X-Git-Url: http://git.samba.org/samba.git/?p=bbaumbach%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=WHATSNEW.txt;h=7f46f5efee141558932898bfbefc5b54d4bae3a2;hp=b9dc9ffd8b8de7557668332741eada9a344f5d73;hb=aa5677040cd675dbf650f1f8acdfdb687f989978;hpb=83c0c824dffdec39e37f63629ad7bc404dc60637 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b9dc9ffd8b8..7f46f5efee1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,122 +1,72 @@ -What's new in Samba 4 Technology Preview -======================================== - -Samba 4 is the ambitious next version of the Samba suite that is being -developed in parallel to the stable 3.0 series. The main emphasis in -this branch is support for the Active Directory logon protocols used -by Windows 2000 and above. - -Samba 4 is currently not yet in a state where it is usable in -production environments. Note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work. - -With 3 years of development under our belt since Tridge first proposed -a new Virtual File System (VFS) layer for Samba3 (a project which -eventually lead to our Active Directory efforts), it was felt that we -should create something we could 'show off' to our users. This is a -Technology Preview (TP), aimed at allowing users, managers and -developers to see how we have progressed, and to invite feedback and -support. - -WARNINGS -======== - -Samba4 TP is currently a pre-alpha technology. It may eat your cat, but -is far more likely to choose to munch on your password database. We -recommend against upgrading any production servers from Samba 3 to -Samba 4 at this stage. If you are upgrading an experimental server, -you should backup all configuration and data. - -We expect that format changes will require that the user database be -rebuilt from scratch a number of times before we make a final release, -losing password data each time. - -Samba 4 Technology Preview includes basic Access Control List (ACL) -protection on the main user database, but due to time constraints, -none on the registry at this stage. We also do not currently have -ACLs on the SWAT web-based management tool. This means that Samba 4 -Technology Preview is not secure. - -File system access should occur as the logged in user, much as Samba3 -does. - -Again, we strongly recommend against use in a production environment -at this stage. - -NEW FEATURES -============ - -Samba4 supports the server-side of the Active Directory logon environment -used by Windows 2000 and later, so we can do full domain join -and domain logon operations with these clients. - -Our Domain Controller (DC) implementation includes our own built-in -LDAP server and Kerberos Key Distribution Center (KDC) as well as the -Samba3-like logon services provided over CIFS. We correctly generate -the infamous Kerberos PAC, and include it with the Kerberos tickets we -issue. - -SWAT is now integrated into Samba 4 as the user-friendly interface to -Samba server management. SWAT provides easy access to our -setup and migration tools. Using SWAT, you can migrate windows -domains in Samba 4, allowing easy setup of initial user databases, and -upgrades from Samba 3. - -The new VFS features in Samba 4 adapts the filesystem on the server to -match the Windows client semantics, allowing Samba 4 to better match -windows behaviour and application expectations. This includes file -annotation information (in streams) and NT ACLs in particular. The -VFS is backed with an extensive automated test suite. - -A new scripting interface has been added to Samba 4, allowing -JavaScript programs to interface to Samba's internals. - -The Samba 4 architecture is based around an LDAP-like database that -can use a range of modular backends. One of the backends supports -standards compliant LDAP servers (including OpenLDAP), and we are -working on modules to map between AD-like behaviours and this backend. -We are aiming for Samba 4 to be powerful frontend to large -directories. - -CHANGES -======= - -Those familiar with Samba 3 can find a list of user-visible changes -since that release series in the NEWS file. - - - An optional password is no longer supported as the second argument to - smbclient. - -KNOWN ISSUES -============ - -- Standalone server and domain member roles are not currently - supported. While we have much of the infrastructure required, we - have not collected these pieces together. - -- There is no printing support in the current release. - -- SWAT can be painful with and forms. Just use the mouse, as - the JavaScript layer doing this will change. - -- Domain logons (using Kerberos) from windows clients incorrectly - state that the password expires today. - -RUNNING Samba4 -============== - -A short guide to setting up Samba 4 can be found in the howto.txt file -in root of the tarball. - -DEVELOPMENT and FEEDBACK -======================== -Bugs can be filed at https://bugzilla.samba.org/. Please -look at the STATUS file before filing a bug to see if a particular -is supposed to work yet. - -Development and general discussion about Samba 4 happens mainly on -the #samba-technical IRC channel (on irc.freenode.net) and -the samba-technical mailing list (see http://lists.samba.org/ for -details). +'Samba4 TP4' presents you with an opportunity to see a Technology +Preview (TP) snapshot of Samba4's development, as at January 2007. + +In the last few months since TP3 was released in October 2006, +significant work has been done across many parts of Samba4. Since that +time, we have added the basis for some new and exciting features: + + PKINIT support to Samba4's KDC will allow, smart-card login to a + Samba4 domain. TP4 demonstrates this with static key files, but + work will continue to enable actual hardware cards. + + Clustering support was always a design goal of Samba4, and with TP4 + we have the ctdb framework, a cluster-aware shared database. This + allows Samba4 to share a shared cluster file-system with it's clients. + Presented at this year's linux.conf.au, including a highly rigged + demo, you can expect to see this mature over the next few months. + + Non-blocking and Asynchronous IO support, has always been a design + goal in Samba4, and TP4 will use new Linux Kernel features to + implement event driven asynchronous IO. This makes Samba more + efficient on systems where some data may be 'further away' than a + local disk, such as HSM systems. This allows the Kernel to handle + reading the returned data from the disk, only notifying Samba when + the data is ready for dispatch to the client. + + Our web-management console, known as SWAT, is being revamped, and in + TP4 you can find a new Web 2.0 style user interface, being used to + support a web-based ldb browser. We hope this new system will allow + things simple not possible with the form-submit style of web + management. + + Using LDB LDAP back-end integration has improved in this release, with an + improved mapping module allowing the start of Fedora DS back-end + support. + +In continuing our research effort, TP4 includes the work to better +understand and implement the DRSUAPI replication protocols. By better +understanding the needs of replication now, we can structure our +databases so that their format will have to change less in future. + +We hope to use this replication function to replace the SamSync based +Vampire process so effectively demonstrated since TP1, and to +eventually join an Active Directory domain, as a replicating partner. + +Behind the scenes, much of the core infrastructure of Samba4 continues +development: + + In Kerberos, we have continued to track the development of the + Heimdal Kerberos implementation, and reduce the custom diff between + our branch and upstream. Heimdal now provides plug-in APIs for + almost all of the hooks we need, including management and validation + of the PAC. + + In testing, our test infrastructure has undergone a quiet + revolution, as we improve our unit test framework. Likewise, the + tests themselves have continued to expand, as we follow our + test-driven development pattern. + + In providing an abstraction above our raw RPC layer, the libnet + library continues to expand, becoming a C and JS management API for + Samba4 and remote servers. + + To ensure that, as an administrator and developer, you can easily + read and edit our internal databases, our LDB layer has been + optimised for speed. The aim here is to avoid needing to use the faster, but + more opaque, TDB layer. + +These are just some of the highlights of the work done in the past few +months. More details can be found in our SVN history. +