB file serving
+ code.
+
-New parameters in smb.conf.
----------------------------
+o Danilo Almeida <dalmeida@centeris.com>
+ * Move the machine account to the OU specified when running "net
+ ads join".
-New Global parameters.
-----------------------
-Documented in the smb.con man pages :
+o Andrew Bartlett <abartlet@samba.org>
+ * Tighten authentication protocol defaults in client tools and
+ servers.
-"bind interfaces only"
-"username level"
-"domain sid"
-"domain groups"
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Implement support for one-way trusts and two-way cross-forest
+ transitive trust in winbindd.
+ * Fixes for Winbind's offline/disconnected logon support when
+ using remote idmap backends.
+ * Fix LookupNames and LookupSids to use the same resolution
+ heuristics as Windows XP.
+ * Fix lockups in Winbind when running nscd.
+ * UPN logon support in pam_winbind.
+ * Add support for GNU linker scripts when build shared libraries
+ (based on work by Julien Cristau <jcristau@debian.org> and James
+ Peach).
-"logon drive"
-"logon home"
+o Guenther Deschner <gd@samba.org>
+ * Additional support for decoding and downloading group policy
+ objects from Active Directory.
+ * Improvements to "net ads keytab" command.
+ * Fixes for linking against Heimdal Kerberos client libs.
+ * Support LDAP range retrieval searches.
+ * Fixes for failure to refresh user ticket caches in Winbind.
+ * UPN logon support in pam_winbind.
+ * Add KDC locator plugin for MIT kerberos 1.6 or later.
-Not yet documented in the smb.conf man page, please
-read docs/NTDOMAIN.txt or examine the source code for
-information on the next parameters :
-"domain other sids"
-"domain admin users"
-"domain guest users"
+o Steve Langasek <vorlon@debian.org>
+ * Allow SIGTERM to cause nmbd to exit while awaiting a interface
+ to come up.
-New Share level parameters.
----------------------------
+o Volker Lendecke <vl@samba.org>
+ * Merge experimental cluster support patches from the ctdb branch.
+ * Add tdb storage abstraction for ctdb.
+ * Use IDL for internal message passing system.
+ * Add client support for the SamLogonEx() authentication request.
+ * Implement RPC proxy stubs in the Samba server code to allow
+ replacing implementation functions one by one.
+ * Remove static incoming and outgoing buffers from core server SMB
+ packet processing code.
+ * Add "net sam rights" command.
+
+
+o Steve French <sfrench@samba.org>
+ * Fixes for mount.cfs Linux utility.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fixes for libreplace.
+ * Add support for LDAP digital signing policy.
+ * Experimental clustered file system support.
+
+
+o Lars Mueller <lars@samba.org>
+ * Makefile and build fixes.
+ * Add pam_pwd_expire for pam_winbind (original patch from Andreas
+ Schneider).
+
+
+o James Peach <jpeach@apple.com>
+ * Fixes for setgroups() and *BSD and Darwin.
+ * Support membership of >16 groups on Darwin.
+
+
+o Jiri Sasek <Jiri.Sasek@Sun.COM>
+ * Added vfs_vfsacl module.
+
+
+o Karolin Seeger <ks@sernet.de>
+ * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
+ * Cleanup internal passdb functions.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fixes for IDmap and Passdb backends.
+
-Documented in the smb.con man pages :
+o Andrew Tridgell <tridge@samba.org>
+ * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
+ * Move several file serving related tdb files to use the dbwrap
+ API internally.
+ * Cleanup the GPFS VFS plugin.
+ * Experimental clustered file system support.
-"delete veto files"
-"oplocks"
+o Jelmer Vernooij <jelmer@samba.org>
+ * Implement NDR basic to support utilizing IDL files from Samba 4
+ tree for general DCE/RPC parsing stubs.
-Reporting bugs.
----------------
-If you have problems, or think you have found a
-bug please email a report to :
-samba-bugs@samba.anu.edu.au
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
-Please state the version number of Samba that
-you are running, and *full details* of the steps
-we need to reproduce the problem.
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
-As always, all bugs are our responsibility.
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
-Regards,
- The Samba Team.
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================