X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=blobdiff_plain;f=WHATSNEW.txt;h=a9258b0fa836f7f9ad2e002098a41071e59f4ebc;hp=a055b09f69c64e99c143c651dc5a4778739942c3;hb=0fbefbcb54eb0610d4cbd3579914f884d0ae6fa5;hpb=c9d2dfcb19eac0b98f14d5dc265f70ba70aa2d34 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a055b09f69c..a9258b0fa83 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,45 +1,40 @@ -What's new in Samba 4 alpha4 -============================ +What's new in Samba 4 alpha18 +============================= -Samba 4 is the ambitious next version of the Samba suite that is being -developed in parallel to the stable 3.0 series. The main emphasis in -this branch is support for the Active Directory logon protocols used -by Windows 2000 and above. - -Samba 4 is currently not yet in a state where it is usable in -production environments. Note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work. - -Samba4 alpha4 follows on from the alpha release series we have been -publishing since September last year. +Samba 4.0 will be the next version of the Samba suite and incorporates +all the technology found in both the Samba4 alpha series and the +stable 3.x series. The primary additional features over Samba 3.6 are +support for the Active Directory logon protocols used by Windows 2000 +and above. WARNINGS ======== -Samba4 alpha4 is not a final Samba release. That is more a reference -to Samba4's lack of the features we expect you will need than a -statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. +Samba4 alpha18 is not a final Samba release, however we are now making +good progress towards a Samba 4.0 release, of which this is a preview. +Be aware the this release contains both the technology of Samba 3.6 +(that you can reasonably expect to upgrade existing Samba 3.x releases +to) and the AD domain controller work previously known as 'samba4'. + +While binaries for the stable file server are provided in this +release, for a stable, supported file server, Samba3 domain or AD +domain member installation, please run a Samba 3.x release, as we are +still bedding down the new single build system. -For example, while Samba 3.0 is an excellent member of a Active -Directory domain, Samba4 is happier as a domain controller: (This is -where we have done most of the research and development). +Samba4 is subjected to an awesome battery of tests on an automated +basis, we have found Samba 4.0 to be very stable in it's behavior. +However, we still recommend against upgrading production servers from +Samba 3.x release to Samba 4.0 alpha at this stage. -While Samba4 is subjected to an awesome battery of tests on an -automated basis, and we have found Samba4 to be very stable in it's -behaviour, we have to recommend against upgrading production servers -from Samba 3 to Samba 4 at this stage. If you are upgrading an -experimental server, or looking to develop and test Samba, you should -backup all configuration and data. +If you are upgrading, or looking to develop, test or deploy Samba 4.0 +alpha releases, you should backup all configuration and data. NEW FEATURES ============ -Samba4 supports the server-side of the Active Directory logon environment -used by Windows 2000 and later, so we can do full domain join -and domain logon operations with these clients. +Samba 4.0 alpha supports the server-side of the Active Directory logon +environment used by Windows 2000 and later, so we can do full domain +join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the @@ -47,110 +42,130 @@ Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. -The new VFS features in Samba 4 adapts the filesystem on the server to -match the Windows client semantics, allowing Samba 4 to better match -windows behaviour and application expectations. This includes file -annotation information (in streams) and NT ACLs in particular. The -VFS is backed with an extensive automated test suite. +Samba 4.0 alpha ships with two distinct file servers. The file server +from the Samba 3.x series is 'smbd', and works with the binaries users +would expect from that series (nmbd, winbindd, smbpasswd). -A new scripting interface has been added to Samba 4, allowing -Python programs to interface to Samba's internals. +Samba 4.0 also ships with a new file server, which is tuned to match +the requirements of an AD domain controller. Users should not use the +file server in the 'samba' binary for non-DC related tasks. -The Samba 4 architecture is based around an LDAP-like database that -can use a range of modular backends. One of the backends supports -standards compliant LDAP servers (including OpenLDAP), and we are -working on modules to map between AD-like behaviours and this backend. -We are aiming for Samba 4 to be powerful frontend to large -directories. +A new scripting interface has been added to Samba 4, allowing Python +programs to interface to Samba's internals, and many tools and +internal workings of the DC code is now implemented in python. -CHANGES SINCE Alpha3 -===================== -In the time since Samba4 Alpha2 was released in December 2007, Samba has -continued to evolve, but you may particularly notice these areas: +CHANGES SINCE alpha17 +===================== - Python Bindings: Bindings for Python are now used for all internal - scripting, and the system python installation is used to run all - Samba python scripts (in place of smbpython found in the previous - alpha). +For a list of changes since alpha 17, please see the git log. - As such Python is no longer optional, and configure will generate an - error if it cannot locate an appropriate Python installation. +$ git clone git://git.samba.org/samba.git +$ cd samba.git +$ git log samba-4.0.0alpha17..samba-4.0.0alpha18 - SWAT Remains Disabled: Due to a lack of developer time and without a - long-term web developer to maintain it, the SWAT web UI remains been - disabled (and would need to be rewritten in python in any case). +Some major user-visible changes include: - GNU Make: To try and simplfy our build system, we rely on GNU Make - to avoid autogenerating a massive single makefile. +Improvements to DNS servers. Samba4 now has 3 options for the +handling of DNS: The default option is to use the BIND 9.8 DLZ plugin, +which stores the information about the DNS zone in the directory. +There is also an internal DNS server (but which does not support +secure DNS updates at this time) and the flat file BIND 9.8 backend +(storing the data in traditional zone files). - Registry: Samba4's registry library has continued to improve. +To migrate from zone files to directory based DNS servers, a migration +tool (upgradedns) has been added. - ID mapping: Samba4 uses the internal ID mapping in winbind for all - but a few core users. Samba users should not appear in /etc/passwd, - as Samba will generate new user and group IDs regradless. +samba-tool dns commands to manage DNS records stored in directory. - NTP: Samba4 can act as a signing server for the ntp.org NTP deamon, - allowing NTPd to reply using Microsoft's non-standard signing - scheme. A patch to make NTPd talk to Samba for this purpose has - been submitted to the ntp.org project. +smbwrapper (a user-space file system based on LD_PRELOAD) has been +removed. - CLDAP: Users should experience less arbitary delays and more success with - group policy, domain joins and logons due to an improved - implementation of CLDAP and the 'netlogon' mailslot datagrams. +Improvement to the upgrade process between Samba 3.x domains and Samba +4.0 AD domains (samba-tool domain samba3upgrade). - SMB2: The Samba4 SMB2 server and testsuite have been greatly - improved, but the SMB2 server remains off by default. +Some major but less visible changes include: - Secure DNS update: Configuration for GSS-TSIG updates of DNS records - is now generated by the provision script. +Major work to bridge the code gap between the major parts of the code +base, including a common loadparm wrapper, smb client library, as well +as NTLMSSP, GSSAPI and SPNEGO code as part of the GENSEC +authentication and authorization stack. -These are just some of the highlights of the work done in the past few -months. More details can be found in our GIT history. +Preparation work for moving to TDB2, a new version of Samba's core TDB +database. +smbtorture tests for SMB 2 and SMB 2.2 as the team improves and +develops support these new protocols. -CHANGES -======= +Major cleanup and removal of global variables in the smbd SMB and SMB2 server. -Those familiar with Samba 3 can find a list of user-visible changes -since that release series in the NEWS file. +Heimdal security issue 2012-01-11 - libkrb5 checksum - denial of serice +http://www.h5l.org//advisories.html?show=2012-01-11 KNOWN ISSUES ============ -- Domain member support is in it's infancy, and is not comparable to - the support found in Samba3. +- upgradeprovision should not be run when upgrading to this release + from a recent release. No important database format changes have + been made since alpha16. + +- The BIND 9 DLZ plugin is compatible only with BIND 9.8, not BIND 9.9. -- There is no printing support in the current release. +- Systems with tdb or ldb installed as a system library may have + difficulty building this release of Samba4. The --disable-tdb2 + configure switch may be of assistance. (Distributors who (rightly) + have difficulty with this may wish to wait until a future release, + which will soon fix this issue). -- There is no netbios browsing support in the current release +- Installation on systems without a system iconv (and developer + headers at compile time) is known to cause errors when dealing with + non-ASCII characters. -- The Samba4 port of the CTDB clustering support is not yet complete +- In some situations, group members may not be upgraded by the + samba-tool domain samba3upgrade tool + +- Domain member support in the 'samba' binary is in it's infancy, and + is not comparable to the support found in winbindd. As such, do not + use the 'samba' binary (provided for the AD server) on a member + server. + +- There is no printing support in the 'samba' binary (use smbd instead) + +- There is no NetBIOS browsing support (network neighbourhood) in the + 'samba' binary (use nmbd and smbd instead) - Clock Synchronisation is critical. Many 'wrong password' errors are actually due to Kerberos objecting to a clock skew between client - and server. (The NTP work is partly to assist with this problem). + and server. (The NTP work in the previous alphas are partly to assist + with this problem). + +- The DRS replication code may fail. Please contact the team if you + experience issues with DRS replication, as we have fixed many issues + here in response to feedback from our production users. + +RUNNING Samba 4.0 as an AD DC +============================= + +A short guide to setting up Samba 4 as an AD DC can be found on the wiki: -- Samba4 alpha4 is currently only portable to recent Linux - distributions. Work to return support for other Unix varients is - expected during the next alpha cycle + http://wiki.samba.org/index.php/Samba4/HOWTO -RUNNING Samba4 -============== +####################################### +Reporting bugs & Development Discussion +####################################### -A short guide to setting up Samba 4 can be found in the howto.txt file -in root of the tarball. +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. -DEVELOPMENT and FEEDBACK -======================== -Bugs can be filed at https://bugzilla.samba.org/ but please be aware -that many features are simply not expected to work at this stage. +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). -The Samba Wiki at http://wiki.samba.org should detail some of these -development plans. -Development and general discussion about Samba 4 happens mainly on -the #samba-technical IRC channel (on irc.freenode.net) and -the samba-technical mailing list (see http://lists.samba.org/ for -details). +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +======================================================================