-'Samba4 TP5' presents you with a snapshot into Samba4's ongoing
-development, as we move towards our first alpha releases. This Technology
-Preview (TP) is snapshot of Samba4's development, as at June 2007.
+What's new in Samba 4 alpha2
+============================
-In the time since TP4 was released in January 2007, Samba has
+Samba 4 is the ambitious next version of the Samba suite that is being
+developed in parallel to the stable 3.0 series. The main emphasis in
+this branch is support for the Active Directory logon protocols used
+by Windows 2000 and above.
+
+Samba 4 is currently not yet in a state where it is usable in
+production environments. Note the WARNINGS below, and the STATUS file,
+which aims to document what should and should not work.
+
+Samba4 alpha2 follows on from our first alpha release, made in
+September, and the Technology Preview series we have offered for some
+time now.
+
+WARNINGS
+========
+
+Samba4 alpha2 is not a final Samba release. That is more a reference
+to Samba4's lack of the features we expect you will need than a
+statement of code quality, but clearly it hasn't seen a broad
+deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
+Samba4, you would find many things work, but that other key features
+you may have relied on simply are not there yet.
+
+For example, while Samba 3.0 is an excellent member of a Active
+Directory domain, Samba4 is happier as a domain controller: (This is
+where we have done most of the research and development).
+
+While Samba4 is subjected to an awesome battery of tests on an
+automated basis, and we have found Samba4 to be very stable in it's
+behaviour, we have to recommend against upgrading production servers
+from Samba 3 to Samba 4 at this stage. If you are upgrading an
+experimental server, or looking to develop and test Samba, you should
+backup all configuration and data.
+
+NEW FEATURES
+============
+
+Samba4 supports the server-side of the Active Directory logon environment
+used by Windows 2000 and later, so we can do full domain join
+and domain logon operations with these clients.
+
+Our Domain Controller (DC) implementation includes our own built-in
+LDAP server and Kerberos Key Distribution Center (KDC) as well as the
+Samba3-like logon services provided over CIFS. We correctly generate
+the infamous Kerberos PAC, and include it with the Kerberos tickets we
+issue.
+
+The new VFS features in Samba 4 adapts the filesystem on the server to
+match the Windows client semantics, allowing Samba 4 to better match
+windows behaviour and application expectations. This includes file
+annotation information (in streams) and NT ACLs in particular. The
+VFS is backed with an extensive automated test suite.
+
+A new scripting interface has been added to Samba 4, allowing
+Python programs to interface to Samba's internals.
+
+The Samba 4 architecture is based around an LDAP-like database that
+can use a range of modular backends. One of the backends supports
+standards compliant LDAP servers (including OpenLDAP), and we are
+working on modules to map between AD-like behaviours and this backend.
+We are aiming for Samba 4 to be powerful frontend to large
+directories.
+
+CHANGES SINCE Alpha 1
+=====================
+
+In the time since Samba4 Alpha1 was released in September 2007, Samba has
continued to evolve, but you may particularly notice these areas:
- Work has continued on SWAT, the the libnet API behind it. These we
- hope will grow into a full web-based management solution for both
- local and remote Samba and windows servers.
-
- The DRSUAPI research effort has largely concluded, and an initial
- implementation of AD replication is present, included in torture
- test-cases. This includes the decryption of the AD passwords, which
- were specially and separately encrypted. This should be recognised
- as vital milestone.
-
- Likewise, the LDAP Backend project has moved from a research
- implementation into something that can be easily deployed outside
- the test infrastructure.
-
- Testing has been an area of great work, with renewed vigour to
- increase our test coverage over the past few months. In doing so,
- we now demonstrate PKINIT and many other aspects of kerberos, as
- well as command-line authentication handling in our testsuite.
-
- The testsuite infrastructure has been rewritten in perl and
- extended, to setup multiple environments: allowing testing of the
- domain member, as well as the domain controller, roles. Samba4's
- initial implementation of winbind has been revived, to fill in these
- tests.
-
- In clustering, work on CTDB (an implementation of a clustered Samba)
- has moved ahead very well, but the current code has not
- been merged into Samba4 in time for this release.
-
- To support better management, we have investigated group policy
- support, and include the infrastructure required. Unfortunately
- without MMC write support, you will need to place the polices into
- the directory by hand.
-
-As we move forward, we have many of the features we feel are required
-for a Samba4 Alpha. Similarly, we know enough about the data
-formats (particularly those that are encrypted) to be confident that
-we won't need to change the LDB format. Our plan is to publish a
-Samba4 alpha in the next few months.
+ MMC Support: The Active Directory Users and Computers console now
+ handles group membership correctly.
+
+ member/memberOf: These and other linked attributes are now kept in
+ sync
+
+ subtree renames: Renaming a subtree of LDAP objects is now possible,
+ with all linked attributes being kept consistant.
+
+ Python Bindings: Bindings for a future move to Python as the
+ internal scripting language have been created.
+
+ Shared library use: In support of projects such as OpenChange,
+ which depend on Samba4, more of Samba4 is built as shared libraries.
These are just some of the highlights of the work done in the past few
months. More details can be found in our SVN history.
+CHANGES
+=======
+
+Those familiar with Samba 3 can find a list of user-visible changes
+since that release series in the NEWS file.
+
+KNOWN ISSUES
+============
+
+- Domain member support is in it's infancy, and is not comparable to
+ the support found in Samba3.
+
+- There is no printing support in the current release.
+
+- The Samba4 port of the CTDB clustering support is not yet complete
+
+- Clock Synchronisation is critical. Many 'wrong password' errors are
+ actually due to Kerberos objecting to a clock skew between client
+ and server.
+
+RUNNING Samba4
+==============
+
+A short guide to setting up Samba 4 can be found in the howto.txt file
+in root of the tarball.
+
+DEVELOPMENT and FEEDBACK
+========================
+Bugs can be filed at https://bugzilla.samba.org/ but please be aware
+that many features are simply not expected to work at this stage.
+
+The Samba Wiki at http://wiki.samba.org should detail some of these
+development plans.
+
+Development and general discussion about Samba 4 happens mainly on
+the #samba-technical IRC channel (on irc.freenode.net) and
+the samba-technical mailing list (see http://lists.samba.org/ for
+details).
git.samba.org / ira / wip.git / blobdiff