X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=WHATSNEW.txt;h=fe8d541de82138c3fdc2ccc2ba199971743d144a;hb=382a937800fe3618f8dd0fd17556b4643c96303b;hp=9b72a77c45ea3a47e3902e431df51c91173b5b81;hpb=9b913d602b0799fc749aaaf59588e1a8ecc9a17d;p=ira%2Fwip.git diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9b72a77c45e..fe8d541de82 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,153 +1,88 @@ -What's new in Samba 4 alpha4 -============================ - -Samba 4 is the ambitious next version of the Samba suite that is being -developed in parallel to the stable 3.0 series. The main emphasis in -this branch is support for the Active Directory logon protocols used -by Windows 2000 and above. - -Samba 4 is currently not yet in a state where it is usable in -production environments. Note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work. + ================================= + Release Notes for Samba 3.4.0pre1 -Samba4 alpha4 follows on from the alpha release series we have been -publishing since September last year. + ================================= -WARNINGS -======== +This is the first preview release of Samba 3.4. This is *not* +intended for production environments and is designed for testing +purposes only. Please report any defects via the Samba bug reporting +system at https://bugzilla.samba.org/. -Samba4 alpha4 is not a final Samba release. That is more a reference -to Samba4's lack of the features we expect you will need than a -statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. +Major enhancements in Samba 3.4.0 include: -For example, while Samba 3.0 is an excellent member of a Active -Directory domain, Samba4 is happier as a domain controller: (This is -where we have done most of the research and development). +Authentication Changes: +o Changed the way smbd handles untrusted domain names given during user + authentication -While Samba4 is subjected to an awesome battery of tests on an -automated basis, and we have found Samba4 to be very stable in it's -behaviour, we have to recommend against upgrading production servers -from Samba 3 to Samba 4 at this stage. If you are upgrading an -experimental server, or looking to develop and test Samba, you should -backup all configuration and data. +net Command Changes: +o parameter syntax made more consistent -NEW FEATURES -============ +Authentication Changes +====================== -Samba4 supports the server-side of the Active Directory logon environment -used by Windows 2000 and later, so we can do full domain join -and domain logon operations with these clients. +Previously, when Samba was a domain member and a client was connecting using an +untrusted domain name, such as BOGUS\user smbd would remap the untrusted +domain to the primary domain smbd was a member of and attempt authentication +using that DOMAIN\user name. This differed from how a Windows member server +would behave. Now, smbd will replace the BOGUS name with it's SAM name. In +the case where smbd is acting as a PDC this will be DOMAIN\user. In the case +where smbd is acting as a domain member server this will be WORKSTATION\user. +Thus, smbd will never assume that an incoming user name which is not qualified +with the same primary domain, is part of smbd's primary domain. -Our Domain Controller (DC) implementation includes our own built-in -LDAP server and Kerberos Key Distribution Center (KDC) as well as the -Samba3-like logon services provided over CIFS. We correctly generate -the infamous Kerberos PAC, and include it with the Kerberos tickets we -issue. +While this behavior matches Windows, it may break some workflows which depended +on smbd to always pass through bogus names to the DC for verification. A new +parameter "map untrusted to domain" can be enabled to revert to the legacy +behavior. -The new VFS features in Samba 4 adapts the filesystem on the server to -match the Windows client semantics, allowing Samba 4 to better match -windows behaviour and application expectations. This includes file -annotation information (in streams) and NT ACLs in particular. The -VFS is backed with an extensive automated test suite. +net Command Changes +=================== -A new scripting interface has been added to Samba 4, allowing -Python programs to interface to Samba's internals. +The net command now accepts the common command line parameters most other Samba +command line utilities use, with a couple of remaining differences: -The Samba 4 architecture is based around an LDAP-like database that -can use a range of modular backends. One of the backends supports -standards compliant LDAP servers (including OpenLDAP), and we are -working on modules to map between AD-like behaviours and this backend. -We are aiming for Samba 4 to be powerful frontend to large -directories. +-l still gives long output for net commands supporting the --long flag. This was +more useful than the common --log-base parameter. -CHANGES SINCE Alpha3 -===================== +-i still tells net to read data from stdin (like --stdin) instead of toggling +the common --scope flag. -In the time since Samba4 Alpha2 was released in December 2007, Samba has -continued to evolve, but you may particularly notice these areas: +-S still tells net the server to connect to (like --server) instead of +negotiating the common --signing flag. As -S is probably used by most scripts +doing net rpc commands, this would have been a high-impact change for little +gain. - Python Bindings: Bindings for Python are now used for all internal - scripting, and the system python installation is used to run all - Samba python scripts (in place of smbpython found in the previous - alpha). +This change was mainly done to unify the authentification options. Here, one +flag changed it's meaning and one useful flag was added. - As such Python is no longer optional, and configure will generate an - error if it cannot locate an appropriate Python installation. +-N used to be the short version of --ntname. It now matches the Samba default of +--no-pass. Use this to stop net from prompting for a password if you want +anonymous authentication. - SWAT Remains Disabled: Due to a lack of developer time and without a - long-term web developer to maintain it, the SWAT web UI remains been - disabled (and would need to be rewritten in python in any case). +-A --authentication-file now takes an authentication file with the username and +password you want net to use, avoiding a password prompt as with plain -U user +or having to give a password on the command line as in -U user%pass. - GNU Make: To try and simplfy our build system, we rely on GNU Make - to avoid autogenerating a massive single makefile. +Last but not least net now always falls back to your local unix username if no +-U is specified and a username is needed. net rpc commands will now prompt for a +password unless one is specified using either -U user%pass or -A auth_file. - Registry: Samba4's registry library has continued to improve. +###################################################################### +Reporting bugs & Development Discussion +####################################### - ID mapping: Samba4 uses the internal ID mapping in winbind for all - but a few core users. Samba users should not appear in /etc/passwd, - as Samba will generate new user and group IDs regradless. +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. - NTP: Samba4 can act as a signing server for the ntp.org NTP deamon, - allowing NTPd to reply using Microsoft's non-standard signing - scheme. A patch to make NTPd talk to Samba for this purpose has - been submitted to the ntp.org project. +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). - CLDAP: Users should experience less arbitary delays and more success with - group policy, domain joins and logons due to an improved - implementation of CLDAP and the 'netlogon' mailslot datagrams. - SMB2: The Samba4 SMB2 server and testsuite have been greatly - improved, but the SMB2 server remains off by default. - - Secure DNS update: Configuration for GSS-TSIG updates of DNS records - is now generated by the provision script. - -These are just some of the highlights of the work done in the past few -months. More details can be found in our GIT history. - - -CHANGES -======= - -Those familiar with Samba 3 can find a list of user-visible changes -since that release series in the NEWS file. - -KNOWN ISSUES -============ - -- Domain member support is in it's infancy, and is not comparable to - the support found in Samba3. - -- There is no printing support in the current release. - -- There is no netbios browsing support in the current release - -- The Samba4 port of the CTDB clustering support is not yet complete - -- Clock Synchronisation is critical. Many 'wrong password' errors are - actually due to Kerberos objecting to a clock skew between client - and server. (The NTP work is partly to assist with this problem). - - -RUNNING Samba4 -============== - -A short guide to setting up Samba 4 can be found in the howto.txt file -in root of the tarball. - -DEVELOPMENT and FEEDBACK -======================== -Bugs can be filed at https://bugzilla.samba.org/ but please be aware -that many features are simply not expected to work at this stage. - -The Samba Wiki at http://wiki.samba.org should detail some of these -development plans. - -Development and general discussion about Samba 4 happens mainly on -the #samba-technical IRC channel (on irc.freenode.net) and -the samba-technical mailing list (see http://lists.samba.org/ for -details). +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +======================================================================