- WHATS NEW IN Samba 3.0 alphaX
- =============================
-
-Changes in alpha17
-- OpenLinux packaging updates (jht)
-- Locking updates - fix zero timeout (tridge, jra)
-- Default ACL support (jra, based on code from Olaf Frczyk <olaf@cbk.poznan.pl>)
-- printing updates - spoolss stuff (tpot)
-- 'make install' directory creation fixes (abartlet)
-- Lots of fixes for SID handling, local v domain sids etc
-- better mangle debugging (abartlet)
-- fixes to allow 'net' to return more than 1000 users from ADS (jmcd)
- - winbind support to come very shortly
-- lock some more tdbs to allow concurrent access for backups
-- 'net' help cleanups (jmcd)
-- 'net join' automatic transport detection
-
-Changes in alpha16
-- LDAP schema updates (jerry)
-- initial ADS LDAP printer advertising (jmcd)
-- spoolss and printing updates (tpot, jerry)
- (the is the major update in this alpha, and work continues)
-- Winbindd connection cache improvements (abartlet)
-- spnego segfault fixes (abartlet)
-- net ads segfault fixes ( Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
-- header cleanups (tpot)
-- Serialise domain auth requests - win2k bug (tridge)
-- fix winbind talloced memory leak (dleducq@arkoon.net, tridge)
-- call unmangle in don_unmangle (abartlet)
-- UTF8 Charset functions - for ADS LDAP calls (Hasch@t-online.de)
-- Fix security tab for mapped drives on unicode clients (tridge)
-- Better configure tests for snprintf and immidiate structures (abartlet)
-- allow 'passdb backend = plugin : /path/to/plugin.so : plguin args'
- (loads a passdb module) (Jelmer Vernooij <jelmer@nl.linux.org>)
-- change the way we store our domain join info - you will need to
-rejoin the domain (tridge)
-- xcopy /o fixes (tridge)
-- fix the 'convert_string' level 0 debugs.
-- Patch for Domain users not showing up from "Ivan Zhakov" <vunny@mail.ru>
-- tdb backup support
-- The beginning of trusted and trusting domain support - net commands
- (Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>)
-- nmbd signal processing fixes (jra)
-- lseek-on-pipe support (jra)
-- Allow Samba to trust NT4 Domains (abartlet)
-- LDAPsam updates (abartlet):
- - Now runtime selectable (when configured)
- - ldap user suffix and ldap group suffix support.
- - non unix account support
- - select with 'passdb backend = ldapsam' or 'passdb backend =
- ldapsam_nua'
-- start to allow NT4 domains to trust Samba, netlogon fixes (abartlet)
-- make default unix charset UTF8 (tridge)
-- Fix SIGSEGV on error message when trying to add a user to smbpasswd
-file without a unix account (jmcd)
-- better detection of dead ADS connections, so we have some chance of
-reconnecting (tridge)
-- removed bogus prepend_domain() call which was screwing up getpwuid()
-with the new default domain code
-- Domain/workstation SID fixes.
-- patch from Alexey Kotovich <a.kotovich@sam-solutions.net> that adds
- the security decsriptor code for ADS workstation accounts.
- (allow self password change, self remove)
- (after much review and disscussion with abartlet and tridge)
-
-Changes in alpha15
-- Improvements in pam_winbind/winbindd_pam.c: (abartlet)
- - Much better error reporting
- - Password changing is now stackable
- - now returns multiple PAM errors based on the NTSTATUS
- that winbind got.
- - returns an error string the client can use in their own logs.
-- Print form updates (tpot)
-- added 'wbinfo --sequence' to show sequence numbers of
- all domains (tridge)
-- better winbind memory mangement (tridge)
-- make signal processing work correctly in winbindd
- Michael Steffens <michael_steffens@hp.com>
-- Inital ADS printer publishing work. (jmcd)
-- Debian packaging
-- large debian packaging checking from Eloy. (merge by jerry)
-- Make smbgroupedit a little easier on the user (select groups
- by name rather than by sid) (abartlet)
-- rework parts of smbtorture (tridge)
-
-Changes in alpha14
-- 'Winbind Default Domain' support:
- This allows winbind to supply usernames without a 'DOMAIN\'
- prefix. Particularly handy for shell and e-mail servers,
- as well as Unix workstations in NT domains.
-- Associated cleanups in winbindd and smbd.
- (Alexander Bokovoy <a.bokovoy@sam-solutions.net> and
- abartlet)
-- Winbind protocol changes for better Squid intergration
- (current version is 3) (abartlet)
-- pam_winbind password changing
- (Samuel Ziegler <sam@xpedion.com>, tpot)
-- runtime selectable pluggable passdb interface.
- (abartlet)
-- 'non unix account' support (abartlet)
- (This allows machines and even users not to exist
- in /etc/passwd)
-- Inital implementation of the WINS replication deamon
- (jfm)
-- Changes for better winbind PDC/BDC failover support
- (tpot)
-- Various Winbind/ADS mode stabilty and flexablity fixes
- (tridge)
-- Mangle names like .bashrc properly (trige)
-- CIFS UNIX extensions (client and server) (jra)
-- Universal group support outside smbd (via a cache)
- (Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
-- Write cache fixes (jra)
-
-Changes in alpha13
-- updates to try to get more out-of-the-box compiles
- (mostly kerberos and ldap stuff) (various)
-- 'net rpc shutdown' remote shutdown of servers
- (abartlet, original code from idra)
-- authentication subsystem rework, including move to
- new RPC client code (abartlet)
-- winbind changes:
- - use new client code (abartlet)
- - change winbind_auth_pam_crap interface for squid's
- benifit. (abartlet)
- - new interface versioning functionality (abartlet)
- - cope better when inteface does change (tpot)
- - better winbind trusted domain code (tpot)
-- doc updates (jerry)
-- new NTSTAUS -> DOS error map (abartlet)
-- large user list (> 1500) enumeration (jra)
-- dmalloc support (mbp)
-- spoolss changes (tpot)
-- talloc accounting (mbp)
-- rename fixes (jra)
-- smbmount trivial fixup (abartlet)
-- start of new unix extenions to CIFS (jra)
-
-Changes in alpha12
-- doc updates (jerry)
-- store domain sid on ADS join (tridge)
-- allow a winbind username on ADS connection (tridge)
-
-Changes in alpha11
-- fixed fallback to "ads server" option (tridge)
-- fix ACL failure on HP HFS (jra)
-- net ads password and net ads chostpass commands (Remus Koos)
-- fixed valid char array generation (tridge)
-- fixed QFS_INFO for win98 long filenames (tridge)
-- added net lookup command (tridge)
-- fixed map to guest with spnego (tridge)
-- fixed irix warnings (tridge)
-
-
-Changes in alpha10
-- hide unreadable fix using acl fns (jra)
-- lsa_open_policy cleanup (jfm)
-- mangled directories fix (jra)
-- fix error return on bad pipe (jra)
-- fix homes share with no home dir (tpot)
-- fixed handling of dead or empty domains in winbindd (tridge)
-- added talloc torture program (mbp)
-- talloc debug code (mbp)
-- added trusted domains to winbindd/ADS (tridge)
-- fix trusted domains in auth code (tridge)
-- new gss error handling code (a.bokovoy@sam-solutions.net & tridge)
-- support mixed ADS/NT4 domains (tridge)
-
-Changes in alpha9
-- nicer net error messages (tpot)
-- trust account patches (mimir)
-- solaris link option update (davecb)
-- added lsa_query_secobj() server fn (jfm)
-- spoolss changeid fix (jerry)
-- domain auth error fix (jmcd)
-- HPUX acl code (jra)
-- set filetime on close fix (jra)
-- allow select of org unit in ads join (tridge)
-
-Changes in alpha8
-- fixed compile of wb_client.c (tridge)
-- fixed net time to use localtime (tridge)
-- net help cleanups (jmcd)
-- debug level fix (tpot)
-- utmp string length fixes (monyo)
-
-
-Changes in alpha7
-
-- added "net ads info" to probe basic into on your ads server without
- any authentication
-- improved some error handling
-
-Changes in alpha6
-
-- added "net time zone" command (tridge)
-- pam_smbpass updates (a.bokovoy@sam-solutions.net)
-- irix updates (herb)
-- net rpc join handles existing machine acct (tridge)
-
-Changes in alpha5
-
-- added "net time" command (tridge)
-- allow client tools to specify a hostname of form HOST#xx (tridge)
-- added wbinfo --set-auth-user (tpot)
-- added lsaquerysecobj to rpcclient (tpot)
-
-Changes in alpha4
-
-- fixed nexus/win9x user list (jfm)
-- fixed large user/group lists in winbindd (tridge)
-- fixed gssapi headers in redhat (jmcd)
-- fixed rap error code handling (jra)
-- more usermanager rpc calls (jfm)
-- re-added RAP calls at top level to net command (tridge)
-
-Changes in alpha3
-
-- fixed a silly tdb bug in alpha2 that affected internal databases
-
-Changes in alpha2
-
-- we no longer use cyrus-sasl for LDAP SASL/gssapi. This makes our ADS
- code much more robust.
-- winbindd cache code rewritten to be much more efficient. It also
- copes much better with server outages.
-- jfm implemented full group mapping and smb.conf option 'domain admin
- group' is now gone. Consult the GROUP-MAPPING-HOWTO.txt to know how
- to gain back administrator rights.
-- docs update started
-- numerous small bugfixes
-
-Changes in alpha1
-
- - winbindd now uses LDAP and works correctly with an ADS server in
- native mode
- - XFS quotas code on Linux
- - group mapping code from JFM
- - "net rpc join" command replaces smbpasswd -j
- - fixed winbind initgroups
-
---------------
-
-This is a pre-release of Samba 3.0 alpha0. This is NOT a stable
-release. Use at your own risk.
-
-The purpose of this alpha release is to get wider testing of the major
-new pieces of code in the current Samba 3.0 development tree. We are
-planning on ceasing development on the 2.2.x release of Samba very
-shortly and after that we will be concentrating on Samba 3.0. To
-reduce the time before the final Samba 3.0 release we need as many
-poeple as possible to start testing these alpha releases, and
-hopefully giving us some high quality feedback on what needs fixing.
-
-Note that Samba 3.0 is not anywhere near feature complete yet. There
-is a lot more coding we have planned, but unless we get what we have
-done already more widely tested we will have a hard time doing a
-stable release in a reasonable time frame.
-
-This release is also missing major pieces of documentation, and there
-are many parts of the docs that have not been updated to reflect the
-new options and features in 3.0.
+ WHATS NEW IN Samba 3.0.0 beta1
+ June 7 2003
+ ==============================
-Major new features:
--------------------
-
-- Active Directory support. This release is able to join a ADS realm
- as a member server and authenticate users using
- LDAP/kerberos. Please read ADS-HOWTO.txt in the release for a very
- rough guide on how to set this up.
-
-- Unicode support. Samba will now negotiate unicode on the wire and
- interally there is now a much better infrastructure for multi-byte
- and unicode character sets. You may need the "dos charset", "unix
- charset" and "display charset" options. The unicode support is not
- yet documented.
-
-- New authentication system. The internal authentication system has
- been almost completely rewritten. Most of the changes are internal,
- but the new auth system is also very configurable. Not documented
- yet.
-
-- new filename mangling system. The filename mangling system has been
- completely rewritten. An internal database now stores mangling maps
- persistantly. This needs lots of testing.
+This is a beta release of Samba 3.0.0. This is a non-production release
+intended for testing purposes. Use at your own risk.
-- new "net" command. A new "net" command has been added. It is
- somewhat similar to the "net" command in windows. Eventually we plan
- to replace a bunch of other utilities (such as smbpasswd) with
- subcommands in "net", at the moment only a few things are
- implemented.
+The purpose of this beta release is to get wider testing of the major
+new pieces of code in the current Samba 3.0 development tree. We have
+officially ceased development on the 2.2.x release of Samba and are
+concentrating on Samba 3.0. To reduce the time before the final
+Samba 3.0 release we need as many people as possible to start testing
+these beta releases, and to provide high quality feedback on what
+needs fixing.
-- Samba now negotiates NT-style status32 codes on the wire. This
- improves error handling a lot.
+Samba 3.0 is feature complete. However there is still some final
+work to be done on certain pieces of functionality. Please refer to
+the section on "Known Issues" for more details.
-- better w2k printing support. The support for printing from win2000
- clients has improved greatly.
-Plus lots of other changes!
-
-Note that many new features are not documented. Don't let this stop
-you from using Samba 3.0. It is particularly important that the basic
-file/print serving abilities of Samba 3.0 are widely tested to ensure
-that we have not broken any of the basic functionality. As we do more
-alpha releases we will start to document the new features.
+Major new features:
+-------------------
+1) Active Directory support. This release is able to join a ADS realm
+ as a member server and authenticate users using LDAP/kerberos.
+
+2) Unicode support. Samba will now negotiate UNICODE on the wire and
+ internally there is now a much better infrastructure for multi-byte
+ and UNICODE character sets.
+
+3) New authentication system. The internal authentication system has
+ been almost completely rewritten. Most of the changes are internal,
+ but the new auth system is also very configurable.
+
+4) New filename mangling system. The filename mangling system has been
+ completely rewritten. An internal database now stores mangling maps
+ persistently. This needs lots of testing.
+
+5) New "net" command. A new "net" command has been added. It is
+ somewhat similar to the "net" command in windows. Eventually we
+ plan to replace a bunch of other utilities (such as smbpasswd)
+ with subcommands in "net", at the moment only a few things are
+ implemented.
+
+6) Samba now negotiates NT-style status32 codes on the wire. This
+ improves error handling a lot.
+
+7) Better Windows 2000/XP/2003 printing support including publishing
+ printer attributes in active directory
+
+8) New loadable RPC modules
+
+9) New dual-daemon winbindd support (-B) for better performance
+
+10) Support for migrating from a Windows NT 4.0 domain to a Samba
+ domain and maintaining user, group and domain SIDs
+
+11) Support for establishing trust relationships with Windows NT 4.0
+ domain controllers
+
+12) Initial support for a distributed Winbind architecture using
+ an LDAP directory for storing SID to uid/gid mappings
+
+13) Major updates to the Samba documentation tree.
+
+Plus lots of other improvements!
+
+
+Additional Documentation
+------------------------
+
+Please refer to Samba documentation tree (including in the docs/
+subdirectory) for extensive explanations of installing, configuring
+and maintaining Samba 3.0 servers and clients. It is advised to
+begin with the Samba-HOWTO-Collection for overviews and specific
+tasks (the current book is up to approximately 400 pages) and to
+refer to the various man pages for information on individual options.
+
+
+######################################################################
+Upgrading from Samba 2.2
+########################
+
+This section is provided to help administrators understand the details
+involved with upgrading a Samba 2.2 server to Samba 3.0
+
+
+Building
+--------
+
+Many of the options to the GNU autoconf script have been modified
+in the 3.0 release. The most noticeable are
+
+ * removal of --with-tdbsam (is now included by default; see section
+ on passdb backends and authentication for more details)
+
+ * --with-ldapsam is now on used to provided backward compatible
+ parameters for LDAP enabled Samba 2.2 servers. Refer to the passdb
+ backend and authentication section for more details
+
+ * inclusion of non-standard passdb modules may be enabled using
+ --with-expsam. This includes an XML backend, a mysql backend,
+ and a NIS backend.
+
+ * removal of --with-msdfs (is now enabled by default)
+
+ * removal of --with-ssl (no longer supported)
+
+ * --with-utmp now defaults to 'yes' on supported systems
+
+ * --with-sendfile-support is now enabled by default on supported
+ systems
+
+
+Parameters
+----------
+
+This section contains a brief listing of changes to smb.conf options
+in the 3.0.0 release. Please refer to the smb.conf(5) man page for
+complete descriptions of new or modified parameters.
+
+Removed Parameters (order alphabetically):
+
+ * admin log
+ * alternate permissions
+ * character set
+ * client codepage
+ * code page directory
+ * coding system
+ * domain admin group
+ * domain guest group
+ * force unknown acl user
+ * nt smb support
+ * post script
+ * printer driver
+ * printer driver file
+ * printer driver location
+ * status
+ * total print jobs
+ * use rhosts
+ * valid chars
+ * vfs options
+
+New Parameters (new parameters have been grouped by function):
+
+ Remote management
+ -----------------
+ * abort shutdown script
+ * shutdown script
+
+ User and Group Account Management
+ ---------------------------------
+ * add group script
+ * add machine script
+ * add user to group script
+ * algorithmic rid base
+ * delete group script
+ * delete user from group script
+ * passdb backend
+ * set primary group script
+
+ Authentication
+ --------------
+ * auth methods
+ * ads server
+ * realm
+
+ Protocol Options
+ ----------------
+ * client lanman auth
+ * client NTLMv2 auth
+ * client schannel
+ * client signing
+ * client use spnego
+ * disable netbios
+ * ntlm auth
+ * paranoid server security
+ * server schannel
+ * smb ports
+ * use spnego
+
+ File Service
+ ------------
+ * get quota command
+ * hide special files
+ * hide unwriteable files
+ * hostname lookups
+ * kernel change notify
+ * mangle prefix
+ * msdfs proxy
+ * set quota command
+ * use sendfile
+ * vfs objects
+
+ Printing
+ --------
+ * max reported print jobs
+
+ UNICODE and Character Sets
+ --------------------------
+ * display charset
+ * dos charset
+ * unicode
+ * unix charset
+
+ SID to uid/gid Mappings
+ -----------------------
+ * idmap backend
+ * idmap gid
+ * idmap only
+ * idmap uid
+
+ LDAP
+ ----
+ * ldap delete dn
+ * ldap group suffix
+ * ldap idmap suffix
+ * ldap machine suffix
+ * ldap passwd sync
+ * ldap trust ids
+ * ldap user suffix
+
+ General Configuration
+ ---------------------
+ * preload modules
+ * privatedir
+
+Modified Parameters (changes in behavior):
+
+ * encrypt passwords (enabled by default)
+ * mangling method (set to 'hash2' by default)
+ * passwd chat
+ * passwd program
+ * restrict anonymous (integer value)
+ * security (new 'ads' value)
+ * strict locking (enabled by default)
+ * winbind cache time (increased to 5 minutes)
+ * winbind uid (deprecated in favor of 'idmap uid')
+ * winbind gid (deprecated in favor of 'idmap gid')
+
+
+Databases
+---------
+
+This section contains brief descriptions of any new databases
+introduced in Samba 3.0. Please remember to backup your existing
+${lock directory}/*tdb before upgrading to Samba 3.0. Samba will
+upgrade databases as they are opened (if necessary), but downgrading
+from 3.0 to 2.2 is an unsupported path.
+
+Name Description Backup?
+---- ----------- -------
+account_policy User policy settings yes
+gencache Generic caching db no
+group_mapping Mapping table from Windows yes
+ groups/SID to unix groups
+idmap new ID map table from SIDS yes
+ to UNIX uids/gids.
+namecache Name resolution cache entries no
+netlogon_unigrp Cache of universal group no
+ membership obtained when
+ operating as a member of a
+ Windows domain
+printing/*.tdb Cached output from 'lpq no
+ command' created on a per print
+ service basis
+registry Read-only samba registry skeleton no
+ that provides support for exporting
+ various db tables via the winreg RPCs
+
+
+Changes in Behavior
+-------------------
+The following issues are known changes in behavior between Samba 2.2 and
+Samba 3.0 that may affect certain installations of Samba.
+
+ 1) When operating as a member of a Windows domain, Samba 2.2 would
+ map any users authenticated by the remote DC to the 'guest account'
+ if a uid could not be obtained via the getpwnam() call. Samba 3.0
+ rejects the connection as NT_STATUS_LOGON_FAILURE. There is no
+ current work around to re-establish the 2.2 behavior.
+
+ 2) When adding machines to a Samba 2.2 controlled domain, the
+ 'add user script' was used to create the UNIX identity of the
+ machine trust account. Samba 3.0 introduces a new 'add machine
+ script' that must be specified for this purpose. Samba 3.0 will
+ not fall back to using the 'add user script' in the absence of
+ an 'add machine script'
+
+
+######################################################################
+Passdb Backends and Authentication
+##################################
+
+There have been a few new changes that Samba administrators should be
+aware of when moving to Samba 3.0.
+
+ 1) encrypted passwords have been enabled by default in order to
+ inter-operate better with out-of-the-box Windows client
+ installations. This does mean that either (a) a samba account
+ must be created for each user, or (b) 'encrypt passwords = no'
+ must be explicitly defined in smb.conf.
+
+ 2) Inclusion of new 'security = ads' option for integration
+ with an Active Directory domain using the native Windows
+ Kerberos 5 and LDAP protocols.
+
+Samba 3.0 also includes the possibility of setting up chains
+of authentication methods (auth methods) and account storage
+backends (passdb backend). Please refer to the smb.conf(5)
+man page for details. While both parameters assume sane default
+values, it is likely that you will need to understand what the
+values actually mean in order to ensure Samba operates correctly.
+
+The recommended passdb backends at this time are
+
+ * smbpasswd - 2.2 compatible flat file format
+ * tdbsam - attribute rich database intended as an smbpasswd
+ replacement for stand alone servers
+ * ldapsam - attribute rich account storage and retrieval
+ backend utilizing an LDAP directory.
+ * ldapsam_compat - a 2.2 backward compatible LDAP account
+ backend
+
+Certain functions of the smbpasswd(8) tool have been split between the
+new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8)
+utility. See the respective man pages for details.
+
+
+######################################################################
+LDAP
+####
+
+This section outlines the new features affecting Samba / LDAP integration.
+
+New Schema
+----------
+
+A new object class (sambaSamAccount) has been introduced to replace
+the old sambaAccount. This change aids us in the renaming of attributes
+to prevent clashes with attributes from other vendors. There is a
+conversion script (examples/LDAP/convertSambaAccount) to modify and LDIF
+file to the new schema.
+
+Example:
+
+ $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
+ $ convertSambaAccount <DOM SID> old.ldif new.ldif
+
+The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
+on the Samba PDC as root.
+
+The old sambaAccount schema may still be used by specifying the
+"ldapsam_compat" passdb backend. However, the sambaAccount and
+associated attributes have been moved to the historical section of
+the schema file and must be uncommented before use if needed.
+The 2.2 object class declaration for a sambaAccount has not changed
+in the 3.0 samba.schema file.
+
+Other new object classes and their uses include:
+
+ * sambaDomain - domain information used to allocate rids
+ for users and groups as necessary. The attributes are added
+ in 'ldap suffix' directory entry automatically if
+ an idmap uid/gid range has been set and the 'ldapsam'
+ passdb backend has been selected.
+
+ * sambaGroupMapping - an object representing the
+ relationship between a posixGroup and a Windows
+ group/SID. These entries are stored in the 'ldap
+ group suffix' and managed by the 'net groupmap' command.
+
+ * sambaUnixIdPool - created in the 'ldap idmap suffix' entry
+ automatically and contains the next available 'idmap uid' and
+ 'idmap gid'
+
+ * sambaIdmapEntry - object storing a mapping between a
+ SID and a UNIX uid/gid. These objects are created by the
+ idmap_ldap module as needed.
+
+
+New Suffix for Searching
+------------------------
+
+The following new smb.conf parameters have been added to aid in directing
+certain LDAP queries when 'passdb backend = ldapsam://...' has been
+specified.
+
+ * ldap suffix - used to search for user and computer accounts
+ * ldap user suffix - used to store user accounts
+ * ldap machine suffix - used to store machine trust accounts
+ * ldap group suffix - location of posixGroup/sambaGroupMapping entries
+ * ldap idmap suffix - location of sambaIdmapEntry objects
+
+If an 'ldap suffix' is defined, it will be appended to all of the
+remaining sub-suffix parameters. In this case, the order of the suffix
+listings in smb.conf is important. Always place the 'ldap suffix' first
+in the list.
+
+Due to a limitation in Samba's smb.conf parsing, you should not surround
+the DN's with quotation marks.
+
+
+IdMap LDAP support
+------------------
+
+Samba 3.0 supports an ldap backend for the idmap subsystem. The
+following options would inform Samba that the idmap table should be
+stored on the directory server onterose in the "ou=idmap,dc=plainjoe,
+dc=org" partition.
+
+ [global]
+ ...
+ idmap backend = ldap:ldap://onterose/
+ ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
+ idmap uid = 40000-50000
+ idmap gid = 40000-50000
+
+This configuration allows winbind installations on multiple servers to
+share a uid/gid number space, thus avoiding the interoperability problems
+with NFS that were present in Samba 2.2.
+
+
+######################################################################
+Known Issues
+############
+
+* One such limitation that is worth mentioning (and will be corrected
+ before the actual stable 3.0.0 release is the dead lock problem with
+ running winbindd on a Samba PDC in order to allocate uids and gids for
+ users and groups in a trusted domain. When the Samba domain is acting
+ as the trusted domain to a Windows NT 4.0 domain, there are no known
+ issues.
+
+* The smbldap perl scripts for managing user entries in an LDAP
+ directory have not be updated to function with the Samba 3.0
+ schema changes. This (or an equivalent solution) work is planned
+ to be completed prior to the stable 3.0.0 release.
+
+Please refer to https://bugzilla.samba.org/ for a current list of bugs
+filed against the Samba 3.0 codebase.
+
+
+######################################################################
Reporting bugs & Development Discussion
----------------------------------------
+#######################################
Please discuss this release on the samba-technical mailing list or by
-joining the #samba-technical IRC channel on irc.openprojects.net
+joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
-the problem then you will probably be ignored.
+the problem then you will probably be ignored.
+
+A new bugzilla installation has been established to help support the
+Samba 3.0 community of users. This server, located at
+https://bugzilla.samba.org/, will replace the existing jitterbug server
+and the old http://bugs.samba.org now points to the new bugzilla server.