Fix for bug #4781: allow cleaning of /etc/mtab by canonicalizing mountpoint.

[ira/wip.git] / WHATSNEW.txt

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 518d7f21d1c7b31154e7f6bc5ee4cd230e0a07d2..de8df4b0068bf7f7363598dec3edbef87ed7725e 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,538 +1,248 @@
-                  WHATS NEW IN Samba 3.0.0 beta2
-                           July 1 2003
-                  ==============================
+                   =================================
+                   Release Notes for Samba 3.2.0pre2
+                               Oct XX, 2007
+                   =================================

 
 

-This is the second beta release of Samba 3.0.0. This is a 
-non-production release intended for testing purposes.  Use 
-at your own risk. 
+This is the second preview release of Samba 3.2.0.  This is *not*
+intended for production environments and is designed for testing
+purposes only.  Please report any defects via the Samba bug reporting
+system at https://bugzilla.samba.org/.

 
 

-The purpose of this beta release is to get wider testing of the major
-new pieces of code in the current Samba 3.0 development tree. We have
-officially ceased development on the 2.2.x release of Samba and are
-concentrating on Samba 3.0. To reduce the time before the final 
-Samba 3.0 release we need as many people as possible to start testing 
-these beta releases, and to provide high quality feedback on what 
-needs fixing.
+Please be aware that Samba is now distributed under the version 3
+of the new GNU General Public License.  You may refer to the COPYING
+file that accompanies these release notes for further licensing details.

 
 

-Samba 3.0 is feature complete. However there is still some final 
-work to be done on certain pieces of functionality.  Please refer to 
-the section on "Known Issues" for more details.
+Major enhancements in Samba 3.2.0 include:

 
 

+  File Serving:
+  o Use of IDL generated parsing layer for several DCE/RPC
+    interfaces.
+  o Removal of the 1024 byte limit on pathnames and 256 byte limit on
+    filename components to honor the MAX_PATH setting from the host OS.
+  o Introduction of a registry based configuration system.
+  o Improved CIFS Unix Extensions support.
+  o Experimental support for file serving clusters.

 
 

-Major new features:
--------------------

 
 

-1)  Active Directory support. This release is able to join a ADS realm
-    as a member server and authenticate users using LDAP/kerberos.
+  Winbind and Active Directory Integration:
+  o Full support for Windows 2003 cross-forest, transitive trusts
+    and one-way domain trusts
+  o Support for userPrincipalName logons via pam_winbind and NSS
+    lookups.
+  o Support in pam_winbind for logging on using the userPrincipalName.
+  o Expansion of nested domain groups via NSS calls.
+  o Support for Active Directory LDAP Signing policy.

 
 

-2)  Unicode support. Samba will now negotiate UNICODE on the wire and
-    internally there is now a much better infrastructure for multi-byte
-    and UNICODE character sets.

 
 

-3)  New authentication system. The internal authentication system has
-    been almost completely rewritten. Most of the changes are internal,
-    but the new auth system is also very configurable.
+  Users & Groups:
+  o New ldb backend for local group mapping tables
+  o Raised level of security defaults for authentication operations.

 
 

-4)  New filename mangling system. The filename mangling system has been
-    completely rewritten. An internal database now stores mangling maps
-    persistently. This needs lots of testing.

 
 

-5)  New "net" command. A new "net" command has been added. It is
-    somewhat similar to the "net" command in windows. Eventually we 
-    plan to replace a bunch of other utilities (such as smbpasswd) 
-    with subcommands in "net", at the moment only a few things are
-    implemented.
+  Documentation:
+  o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+    from O'Reilly Publishing.

 
 

-6)  Samba now negotiates NT-style status32 codes on the wire. This
-    improves error handling a lot.

 
 

-7)  Better Windows 2000/XP/2003 printing support including publishing 
-    printer attributes in active directory
+Now Licensed under the GNU GPLv3
+================================

 
 

-8)  New loadable RPC modules
+The Samba Team has adopted the Version 3 of the GNU General Public
+License for the 3.2 and later releases.   The GPLv3 is the updated
+version of the GPLv2 license under which Samba is currently
+distributed. It has been updated to improvecompatibility with other 
+licenses and to make it easier to adopt internationally, and is an 
+improved version of the license to better suit the needs of Free
+Software in the 21st Century.

 
 

-9)  New dual-daemon winbindd support (-B) for better performance
+The original announcement is available on-line at 

 
 

-10) Support for migrating from a Windows NT 4.0 domain to a Samba 
-    domain and maintaining user, group and domain SIDs
+    http://news.samba.org/announcements/samba_gplv3/

 
 

-11) Support for establishing trust relationships with Windows NT 4.0
-    domain controllers
-  
-12) Initial support for a distributed Winbind architecture using
-    an LDAP directory for storing SID to uid/gid mappings
-  
-13) Major updates to the Samba documentation tree.

 
 

-Plus lots of other improvements!
+New Security Defaults for Authentication
+========================================

 
 

+Support for LanMan passwords is now disabled in both client and server 
+applications.  Additionally, clear text authentication requests are 
+disabled by default in client utilities such as smbclient and all
+libsmbclient based applications.  This will affect connection both 
+to and from hosts running DOS, Windows 9x/ME, and OS/2.  Please refer 
+to the "Changes" section for details on the exact parameters that were 
+updated.

 
 

-Additional Documentation
-------------------------

 
 

-Please refer to Samba documentation tree (including in the docs/ 
-subdirectory) for extensive explanations of installing, configuring
-and maintaining Samba 3.0 servers and clients.  It is advised to 
-begin with the Samba-HOWTO-Collection for overviews and specific 
-tasks (the current book is up to approximately 400 pages) and to 
-refer to the various man pages for information on individual options.

 
 

-######################################################################
-Changes since 3.0beta1
-######################
-
-Please refer to the CVS log for the SAMBA_3_0 branch for complete 
-details
-
-1)  Rework our smb signing code again, this factors out some of 
-    the common MAC calcuation code, and now supports multiple 
-    outstanding packets (bug #40)
-2)  Enforce 'client plaintext auth', 'client lanman auth' and 'client
-    ntlmv2 auth'
-3)  Correct timestamp problem on 64-bit machines (bug #140)
-4)  Add extra debugging statements to winbindd for tracking down
-    failures
-5)  Fix bug when aliased 'winbind uid/gid' parameters are used
-       'winbind uid/gid' are now replaced with 'idmap uid/gid'
-6)  Added an auth flag that indicates if we should be allowed 
-    to fallback to NTLMSSP for SASL if krb5 fails
-7)  Fixed the bug that forced us not to use the winbindd cache when 
-    we have a primary ADS domain and a secondary (trusted) NT4 domain. 
-8)  Use lp_realm() to find the default realm for 'net ads password'
-9)  Removed editreg from standard build until it is portable.
-10) Fix domain membership for servers not running winbindd
-11) Correct race condition in determining the high water mark 
-    in the idmap backend (bug #181)
-12) Set the user's primary unix group from usrmgr.exe (partial 
-    fix for bug #45)
-13) Show comments when doing 'net group -l' (bug #3)
-14) Add trivial extension to 'net' to dump current local idmap
-    and restore mappings as well
-15) Modify 'net rpc vampire' to add new and existing users to
-    both the idmap and the SAM. This code needs further testing.
-16) Fix crash bug in ADS searches 
-17) Build libnss_wins.so as part of nsswitch target (bug #160)
-18) Make net rpc vampire return an error if the sam sync RPC 
-    returns an error
-19) Fail to join an NT 4 domain as a BDC if a workstation account
-    using our name exists
-20) Fix various memory leaks in server and client code
-21) Remove the short option to --set-auth-user for wbinfo (-A) to 
-    prevent confusion with the -a option (bug #158)
-22) Added new 'map acl inheritence' parameter
-23) Removed unused 'privileges' code from group mapping database
-24) Don't segfault on empty passdb backend list (bug #136)
-25) Fixed acl sorting algorithm forWwindows 2000 clients
-26) Replace universal group cache with netsamlogon_cache 
-    from APPLIANCE_HEAD branch
-27) Fix autoconf detection issues surrounding --with-ads=yes
-    but no Krb5 header files installed (bug #152)
-28) Add LDAP lookup for domain sequence number in case we are 
-    joined using NT4 protocols to a native mode AD domain
-29) Fix backend method selection for trusted NT 4 (or 2k 
-    mixed mode) domains 
-30) Fixed bug that caused us to enumerate domain local groups
-    from native mode AD domains other than our own
-31) Correct group enumeration for viewing in the Windows 
-    security tab (bug #110)
-32) Consolidate the DC location code
-33) Moved 'ads server' functionality into 'password server' for
-    backwards compatibility
-34) Fix winbindd_idmap tdb upgrades from a 2.2 installation
-    ( if you installed beta1, be sure to 
-      'mv idmap.tdb winbindd_idmap.tdb' )
-35) Fix pdb_ldap segfaults, and wrong default values for 
-    ldapsam_compat
-36) Enable negative connection cache for winbindd's ADS backend 
-    functions
-37) Enable address caching for active directory DC's so we don't 
-    have to hit DNS so much
-38) Fix bug in idmap code that caused mapping to randomly be 
-    redefined
-39) Add tdb locking code to prevent race condition when adding a 
-    new mapping to idmap
-40) Fix 'map to guest = bad user' when acting as a PDC supporting 
-    trust relationships
-41) Prevent deadlock issues when running winbindd on a Samba PDC 
-    to handle allocating uids & gids for trusted users and groups
-42) added LOCALE patch from Steve Langasek (bug #122)
-43) Add the 'guest' passdb backend automatically to the end of 
-    the 'passdb backend' list if 'guest account' has a valid 
-    username.
-44) Remove samstrict_dc auth method.  Rework 'samstrict' to only 
-    handle our local names (or domain name if we are a PDC).  
-    Move existing permissive 'sam' method to 'sam_ignoredomain' 
-    and make 'samstrict' the new default 'sam' auth method.
-45) Match Windows NT4/2k behavior when authenticating a user with
-    and unknown domain (default to our domain if we are a DC or 
-    domain member; default to our local name if we are a 
-    standalone server)
-46) Fix Get_Pwnam() to always fall back to lookup 'user' if the 
-    'DOMAIN\user' lookup fails.  This matches 2.2. behavior.
-47) Fix the trustdom_cache code to update the list of trusted 
-    domains when operating as a domain member and not using 
-    winbindd
-48) Remove 'nisplussam' passdb backend since it has suffered for 
-    too long without a maintainer
-    
+Registry Configuration Backend
+==============================

 
 

+Samba is now able to use a registry based configuration backed to
+supplement smb.conf setting.  This feature may be enabled by setting
+"include = registry" and "registry shares = yes" in the [global] 
+section of smb.conf and may be managed using the "net conf" command.  

 
 

+More information may be obtained from the smb.conf(5) and net(8) man 
+pages.

 
 

-######################################################################
-Upgrading from Samba 2.2
-########################

 
 

-This section is provided to help administrators understand the details
-involved with upgrading a Samba 2.2 server to Samba 3.0
+Removed Features
+================

 
 

+Both the Python bindings and the libmsrpc shared library have been
+removed from the tree due to lack of an official maintainer.

 
 

-Building
---------

 
 

-Many of the options to the GNU autoconf script have been modified 
-in the 3.0 release.  The most noticeable are:

 
 

-  * removal of --with-tdbsam (is now included by default; see section
-    on passdb backends and authentication for more details)
-    
-  * --with-ldapsam is now on used to provided backward compatible
-    parameters for LDAP enabled Samba 2.2 servers.  Refer to the passdb 
-    backend and authentication section for more details
-  
-  * inclusion of non-standard passdb modules may be enabled using
-    --with-expsam.  This includes an XML backend, a mysql backend,
-    and a NIS backend.
-      
-  * removal of --with-msdfs (is now enabled by default)
-  
-  * removal of --with-ssl (no longer supported)
-  
-  * --with-utmp now defaults to 'yes' on supported systems
-  
-  * --with-sendfile-support is now enabled by default on supported 
-    systems
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+    Parameter Name                      Description     Default
+    --------------                      -----------     -------
+    client lanman auth                 Changed Default No
+    client ldap sasl wrapping          New             plain
+    client plaintext auth              Changed Default No
+    clustering                         New             No
+    cluster addresses                  New             ""
+    ctdb socket                                New             ""
+    lanman auth                                Changed Default No
+    mangle map                          Removed
+    open files database hashsize       Removed
+    read bmpx                           Removed
+    registry shares                    New             No
+    winbind expand groups               New             1
+    winbind rpc only                    New             No
+
+
+Changes since 3.2.0pre1:
+-----------------------
+
+
+Original 3.2.0pre1 commits:
+---------------------------
+o   Michael Adam <obnox@samba.org>
+    * Unified POSIX ACL detection including support for FreeBSD and
+      HP-UX.
+    * Performance improvements for Winbind's lookup functions (names,
+      SIDs, and group membership) when joined to an AD domain.
+    * Winbind cache validation support.
+    * Store domain trust passwords for Samba domain controller's in
+      the domain's passdb backend.
+    * Merged \winreg server code from the SAMBA_3_2 development branch.
+    * Fixes for libreplace.
+    * Implement new registry configuration backend.

   
   

+
+o   Jeremy Allison <jra@samba.org>
+    * Add support for file system objectIDs.
+    * Winbind cache validation support.
+    * Add in the UNIX capability for 24-bit readX.
+    * Improve Delete-on-Close semantics.
+    * Removal of static file and path name buffers in SMB file serving 
+      code.

     
     

-Parameters
-----------
-
-This section contains a brief listing of changes to smb.conf options
-in the 3.0.0 release.  Please refer to the smb.conf(5) man page for
-complete descriptions of new or modified parameters.
-
-Removed Parameters (order alphabetically):
-
-  * admin log
-  * alternate permissions
-  * character set
-  * client codepage
-  * code page directory
-  * coding system
-  * domain admin group
-  * domain guest group
-  * force unknown acl user
-  * nt smb support
-  * post script
-  * printer driver
-  * printer driver file
-  * printer driver location
-  * status
-  * total print jobs
-  * use rhosts
-  * valid chars
-  * vfs options
-
-New Parameters (new parameters have been grouped by function):
-
-  Remote management
-  -----------------
-  * abort shutdown script
-  * shutdown script
-
-  User and Group Account Management
-  ---------------------------------
-  * add group script
-  * add machine script
-  * add user to group script
-  * algorithmic rid base
-  * delete group script
-  * delete user from group script
-  * passdb backend
-  * set primary group script
-
-  Authentication
-  --------------
-  * auth methods
-  * realm
-
-  Protocol Options
-  ----------------
-  * client lanman auth
-  * client NTLMv2 auth
-  * client schannel
-  * client signing
-  * client use spnego
-  * disable netbios
-  * ntlm auth
-  * paranoid server security
-  * server schannel
-  * smb ports
-  * use spnego
-
-  File Service
-  ------------
-  * get quota command
-  * hide special files
-  * hide unwriteable files
-  * hostname lookups
-  * kernel change notify
-  * mangle prefix
-  * map acl inherit
-  * msdfs proxy
-  * set quota command
-  * use sendfile
-  * vfs objects
-  
-  Printing
-  --------
-  * max reported print jobs
-
-  UNICODE and Character Sets
-  --------------------------
-  * display charset
-  * dos charset
-  * unicode
-  * unix charset
-  
-  SID to uid/gid Mappings
-  -----------------------
-  * idmap backend
-  * idmap gid
-  * idmap only
-  * idmap uid
-
-  LDAP
-  ----
-  * ldap delete dn
-  * ldap group suffix
-  * ldap idmap suffix
-  * ldap machine suffix
-  * ldap passwd sync
-  * ldap trust ids
-  * ldap user suffix
-  
-  General Configuration
-  ---------------------
-  * preload modules
-  * privatedir
-
-Modified Parameters (changes in behavior):
-
-  * encrypt passwords (enabled by default)
-  * mangling method (set to 'hash2' by default)
-  * passwd chat
-  * passwd program
-  * restrict anonymous (integer value)
-  * security (new 'ads' value)
-  * strict locking (enabled by default)
-  * winbind cache time (increased to 5 minutes)
-  * winbind uid (deprecated in favor of 'idmap uid')
-  * winbind gid (deprecated in favor of 'idmap gid')
-
-
-Databases
----------
-
-This section contains brief descriptions of any new databases 
-introduced in Samba 3.0.  Please remember to backup your existing 
-${lock directory}/*tdb before upgrading to Samba 3.0.  Samba will 
-upgrade databases as they are opened (if necessary), but downgrading 
-from 3.0 to 2.2 is an unsupported path.
-
-Name                   Description                             Backup?
-----                   -----------                             -------
-account_policy         User policy settings                    yes
-gencache               Generic caching db                      no
-group_mapping          Mapping table from Windows              yes
-                       groups/SID to unix groups       
-idmap                  new ID map table from SIDS              yes
-                       to UNIX uids/gids.
-namecache              Name resolution cache entries           no
-netsamlogon_cache      Cache of NET_USER_INFO_3 structure      no
-                       returned as part of a successful
-                       net_sam_logon request 
-printing/*.tdb         Cached output from 'lpq                 no
-                       command' created on a per print 
-                       service basis
-registry               Read-only samba registry skeleton       no
-                       that provides support for exporting
-                       various db tables via the winreg RPCs
-
-
-Changes in Behavior
--------------------
-
-The following issues are known changes in behavior between Samba 2.2 and 
-Samba 3.0 that may affect certain installations of Samba.
-
-  1)  When operating as a member of a Windows domain, Samba 2.2 would 
-      map any users authenticated by the remote DC to the 'guest account'
-      if a uid could not be obtained via the getpwnam() call.  Samba 3.0
-      rejects the connection as NT_STATUS_LOGON_FAILURE.  There is no 
-      current work around to re-establish the 2.2 behavior.
-      
-  2)  When adding machines to a Samba 2.2 controlled domain, the 
-      'add user script' was used to create the UNIX identity of the 
-      machine trust account.  Samba 3.0 introduces a new 'add machine 
-      script' that must be specified for this purpose.  Samba 3.0 will
-      not fall back to using the 'add user script' in the absence of 
-      an 'add machine script'
-  

 
 

-######################################################################
-Passdb Backends and Authentication
-##################################
+o   Danilo Almeida <dalmeida@centeris.com>
+    * Move the machine account to the OU specified when running "net
+      ads join".

 
 

-There have been a few new changes that Samba administrators should be
-aware of when moving to Samba 3.0.

 
 

-  1) encrypted passwords have been enabled by default in order to 
-     inter-operate better with out-of-the-box Windows client 
-     installations.  This does mean that either (a) a samba account
-     must be created for each user, or (b) 'encrypt passwords = no'
-     must be explicitly defined in smb.conf.
-    
-  2) Inclusion of new 'security = ads' option for integration 
-     with an Active Directory domain using the native Windows
-     Kerberos 5 and LDAP protocols.
-
-Samba 3.0 also includes the possibility of setting up chains
-of authentication methods (auth methods) and account storage 
-backends (passdb backend).  Please refer to the smb.conf(5) 
-man page for details.  While both parameters assume sane default 
-values, it is likely that you will need to understand what the 
-values actually mean in order to ensure Samba operates correctly.
-
-The recommended passdb backends at this time are
-
-  * smbpasswd - 2.2 compatible flat file format
-  * tdbsam - attribute rich database intended as an smbpasswd
-    replacement for stand alone servers
-  * ldapsam - attribute rich account storage and retrieval 
-    backend utilizing an LDAP directory.  
-  * ldapsam_compat - a 2.2 backward compatible LDAP account 
-    backend
-    
-Certain functions of the smbpasswd(8) tool have been split between the 
-new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8) 
-utility.  See the respective man pages for details.
-    
-     
-######################################################################
-LDAP
-####
+o   Andrew Bartlett <abartlet@samba.org>
+    * Tighten authentication protocol defaults in client tools and 
+      servers.

 
 

-This section outlines the new features affecting Samba / LDAP integration.

 
 

-New Schema
-----------
-  
-A new object class (sambaSamAccount) has been introduced to replace 
-the old sambaAccount.  This change aids us in the renaming of attributes 
-to prevent clashes with attributes from other vendors.  There is a 
-conversion script (examples/LDAP/convertSambaAccount) to modify and LDIF 
-file to the new schema.
-  
-Example:
-  
-       $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
-       $ convertSambaAccount <DOM SID> old.ldif new.ldif
-       
-The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>' 
-on the Samba PDC as root.
-    
-The old sambaAccount schema may still be used by specifying the 
-"ldapsam_compat" passdb backend.  However, the sambaAccount and
-associated attributes have been moved to the historical section of
-the schema file and must be uncommented before use if needed.
-The 2.2 object class declaration for a sambaAccount has not changed
-in the 3.0 samba.schema file. 
-  
-Other new object classes and their uses include:
-  
-  * sambaDomain - domain information used to allocate rids 
-    for users and groups as necessary.  The attributes are added
-    in 'ldap suffix' directory entry automatically if 
-    an idmap uid/gid range has been set and the 'ldapsam'
-    passdb backend has been selected.
-      
-  * sambaGroupMapping - an object representing the 
-    relationship between a posixGroup and a Windows
-    group/SID.  These entries are stored in the 'ldap 
-    group suffix' and managed by the 'net groupmap' command.
-    
-  * sambaUnixIdPool - created in the 'ldap idmap suffix' entry 
-    automatically and contains the next available 'idmap uid' and 
-    'idmap gid'
-    
-  * sambaIdmapEntry - object storing a mapping between a 
-    SID and a UNIX uid/gid.  These objects are created by the 
-    idmap_ldap module as needed.
+o   Gerald (Jerry) Carter <jerry@samba.org>
+    * Implement support for one-way trusts and two-way cross-forest
+      transitive trust in winbindd.
+    * Fixes for Winbind's offline/disconnected logon support when
+      using remote idmap backends.
+    * Fix LookupNames and LookupSids to use the same resolution
+      heuristics as Windows XP.
+    * Fix lockups in Winbind when running nscd.
+    * UPN logon support in pam_winbind.
+    * Add support for GNU linker scripts when build shared libraries
+      (based on work by Julien Cristau <jcristau@debian.org> and James 
+      Peach).

 
 

-    
-New Suffix for Searching
-------------------------
-  
-The following new smb.conf parameters have been added to aid in directing
-certain LDAP queries when 'passdb backend = ldapsam://...' has been
-specified.
-
-  * ldap suffix         - used to search for user and computer accounts
-  * ldap user suffix    - used to store user accounts
-  * ldap machine suffix - used to store machine trust accounts
-  * ldap group suffix   - location of posixGroup/sambaGroupMapping entries
-  * ldap idmap suffix   - location of sambaIdmapEntry objects
-
-If an 'ldap suffix' is defined, it will be appended to all of the 
-remaining sub-suffix parameters.  In this case, the order of the suffix
-listings in smb.conf is important.  Always place the 'ldap suffix' first
-in the list.  
-
-Due to a limitation in Samba's smb.conf parsing, you should not surround 
-the DN's with quotation marks.
-
-
-IdMap LDAP support
-------------------
-
-Samba 3.0 supports an ldap backend for the idmap subsystem.  The 
-following options would inform Samba that the idmap table should be
-stored on the directory server onterose in the "ou=idmap,dc=plainjoe,
-dc=org" partition.
-
- [global]
-    ...
-    idmap backend     = ldap:ldap://onterose/
-    ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
-    idmap uid         = 40000-50000
-    idmap gid         = 40000-50000
-
-This configuration allows winbind installations on multiple servers to
-share a uid/gid number space, thus avoiding the interoperability problems
-with NFS that were present in Samba 2.2.
-    

 
 

-######################################################################
-Known Issues
-############
+o   Guenther Deschner <gd@samba.org>
+    * Additional support for decoding and downloading group policy
+      objects from Active Directory.
+    * Improvements to "net ads keytab" command.
+    * Fixes for linking against Heimdal Kerberos client libs.
+    * Support LDAP range retrieval searches.
+    * Fixes for failure to refresh user ticket caches in Winbind.
+    * UPN logon support in pam_winbind.
+    * Add KDC locator plugin for MIT kerberos 1.6 or later.
+
+
+o   Steve Langasek <vorlon@debian.org>
+    * Allow SIGTERM to cause nmbd to exit while awaiting a interface
+      to come up. 
+
+
+o   Volker Lendecke <vl@samba.org>
+    * Merge experimental cluster support patches from the ctdb branch.
+    * Add tdb storage abstraction for ctdb.
+    * Use IDL for internal message passing system.
+    * Add client support for the SamLogonEx() authentication request.
+    * Implement RPC proxy stubs in the Samba server code to allow
+      replacing implementation functions one by one.
+    * Remove static incoming and outgoing buffers from core server SMB 
+      packet processing code.
+    * Add "net sam rights" command.
+
+
+o   Steve French <sfrench@samba.org>
+    * Fixes for mount.cfs Linux utility.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * Fixes for libreplace.
+    * Add support for LDAP digital signing policy.
+    * Experimental clustered file system support.
+

 
 

-* The smbldap perl scripts for managing user entries in an LDAP 
-  directory have not be updated to function with the Samba 3.0
-  schema changes.  This (or an equivalent solution) work is planned
-  to be completed prior to the stable 3.0.0 release.
+o   Lars Mueller <lars@samba.org>
+    * Makefile and build fixes.
+    * Add pam_pwd_expire for pam_winbind (original patch from Andreas
+      Schneider).
+
+
+o   James Peach <jpeach@apple.com>
+    * Fixes for setgroups() and *BSD and Darwin.
+    * Support membership of >16 groups on Darwin.
+
+
+o   Jiri Sasek <Jiri.Sasek@Sun.COM>
+    * Added vfs_vfsacl module.
+
+
+o   Karolin Seeger <ks@sernet.de>
+    * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
+    * Cleanup internal passdb functions.
+
+
+o   Simo Sorce <idra@samba.org>
+    * Fixes for IDmap and Passdb backends.
+
+
+o   Andrew Tridgell <tridge@samba.org>
+    * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
+    * Move several file serving related tdb files to use the dbwrap
+      API internally.
+    * Cleanup the GPFS VFS plugin.
+    * Experimental clustered file system support.
+
+
+o   Jelmer Vernooij <jelmer@samba.org>
+    * Implement NDR basic to support utilizing IDL files from Samba 4
+      tree for general DCE/RPC parsing stubs.

 
 

-Please refer to https://bugzilla.samba.org/ for a current list of bugs 
-filed against the Samba 3.0 codebase.

 
 
 ######################################################################
 
 
 ######################################################################


@@ -544,10 +254,13 @@ joining the #samba-technical IRC channel on irc.freenode.net.
 
 If you do report problems then please try to send high quality
 feedback. If you don't provide vital information to help us track down
 
 If you do report problems then please try to send high quality
 feedback. If you don't provide vital information to help us track down

-the problem then you will probably be ignored.  
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+

 
 

-A new bugzilla installation has been established to help support the 
-Samba 3.0 community of users.  This server, located at 
-https://bugzilla.samba.org/, will replace the existing jitterbug server 
-and the old http://bugs.samba.org now points to the new bugzilla server.
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================