X-Git-Url: http://git.samba.org/samba.git/?p=ambi%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=WHATSNEW.txt;h=d9324e7dbdd04b197c985253a344a805677b6e92;hp=399fb2b79af0776883d9fd26f9efffd4775966e2;hb=b5a67b9d24ceb84cf00721770d31c82196dafa56;hpb=d201a2080d73bfb73874c526134d38cebbcb572c diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 399fb2b79af..d9324e7dbdd 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,231 +1,89 @@ Release Announcements ===================== -This is the first release candidate of Samba 4.4. This is *not* +This is the first preview release of Samba 4.7. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Samba 4.4 will be the next version of the Samba suite. +Samba 4.7 will be the next version of the Samba suite. UPGRADING ========= -Nothing special. - NEW FEATURES/CHANGES ==================== -Asynchronous flush requests ---------------------------- - -Flush requests from SMB2/3 clients are handled asynchronously and do -not block the processing of other requests. Note that 'strict sync' -has to be set to 'yes' for Samba to honor flush requests from SMB -clients. - -s3: smbd --------- - -Remove '--with-aio-support' configure option. We no longer would ever prefer -POSIX-RT aio, use pthread_aio instead. - -samba-tool sites ----------------- - -The 'samba-tool sites' subcommand can now be run against another server by -specifying an LDB URL using the '-H' option and not against the local database -only (which is still the default when no URL is given). - -samba-tool domain demote ------------------------- - -Add '--remove-other-dead-server' option to 'samba-tool domain demote' -subcommand. The new version of this tool now can remove another DC that is -itself offline. The '--remove-other-dead-server' removes as many references -to the DC as possible. - -samba-tool drs clone-dc-database --------------------------------- - -Replicate an initial clone of domain, but do not join it. -This is developed for debugging purposes, but not for setting up another DC. - -pdbedit -------- - -Add '--set-nt-hash' option to pdbedit to update user password from nt-hash -hexstring. 'pdbedit -vw' shows also password hashes. - -smbstatus ---------- - -'smbstatus' was enhanced to show the state of signing and encryption for -sessions and shares. - -s4-rpc_server -------------- - -Add a GnuTLS based backupkey implementation. - -ntlm_auth ---------- - -Using the '--offline-logon' enables ntlm_auth to use cached passwords when the -DC is offline. - -Allow '--password' force a local password check for ntlm-server-1 mode. - -vfs_offline ------------ - -A new VFS module called vfs_offline has been added to mark all files in the -share as offline. It can be useful for shares mounted on top of a remote file -system (either through a samba VFS module or via FUSE). - -KCC ---- - -The Samba KCC has been improved, but is still disabled by default. - -DNS ---- - -There were several improvements concerning the Samba DNS server. - -Active Directory ----------------- - -There were some improvements in the Active Directory area. +The "strict sync" global parameter has been changed from +a default of "no" to "yes". This means smbd will by default +obey client requests to synchronize unwritten data in operating +system buffers safely onto disk. This is a safer default setting +for modern SMB1/2/3 clients. + +Authentication and Authorization audit support +---------------------------------------------- + +Detailed authentication and authorization audit information is now +logged to Samba's debug logs under the "auth_audit" debug class, +including in particular the client IP address triggering the audit +line. Additionally, if Samba is compiled against the jansson JSON +library, a JSON representation is logged under the "auth_json_audit" +debug class. + +Audit support is comprehensive for all authentication and +authorisation of user accounts in the Samba Active Directory Domain +Controller, as well as the implicit authentication in password +changes. In the file server and classic/NT4 domain controller, NTLM +authentication, SMB and RPC authorization is covered, however password +changes are not at this stage, and this support is not currently +backed by a testsuite. -WINS nsswitch module --------------------- - -The WINS nsswitch module has been rewritten to address memory issues and to -simplify the code. The module now uses libwbclient to do WINS queries. This -means that winbind needs to be running in order to resolve WINS names using -the nss_wins module. This does not affect smbd. - -CTDB changes ------------- - -* CTDB now uses a newly implemented parallel database recovery scheme - that avoids deadlocks with smbd. - - In certain circumstances CTDB and smbd could deadlock. The new - recovery implementation avoid this. It also provides improved - recovery performance. - -* All files are now installed into and referred to by the paths - configured at build time. Therefore, CTDB will now work properly - when installed into the default location at /usr/local. - -* Public CTDB header files are no longer installed, since Samba and - CTDB are built from within the same source tree. - -* CTDB_DBDIR can now be set to tmpfs[:] - - This will cause volatile TDBs to be located in a tmpfs. This can - help to avoid performance problems associated with contention on the - disk where volatile TDBs are usually stored. See ctdbd.conf(5) for - more details. - -* Configuration variable CTDB_NATGW_SLAVE_ONLY is no longer used. - Instead, nodes should be annotated with the "slave-only" option in - the CTDB NAT gateway nodes file. This file must be consistent - across nodes in a NAT gateway group. See ctdbd.conf(5) for more - details. - -* New event script 05.system allows various system resources to be - monitored - - This can be helpful for explaining poor performance or unexpected - behaviour. New configuration variables are - CTDB_MONITOR_FILESYSTEM_USAGE, CTDB_MONITOR_MEMORY_USAGE and - CTDB_MONITOR_SWAP_USAGE. Default values cause warnings to be - logged. See the SYSTEM RESOURCE MONITORING CONFIGURATION in - ctdbd.conf(5) for more information. - - The memory, swap and filesystem usage monitoring previously found in - 00.ctdb and 40.fs_use is no longer available. Therefore, - configuration variables CTDB_CHECK_FS_USE, CTDB_MONITOR_FREE_MEMORY, - CTDB_MONITOR_FREE_MEMORY_WARN and CTDB_CHECK_SWAP_IS_NOT_USED are - now ignored. - -* The 62.cnfs eventscript has been removed. To get a similar effect - just do something like this: - - mmaddcallback ctdb-disable-on-quorumLoss \ - --command /usr/bin/ctdb \ - --event quorumLoss --parms "disable" - - mmaddcallback ctdb-enable-on-quorumReached \ - --command /usr/bin/ctdb \ - --event quorumReached --parms "enable" - -* The CTDB tunable parameter EventScriptTimeoutCount has been renamed - to MonitorTimeoutCount - - It has only ever been used to limit timed-out monitor events. - - Configurations containing CTDB_SET_EventScriptTimeoutCount= will - cause CTDB to fail at startup. Useful messages will be logged. - -* The commandline option "-n all" to CTDB tool has been removed. - - The option was not uniformly implemented for all the commands. - Instead of command "ctdb ip -n all", use "ctdb ip all". - -* All CTDB current manual pages are now correctly installed - - -REMOVED FEATURES +smb.conf changes ================ -Public headers --------------- + Parameter Name Description Default + -------------- ----------- ------- + auth event notification New parameter no + auth methods Deprecated + map untrusted to domain Deprecated + strict sync Default changed yes -Several public headers are not installed any longer. They are made for internal -use only. More public headers will very likely be removed in future releases. +Removal of lpcfg_register_defaults_hook() +----------------------------------------- -The following headers are not installed any longer: -dlinklist.h, gen_ndr/epmapper.h, gen_ndr/mgmt.h, gen_ndr/ndr_atsvc_c.h, -gen_ndr/ndr_epmapper_c.h, gen_ndr/ndr_epmapper.h, gen_ndr/ndr_mgmt_c.h, -gen_ndr/ndr_mgmt.h,gensec.h, ldap_errors.h, ldap_message.h, ldap_ndr.h, -ldap-util.h, pytalloc.h, read_smb.h, registry.h, roles.h, samba_util.h, -smb2_constants.h, smb2_create_blob.h, smb2.h, smb2_lease.h, smb2_signing.h, -smb_cli.h, smb_cliraw.h, smb_common.h, smb_composite.h, smb_constants.h, -smb_raw.h, smb_raw_interfaces.h, smb_raw_signing.h, smb_raw_trans2.h, -smb_request.h, smb_seal.h, smb_signing.h, smb_unix_ext.h, smb_util.h, -torture.h, tstream_smbXcli_np.h. +The undocumented and unsupported function lpcfg_register_defaults_hook() +that was used by external projects to call into Samba and modify +smb.conf default parameter settings has been removed. If your project +was using this call please raise the issue on +samba-technical@lists.samba.org in order to design a supported +way of obtaining the same functionality. -vfs_smb_traffic_analyzer ------------------------- +Change of loadable module interface +----------------------------------- -The SMB traffic analyzer VFS module has been removed, because it is not -maintained any longer and not widely used. +The _init function of all loadable modules in Samba has changed +from: -vfs_scannedonly ---------------- +NTSTATUS _init(void); -The scannedonly VFS module has been removed, because it is not maintained -any longer. +to: -smb.conf changes ----------------- - - Parameter Name Description Default - -------------- ----------- ------- - aio max threads New 100 - ldap page size Changed default 1000 +NTSTATUS _init(TALLOC_CTX *); +This allows a program loading a module to pass in a long-lived +talloc context (which must be guaranteed to be alive for the +lifetime of the module). This allows modules to avoid use of +the talloc_autofree_context() (which is inherently thread-unsafe) +and still be valgrind-clean on exit. Modules that don't need to +free long-lived data on exist should use the NULL talloc context. KNOWN ISSUES ============ -Currently none. +https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs + ####################################### Reporting bugs & Development Discussion