1 WHATS NEW IN Samba 3.0.1pre2
3 ==============================
5 This is a preview release of the Samba 3.0.1 code base and is
6 provided for testing only. This release is *not* intended for
7 production servers. Use at your own risk.
9 There have been several bug fixes since the 3.0.0 releaser that
10 we feel are important to make available to the Samba community
11 for wider testings. See the "Changes" section for details on
15 ######################################################################
18 Changes since 3.0.1pre1
19 -----------------------
21 Please refer to the CVS log for the SAMBA_3_0 branch for complete
24 1) Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value.
25 2) Updated Japanese welcome file in SWAT.
26 3) Fix to nt-time <-> unix-time functions reversible.
27 4) Ensure that winbindd uses the the escaped DN when querying
29 5) Fix portability issues when compiling (bug 505, 550)
30 6) Compile fix for tdbbackup when Samba needs to override
31 non-C99 compliant implementations of snprintf().
32 7) Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574).
33 8) Make sure we break out of samsync loop on error.
34 9) Ensure error code path doesn't free unmalloc()'d memory
36 10) Add configure test for krb5_keytab_entry keyblock vs key
39 12) Modified testparm so that all output so all debug output goes
40 to stderr, and all file processing goes to stdout.
41 13) Fix error return code for BUFFER_TOO_SMALL in smbcacls
43 14) Fix "NULL dest in safe_strcpy()" log message by ensuring that
44 we have a devmode before copying a string to the devicename.
45 15) Support mapping REALM.COM\user to a local user account (without
46 running winbindd) for compatibility with 2.2.x release.
47 16) Ensure we don't use mmap() on blacklisted systems.
48 17) fixed a number of bugs and memory leaks in the AIX
50 18) Call initgroups() in SWAT before becomming the user so that
51 secondary group permissions can be used when writing to
53 19) Fix signing problems when reverse connecting back to a
54 client for printer notify
55 20) Fix signing problems caused by a miss-sequence bug.
56 21) Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
57 Fixes NEXUS tools running on Win9x clients (bug 64).
58 22) Don't leave the domain field uninitialized in cli_lsa.c if some
59 SID could not be mapped.
60 23) Fix segfault in mount.cifs helper when there is no options
61 specified during mount.
62 24) Change the \n after the password prompt to go to tty instead
64 25) Stop net -P from prompting for machine account password (bug 451).
65 26) Change in behavior to Not only change the effective uid but also
66 the real uid when becoming unprivileged.
67 27) Cope with Exchange 5.5 cleartext pop password auth.
68 28) New files for support of initshutdown pipe. Win2k doesn't
69 respond properly to all requests on the winreg pipe, so we need
70 to handle this new pipe (bug 534).
71 29) Added more va_copy() checks in configure.in.
72 30) Include fixes for libsmbclient build problems.
73 31) Missing UNIX -> DOS codepage conversion in lanman.c.
74 32) Allow DFMS-S filenames can now have arbitrary case (bug 667).
75 33) Parameterize the listen backlog in smbd and make it larger by
76 default. A backlog of 5 is way too small these days.
77 34) Check for an invalid fid before dereferencing the fsp pointer
79 35) Remove invalid memory frees and return codes in pdb_ldap.c.
80 36) Prompt for password when invoking --set-auth-user and no
82 37) Bind the nmbd sending socket to the 'socket address'.
83 38) Re-order link command for smbd, rpcclient and smbpasswd to ensure
84 $LDFLAGS occurs before any library specification (bug 661).
85 39) Fix large number of printf() calls for 64-bit size_t.
86 40) Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the
87 keyblock in the krb5 structs.
88 41) Remove #include <compat.h> in hopes to avoid problems with
90 42) COrrect winbindd build problems on HP-UX 11
91 43) Lowercase netgroups lookups (bug 703).
92 44) Use the actual size of the buffer in strftime instead of a made
93 up value which just happens to be less than sizeof(fstring).
95 45) Add ldaplibs to pdbedit link line (bug 651).
96 46) Fix crash bug in smbclient completion (bug 659).
97 47) Fix packet length for browse list reply (bug 771).
98 48) Fix coredump in cli_get_backup_list().
99 49) Make sure that we expand %N (bug 612).
100 50) Allow rpcclient adddriver command to specify printer driver
102 51) Compile tdbdump by default.
103 52) Apply patches to fix iconv detection for FreeBSD.
104 53) Do not allow the 'guest account' to be added to a passdb backend
105 using smbpasswd or pdbedit (bug 624).
106 54) Save LDFLAGS during iconv detection (bug 57).
107 55) Run krb5 logins through the username map if the winbindd
108 lookup fails (bug 698).
109 56) Add const for lp_set_name_resolve_order() to avoid compiler warnings
111 57) Add support for the %i macro in smb.conf to stand in for the for
112 the local IP address to which a client connected.
113 58) Allow winbindd to match local accounts to domain SID when
114 'winbind trusted domains only = yes' (bug 680).
115 59) Remove code in idmap_ldap that searches the user suffix and group
116 suffix. It's not needed and provides inconsistent functionality
117 from the tdb backend.
124 * mangled map (deprecated)
127 * mangled stack (unused)
130 1) Change the interface for init_unistr2 to not take a length
131 but a flags field. We were assuming that
132 2*strlen(mb_string) == length of ucs2-le string. (bug 480).
133 2) Allow d_printf() to handle strings with escaped quotation
134 marks since the msg file includes the escape character (bug 489).
135 3) Fix bad html table row termination in SWAT wizard code (bug 413).
136 4) Fix to parse the level-2 strings.
137 5) Fix for "valid users = %S" in [homes]. Fix read/write
139 6) Change AC_CHECK_LIB_EXT to prepend libraries instead of append.
140 This is the same way AC_CHECK_LIB works (bug 508).
141 7) Testparm output fixes for clarity.
142 8) Fix broken wins hook functionality -- i18n bug (bug 528).
143 9) Take care of condition where DOS and NT error codes must differ.
144 10) Default to using only built-in charsets when a working iconv
145 implementation cannot be located.
146 11) Wrap internals of sys_setgroups() so the sys_XX() call can
147 be done unconditionally (bug 550).
148 12) Remove duplicate smbspool link on SWAT's front page (bug 541).
149 13) Save and restore CFLAGS before/after AC_PROG_CC. Ensures that
150 --enable-debug=[yes|no] works correctly.
151 14) Allow ^C to interrupt smbpasswd if using our getpass
152 (e.g. smbpasswd command).
153 15) Support signing only on RPC's (bug 167).
154 16) Correct bug that prevented Excel 2000 clients from opening
155 files marked as read-only.
156 17) Portability fix bugs 546 - 549).
157 18) Explicitly initialize the value of AR for vendor makes that don't
158 do this (e.g. HPUX 11). (bug 552).
159 19) More i18n fixes for SWAT (bug 413).
160 20) Change the cwd before the postexec script to ensure that a
162 21) Correct double free that caused winbindd to crash when a DC
163 is rebooted (bug 437).
164 22) Fix incorrect mode sum (bug 562).
165 23) Canonicalize SMB_INFO_ALLOCATION in the same was as
166 SMB_FS_FULL_SIZE_INFORMATION (bug 564).
167 24) Add script to generate *msg files.
168 25) Add Dutch SWAT translation file.
169 26) Make sure to call get_user_groups() with the full winbindd
170 name for a user if he/she has one (bug 406).
171 27) Fix up error code returns from Samba4 tester. Ensure invalid
172 paths are validated the same way.
173 28) Allow Samba3 to pass the Samba4 RAW-READ tests.
174 29) Refuse to configure if --with-expsam=$BACKEND was used but no
175 libraries were found for $BACKEND.
176 30) Move sysquotas autoconf tests to a separate file.
177 31) Match W2K w.r.t. writelock and writeclose. Samba4 torture
179 32) Make sure that the files that contain the static_init_$subsystem;
180 macro get recompiled after configure by removing the object
182 33) Ensure canceling a blocking lock returns the correct error
184 34) Match Samba 2.2, and make ACB_NORMAL the default ACB value.
188 ######################################################################
190 =======================================
191 The original 3.0.0 release notes follow
192 =======================================
198 1) Active Directory support. Samba 3.0 is now able to
199 join a ADS realm as a member server and authenticate
200 users using LDAP/Kerberos.
202 2) Unicode support. Samba will now negotiate UNICODE on the wire
203 and internally there is now a much better infrastructure for
204 multi-byte and UNICODE character sets.
206 3) New authentication system. The internal authentication system
207 has been almost completely rewritten. Most of the changes are
208 internal, but the new auth system is also very configurable.
210 4) New default filename mangling system.
212 5) A new "net" command has been added. It is somewhat similar to
213 the "net" command in windows. Eventually we plan to replace
214 numerous other utilities (such as smbpasswd) with subcommands
217 6) Samba now negotiates NT-style status32 codes on the wire. This
218 improves error handling a lot.
220 7) Better Windows 2000/XP/2003 printing support including publishing
221 printer attributes in active directory.
223 8) New loadable module support for passdb backends and character
226 9) New default dual-daemon winbindd support for better performance.
228 10) Support for migrating from a Windows NT 4.0 domain to a Samba
229 domain and maintaining user, group and domain SIDs.
231 11) Support for establishing trust relationships with Windows NT 4.0
234 12) Initial support for a distributed Winbind architecture using
235 an LDAP directory for storing SID to uid/gid mappings.
237 13) Major updates to the Samba documentation tree.
239 14) Full support for client and server SMB signing to ensure
240 compatibility with default Windows 2003 security settings.
242 15) Improvement of ACL mapping features based on code donated by
246 Plus lots of other improvements!
249 Additional Documentation
250 ------------------------
252 Please refer to Samba documentation tree (included in the docs/
253 subdirectory) for extensive explanations of installing, configuring
254 and maintaining Samba 3.0 servers and clients. It is advised to
255 begin with the Samba-HOWTO-Collection for overviews and specific
256 tasks (the current book is up to approximately 400 pages) and to
257 refer to the various man pages for information on individual options.
259 We are very glad to be able to include the second edition of
260 "Using Samba" by Jay Ts, Robert Eckstein, and David Collier-Brown
261 (O'Reilly & Associates) in this release. The book is available
262 on-line at http://samba.org/samba/docs/ and is included with
263 the Samba Web Administration Tool (SWAT). Thanks to the authors and
264 publisher for making "Using Samba" under the GNU Free Documentation
268 ######################################################################
269 Upgrading from a previous Samba 3.0 beta
270 ########################################
272 Beginning with Samba 3.0.0beta3, the RID allocation functions
273 have been moved into winbindd. Previously these were handled
274 by each passdb backend. This means that winbindd must be running
275 to automatically allocate RIDs for users and/or groups. Otherwise,
276 smbd will use the 2.2 algorithm for generating new RIDs.
278 If you are using 'passdb backend = tdbsam' with a previous Samba
279 3.0 beta release (or possibly alpha), it may be necessary to
280 move the RID_COUNTER entry from /usr/local/samba/private/passdb.tdb
281 to winbindd_idmap.tdb. To do this:
283 1) Ensure that winbindd_idmap.tdb exists (launch winbindd at least
285 2) build tdbtool by executing 'make tdbtool' in the source/tdb/
287 3) run: (note that 'tdb>' is the tool's prompt for input)
289 root# ./tdbtool /usr/local/samba/private/passdb.tdb
290 tdb> show RID_COUNTER
294 [000] 0A 52 00 00 .R.
296 tdb> move RID_COUNTER /usr/local/samba/var/locks/winbindd_idmap.tdb
300 If you are using 'passdb backend = ldapsam', it will be necessary to
301 store idmap entries in the LDAP directory as well (i.e. idmap backend
302 = ldap). Refer to the 'net idmap' command for more information on
303 migrating SID<->UNIX id mappings from one backend to another.
305 If the RID_COUNTER record does not exist, then these instructions are
306 unneccessary and the new RID_COUNTER record will be correctly generated
311 ########################
312 Upgrading from Samba 2.2
313 ########################
315 This section is provided to help administrators understand the details
316 involved with upgrading a Samba 2.2 server to Samba 3.0.
322 Many of the options to the GNU autoconf script have been modified
323 in the 3.0 release. The most noticeable are:
325 * removal of --with-tdbsam (is now included by default; see section
326 on passdb backends and authentication for more details)
328 * --with-ldapsam is now on used to provided backward compatible
329 parameters for LDAP enabled Samba 2.2 servers. Refer to the passdb
330 backend and authentication section for more details
332 * inclusion of non-standard passdb modules may be enabled using
333 --with-expsam. This includes an XML backend and a mysql backend.
335 * removal of --with-msdfs (is now enabled by default)
337 * removal of --with-ssl (no longer supported)
339 * --with-utmp now defaults to 'yes' on supported systems
341 * --with-sendfile-support is now enabled by default on supported
348 This section contains a brief listing of changes to smb.conf options
349 in the 3.0.0 release. Please refer to the smb.conf(5) man page for
350 complete descriptions of new or modified parameters.
352 Removed Parameters (order alphabetically):
355 * alternate permissions
358 * code page directory
362 * force unknown acl user
366 * printer driver file
367 * printer driver location
375 New Parameters (new parameters have been grouped by function):
379 * abort shutdown script
382 User and Group Account Management
383 ---------------------------------
386 * add user to group script
387 * algorithmic rid base
388 * delete group script
389 * delete user from group script
391 * set primary group script
407 * paranoid server security
417 * hide unwriteable files
419 * kernel change notify
429 * max reported print jobs
431 UNICODE and Character Sets
432 --------------------------
438 SID to uid/gid Mappings
439 -----------------------
443 * winbind enable local accounts
444 * winbind trusted domains only
445 * template primary group
446 * enable rid algorithm
453 * ldap machine suffix
457 General Configuration
458 ---------------------
462 Modified Parameters (changes in behavior):
464 * encrypt passwords (enabled by default)
465 * mangling method (set to 'hash2' by default)
468 * restrict anonymous (integer value)
469 * security (new 'ads' value)
470 * strict locking (enabled by default)
471 * unix extensions (enabled by default)
472 * winbind cache time (increased to 5 minutes)
473 * winbind uid (deprecated in favor of 'idmap uid')
474 * winbind gid (deprecated in favor of 'idmap gid')
480 This section contains brief descriptions of any new databases
481 introduced in Samba 3.0. Please remember to backup your existing
482 ${lock directory}/*tdb before upgrading to Samba 3.0. Samba will
483 upgrade databases as they are opened (if necessary), but downgrading
484 from 3.0 to 2.2 is an unsupported path.
486 Name Description Backup?
487 ---- ----------- -------
488 account_policy User policy settings yes
489 gencache Generic caching db no
490 group_mapping Mapping table from Windows yes
491 groups/SID to unix groups
492 winbindd_idmap ID map table from SIDS to UNIX yes
494 namecache Name resolution cache entries no
495 netsamlogon_cache Cache of NET_USER_INFO_3 structure no
496 returned as part of a successful
497 net_sam_logon request
498 printing/*.tdb Cached output from 'lpq no
499 command' created on a per print
501 registry Read-only samba registry skeleton no
502 that provides support for exporting
503 various db tables via the winreg RPCs
509 The following issues are known changes in behavior between Samba 2.2 and
510 Samba 3.0 that may affect certain installations of Samba.
512 1) When operating as a member of a Windows domain, Samba 2.2 would
513 map any users authenticated by the remote DC to the 'guest account'
514 if a uid could not be obtained via the getpwnam() call. Samba 3.0
515 rejects the connection as NT_STATUS_LOGON_FAILURE. There is no
516 current work around to re-establish the 2.2 behavior.
518 2) When adding machines to a Samba 2.2 controlled domain, the
519 'add user script' was used to create the UNIX identity of the
520 machine trust account. Samba 3.0 introduces a new 'add machine
521 script' that must be specified for this purpose. Samba 3.0 will
522 not fall back to using the 'add user script' in the absence of
523 an 'add machine script'
526 ######################################################################
527 Passdb Backends and Authentication
528 ##################################
530 There have been a few new changes that Samba administrators should be
531 aware of when moving to Samba 3.0.
533 1) encrypted passwords have been enabled by default in order to
534 inter-operate better with out-of-the-box Windows client
535 installations. This does mean that either (a) a samba account
536 must be created for each user, or (b) 'encrypt passwords = no'
537 must be explicitly defined in smb.conf.
539 2) Inclusion of new 'security = ads' option for integration
540 with an Active Directory domain using the native Windows
541 Kerberos 5 and LDAP protocols.
543 MIT kerberos 1.3.1 supports the ARCFOUR-HMAC-MD5 encryption
544 type which is neccessary for servers on which the
545 administrator password has not been changed, or kerberos-enabled
546 SMB connections to servers that require Kerberos SMB signing.
547 Besides this one difference, either MIT or Heimdal Kerberos
548 distributions are usable by Samba 3.0.
551 Samba 3.0 also includes the possibility of setting up chains
552 of authentication methods (auth methods) and account storage
553 backends (passdb backend). Please refer to the smb.conf(5)
554 man page for details. While both parameters assume sane default
555 values, it is likely that you will need to understand what the
556 values actually mean in order to ensure Samba operates correctly.
558 The recommended passdb backends at this time are
560 * smbpasswd - 2.2 compatible flat file format
561 * tdbsam - attribute rich database intended as an smbpasswd
562 replacement for stand alone servers
563 * ldapsam - attribute rich account storage and retrieval
564 backend utilizing an LDAP directory.
565 * ldapsam_compat - a 2.2 backward compatible LDAP account
568 Certain functions of the smbpasswd(8) tool have been split between the
569 new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8)
570 utility. See the respective man pages for details.
573 ######################################################################
577 This section outlines the new features affecting Samba / LDAP
583 A new object class (sambaSamAccount) has been introduced to replace
584 the old sambaAccount. This change aids us in the renaming of attributes
585 to prevent clashes with attributes from other vendors. There is a
586 conversion script (examples/LDAP/convertSambaAccount) to modify and LDIF
587 file to the new schema.
591 $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
592 $ convertSambaAccount <DOM SID> old.ldif new.ldif
594 The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
595 on the Samba PDC as root.
597 The old sambaAccount schema may still be used by specifying the
598 "ldapsam_compat" passdb backend. However, the sambaAccount and
599 associated attributes have been moved to the historical section of
600 the schema file and must be uncommented before use if needed.
601 The 2.2 object class declaration for a sambaAccount has not changed
602 in the 3.0 samba.schema file.
604 Other new object classes and their uses include:
606 * sambaDomain - domain information used to allocate rids
607 for users and groups as necessary. The attributes are added
608 in 'ldap suffix' directory entry automatically if
609 an idmap uid/gid range has been set and the 'ldapsam'
610 passdb backend has been selected.
612 * sambaGroupMapping - an object representing the
613 relationship between a posixGroup and a Windows
614 group/SID. These entries are stored in the 'ldap
615 group suffix' and managed by the 'net groupmap' command.
617 * sambaUnixIdPool - created in the 'ldap idmap suffix' entry
618 automatically and contains the next available 'idmap uid' and
621 * sambaIdmapEntry - object storing a mapping between a
622 SID and a UNIX uid/gid. These objects are created by the
623 idmap_ldap module as needed.
625 * sambaSidEntry - object representing a SID alone, as a Structural
626 class on which to build the sambaIdmapEntry.
629 New Suffix for Searching
630 ------------------------
632 The following new smb.conf parameters have been added to aid in directing
633 certain LDAP queries when 'passdb backend = ldapsam://...' has been
636 * ldap suffix - used to search for user and computer accounts
637 * ldap user suffix - used to store user accounts
638 * ldap machine suffix - used to store machine trust accounts
639 * ldap group suffix - location of posixGroup/sambaGroupMapping entries
640 * ldap idmap suffix - location of sambaIdmapEntry objects
642 If an 'ldap suffix' is defined, it will be appended to all of the
643 remaining sub-suffix parameters. In this case, the order of the suffix
644 listings in smb.conf is important. Always place the 'ldap suffix' first
647 Due to a limitation in Samba's smb.conf parsing, you should not surround
648 the DN's with quotation marks.
654 Samba 3.0 supports an ldap backend for the idmap subsystem. The
655 following options would inform Samba that the idmap table should be
656 stored on the directory server onterose in the "ou=idmap,dc=plainjoe,
661 idmap backend = ldap:ldap://onterose/
662 ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
663 idmap uid = 40000-50000
664 idmap gid = 40000-50000
666 This configuration allows winbind installations on multiple servers to
667 share a uid/gid number space, thus avoiding the interoperability problems
668 with NFS that were present in Samba 2.2.
672 ######################################################################
673 Trust Relationships and a Samba Domain
674 ######################################
676 Samba 3.0.0beta2 is able to utilize winbindd as the means of
677 allocating uids and gids to trusted users and groups. More
678 information regarding Samba's support for establishing trust
679 relationships can be found in the Samba-HOWTO-Collection included
680 in the docs/ directory of this release.
682 First create your Samba PDC and ensure that everything is
683 working correctly before moving on the trusts.
685 To establish Samba as the trusting domain (named SAMBA) from a Windows NT
686 4.0 domain named WINDOWS:
688 1) create the trust account for SAMBA in "User Manager for Domains"
689 2) connect the trust from the Samba domain using
690 'net rpc trustdom establish GLASS'
692 To create a trustlationship with SAMBA as the trusted domain:
694 1) create the initial trust account for GLASS using
695 'smbpasswd -a -i GLASS'. You may need to create a UNIX
696 account for GLASS$ prior to this step (depending on your
697 local configuration).
698 2) connect the trust from a WINDOWS DC using "User Manager
701 Now join winbindd on the Samba PDC to the SAMBA domain using
702 the normal steps for adding a Samba server to an NT4 domain:
703 (note that smbd & nmbd must be running at this point)
705 root# net rpc join -U root
706 Password: <enter root password from smbpasswd file here>
708 Start winbindd and test the join with 'wbinfo -t'.
710 Now test the trust relationship by connecting to the SAMBA DC
711 (e.g. POGO) as a user from the WINDOWS domain:
713 $ smbclient //pogo/netlogon -U Administrator -W WINDOWS
716 Now connect to the WINDOWS DC (e.g. CRYSTAL) as a Samba user:
718 $ smbclient //crystal/netlogon -U root -W WINDOWS
721 ######################################################################
725 Beginning with Samba3.0.0beta3, winbindd has been given new account
726 manage functionality equivalent to the 'add user script' family of
727 smb.conf parameters. The idmap design has also been changed to
728 centralize control of foreign SID lookups and matching to UNIX
732 Brief Description of Changes
733 ----------------------------
735 1) The sid_to_uid() family of functions (smbd/uid.c) have been
736 reverted to the 2.2.x design. This means that when resolving a
737 SID to a UID or similar mapping:
739 a) First consult winbindd
740 b) perform a local lookup only if winbindd fails to
741 return a successful answer
743 There are some variations to this, but these two rules generally
746 2) All idmap lookups have been moved into winbindd. This means that
747 a server must run winbindd (and support NSS) in order to achieve
748 any mappings of SID to dynamically allocated UNIX ids. This was
749 a conscious design choice.
751 3) New functions have been added to winbindd to emulate the 'add user
752 script' family of smbd functions without requiring that external
753 scripts be defined. This functionality is controlled by the 'winbind
754 enable local accounts' smb.conf parameter (enabled by default).
756 However, this account management functionality is only supported
757 in a local tdb (winbindd_idmap.tdb). If these new UNIX accounts
758 must be shared among multiple Samba servers (such as a PDC and BDCs),
759 it will be necessary to define your own 'add user script', et. al.
760 programs that place the accounts/groups in some form of directory
761 such as NIS or LDAP. This requirement was deemed beyond the scope
762 of winbind's account management functions. Solutions for
763 distributing UNIX system information have been deployed and tested
764 for many years. We saw no need to reinvent the wheel.
766 4) A member of a Samba controlled domain running winbindd is now able
767 to map domain users directly onto existing UNIX accounts while still
768 automatically creating accounts for trusted users and groups. This
769 behavior is controlled by the 'winbind trusted domains only' smb.conf
770 parameter (disabled by default to provide 2.2.x winbind behavior).
772 5) Group mapping support is wrapped in the local_XX_to_XX() functions
773 in smbd/uid.c. The reason that group mappings are not included
774 in winbindd is because the purpose of Samba's group map is to
775 match any Windows SID with an existing UNIX group. These UNIX
776 groups can be created by winbindd (see next section), but the
777 SID<->gid mapping is retreived by smbd, not winbindd.
783 * security = server running winbindd to allocate accounts on demand
785 * Samba PDC running winbindd to handle the automatic creation of UNIX
786 identities for machine trust accounts
788 * Automtically creating UNIX user and groups when migrating a Windows NT
789 4.0 PDC to a Samba PDC. Winbindd must be running when executing
790 'net rpc vampire' for this to work.
793 ######################################################################
797 * There are several bugs currently logged against the 3.0 codebase
798 that affect the use of NT 4.0 GUI domain management tools when run
799 against a Samba 3.0 PDC. This bugs should be released in an early
802 Please refer to https://bugzilla.samba.org/ for a current list of bugs
803 filed against the Samba 3.0 codebase.
806 ######################################################################
807 Reporting bugs & Development Discussion
808 #######################################
810 Please discuss this release on the samba-technical mailing list or by
811 joining the #samba-technical IRC channel on irc.freenode.net.
813 If you do report problems then please try to send high quality
814 feedback. If you don't provide vital information to help us track down
815 the problem then you will probably be ignored.
817 A new bugzilla installation has been established to help support the
818 Samba 3.0 community of users. This server, located at
819 https://bugzilla.samba.org/, has replaced the older jitterbug server
820 previously located at http://bugs.samba.org/.