X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=blobdiff_plain;f=WHATSNEW.txt;h=ab78957cca00b60ba59081340616424035eefec2;hp=322c646f7d7d949f280230fac71858ee84666543;hb=3d6154599a798e432360c001c25267e990f53d6d;hpb=59fcf1410749f7a233d87374f9d6d98501cd7ef3 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 322c646f7d7..ab78957cca0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,198 +1,413 @@ - WHATS NEW IN 1.9.18alpha13 Dec 15th 1997 - ======================================== + WHATS NEW IN Samba 2.0.4b + ========================= -This is NOT a production release of Samba code. -For production servers please run Samba 1.9.17p4 -or later releases in the 1.9.17 series. +This is the latest stable release of Samba. This is the +version that all production Samba servers should be running +for all current bug-fixes. -In this release (1.9.18alpha13) the Domain controller -code should not be turned on. The Domain controller -code stream is now being developed in a separate code -development branch. To participate in this important -work, send an email to : +New/Changed parameters in 2.0.4 +------------------------------- -samba-bugs@samba.anu.edu.au +There are 5 new parameters and one modified parameter in +the smb.conf file. -to get instructions on how to gain access to -the latest Domain controller code. +allow trusted domains +restrict anonymous +mangle locks +oplock break wait time +oplock contention limit -This release contains three major changes to the -1.9.17 series and much re-written code. +The new parameters are : -The main changes are : +allow trusted domains +--------------------- -1). Oplock support now operational. ------------------------------------ +This option is used in "security=domain" settings and allows +the Samba admin to restrict access to users within the domain +the the Samba server is in. -Samba now supports 'exclusive' and 'batch' oplocks. -These are an advanced networked file system feature -that allows clients to obtain a exclusive use of a -file. This allows a client to cache any changes it -makes locally, and greatly improves performance. +restrict anonymous +------------------ -Windows NT has this feature and prior to this -release this was one of the reasons Windows NT -could be faster in some situations. Samba has -now been benchmarked as out performing Windows -NT on equivalently priced hardware. +This parameter allows the Samba admin to cause Samba to +refuse access to anonymous users. Use of this parameter +is only recommened for homogenous NT client environments. -The oplock code in Samba has been extensively -tested and is believed to be completely stable. +mangle locks +------------ -Please report any problems to the samba-bugs alias. +This parameter was added to get around a bug in Windows NT +when dealing with Samba running on 32-bit systems (such +as Linux x86). This bug causes NT to send 64 bit locking +requests to 32-bit systems even though Samba correctly +tells the NT client not to do so. This option causes Samba +to map the lock requests from 64 bits to 32 bits on these +systems. -2). NetBIOS name daemon re-written. ------------------------------------ +oplock break wait time +---------------------- -The old nmbd that has caused some users problems -has now been completely re-written and now is -much easier to maintain and add changes to. +This tuning parameter, added to help with clients that don't +respond to oplock break requests, causes Samba to deley for +this number of milliseconds before sending an oplock break +request to a client that caused the break to be sent. The +default is 10ms. This is an advanced tuning parameter and +should not be changed lightly. + +oplock contention limit +----------------------- + +This tuning parameter causes Samba not to grant oplocks +when an smbd daemon notices that there have been this +many concurrent requests for an oplock on a file. This +prevents the "baton passing" oplock problem where many +clients accessing one file pass the oplock between themselves +like a baton. The default is 2. This is an advanced tuning +parameter and should not be changed lightly. + +The modified parameter is : + +nt acl support +-------------- + +This is a global parameter that defaulted to False in +the previous release (2.0.3) and now defaults to True +as the RPC code has been added to Samba to allow it to +map UNIX permissions to NT ACLs. + +All of these new parameters and changes are documented in the +smb.conf man pages and html pages. + +Updated and New documentation +----------------------------- + +A new document describing the manipulation of UNIX permissions +via the Windows NT security dialogs and their interaction with +Samba 2.0.4 is provided as : + +docs/textdocs/NT_Security.txt +docs/htmldocs/NT_Security.html + +Changes in 2.0.4b +----------------- + +A bug with MS-Word 97 saving files with zero UNIX permissions +was fixed. Even though a workaround is available (set force +create mode = 644 on the share) Word is such an important +application that a point fix was neccessary. + +Changes in 2.0.4a +----------------- + +The text and html versions of NT_Security were missing from +the shipping tarball. Also a compile bug for platforms that +don't have usleep was fixed. + +Bugfixes added since 2.0.3 +-------------------------- + +1). Fix for 8 character password problem when using HPUX and +plaintext passwords. +2). --with-pam option added to ./configure. +3). Client fixes for memory leak and display of 64 bit values. +4). Fixes for -E and -s option with smbclient. +5). smbclient now allows -L //server or -L \\server +6). smbtar fix for display of 64 bit values. +7). Endian independence added to DCE/RPC code. +8). DCE/RPC marshalling/unmarshalling code re-written to provide +overflow reporting and sign and seal support. +9). Bind NAK reply packet added to DCE/RPC code, used to correctly +refuse bind requests (prevents NT system event log messages). +10). Mapping of UNIX permissions into NT ACL's for get and set +added. +11). DCE/RPC enumeration of numbers of shares made dynamic. +Samba now has no limit on the number of exported shares seen. +12). Fix to speed up random number seed generation on /dev/urandom +being unavailable. +13). Several memory fixes added by running Purify on the code. +14). Read from client error messages improved. +15). Fixed endianness used in UNICODE strings. +16). Cope with ERRORmoredata in an RPC pipe client call. +17). Check for malformed responses in nmbd register name. +18). NT Encrypted password changing from the NT password dialog box +now fully implmented. +19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit +Samba platform. +20). Allow file to be pseudo-openend in order to read security only. +21). Improve filename mangling to reduce chance of collisions. +22). Added code to prevent granting of oplocks when a file is under +contention. +23). Added tunable wait time before sending an oplock break request +to a client if the client caused the break request. Helps with clients +not responding to oplock breaks. +24). Always respond negatively to queued local oplock break messages +before shutdown. This can prevent "freezes" on an oplock error. +25). Allow admin to restrict logons to correct domain when in domain +level security. +26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org) +to prevent parameter substitution problems with anonymous connections. +27). Fix SMBseek where seeking to a negative number sets the offset +to zero. +28). Fixed problem with mode getting corrupted in trans2 request +(setting to zero means please ignore it). +29). Correctly become the authenticated user on an authenticated +DCE/RPC pipe request. +30). Correctly reset debug level in nmbd if someone set it on the +command line. +31). Added more checking into testparm +32). NetBench simulator added to smbtorture by Andrew. +33). Fixed NIS+ option compile (was broken in 2.0.3). +34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt +(ejb@ql.org) + +Bugfixes added since 2.0.2 +-------------------------- + +1). --with-ssl configure now include ssl include directory. Fix +from Richard Sharpe. +2). Patch for configure for glibc2.1 support (large files etc.). +3). Several bugfixes for smbclient tar mode from Bob Boehmer +(boehmer@worldnet.att.net) to fix smbclient aborting problems +when restoring tar files. +4). Some automount fixes for smbmount. +5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as +root. As no-one has given us root access to such a server this +cannot be tested fully, but should work. +6). Crash bug fix in debug code where *real* uid rather than +*effective* uid was being checked before attempting to rotate +log files. This fix should help a *lot* of people who were +reporting smbd aborting in the middle of a copy operation. +7). SIGALRM bugfix to ensure infinate file locks time out. +8). New code to implement NT ACL reporting for cacls.exe program. +9). UDP loopback socket rebind fix for Solaris. +10). Ensure all UNICODE strings are correctly in little-endian +format. +11). smbpasswd file locking fix. +12). Fixes for strncpy problems with glibc2.1. +13). Ensure smbd correctly reports major and minor version number +and server type when queried via NT rpc calls. +14). Bugfix for short mangled names not being pulled off the +mangled stack correctly. +15). Fix for mapping of rwx bits being incorrectly overwritten +when doing ATTRIB.EXE +16). Fix for returning multiple PDU packets in NT rpc code. Should +allow multiple shares to be returned correctly). +17). Improved mapping of NT open access requests into UNIX open +modes. +18). Fix for copying files from an NTFS volume that contain +multiple data forks. Added 'magic' error code NT needs. +19). Fixed crash bug when primary NT authentication server +is down, rolls over to secondaries correctly now. +20). Fixed timeout processing to be timer based. Now will +always occur even if smbd is under load. +21). Fixed signed/unsigned problem in quotas code. +22). Fixed bug where setting the password of a completely fresh +user would end up setting the account disabled flag. +23). Improved user logon messages to help admins having +trouble with user authentication. + +Bugfixes added since 2.0.1 +-------------------------- + +Note that due to a critical signal handling bug in 2.0.1, +this release has been removed and replaced immediately with +2.0.2. The Samba Team would like to apologise for any problem +this may have caused. + +1). Fixed smbd looping on SIGCLD problem. This was + caused by a missing break statement in a critical + piece of code. + +Bugfixes added since 2.0.0 +-------------------------- + +1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 +2). Autoconf changes to help HPUX configure correctly. +3). Autoconf changes to allow lock directory to be set. +4). Client fix to allow port to be set. +5). clitar fix to send debug messages to stderr. +6). smbmount race condition fix. +7). Fix for bug where trying to browse large numbers of shares + generated an error from an NT client. +8). Wrapper for setgroups for SunOS 4.x +9). Fix for directory deleting failing from multiuser NT. +10). Fix for crash bug if bitmap was full. +11). Fix for Linux genrand where /dev/random could cause + clients to timeout on connect if the entropy pool was + empty. +12). The default PASSWD_CHAT may now be overridden in local.h +13). HPUX printing fixes for default programs. +14). Reverted (erroneous) code in MACHINE.SID generation that + was setting the sid to 0x21 - should be *decimal* 21. +15). Fix for printing to remote machine under SVR4. +16). Fix for chgpasswd wait being interrupted with EINTR. +17). Fix for disk free routine. NT and Win98 now correctly + show greater than 2GB disks. +18). Fix for crash bug in stat cache statistics printing. +19). Fix for filenames ending in .~xx. +20). Fix for access check code wait being interrupted with EINTR. +21). Fix for password changes from "invalid password" to a valid + one setting the account disabled bit. +22). Fix for smbd crash bug in SMBreadraw cache prime code. +23). Fix for overly zealous lock range overflow reporting. +24). Fix for large disk disk free reporting (NT SMB code). +25). Fix for NT failing to truncate files correctly. +26). Fix for smbd crash bug with SMBcancel calls. +27). Additional -T flag to nmblookup to do reverse DNS on addresses. +28). SWAT fix to start/stop smbd/nmbd correctly. + +Major changes in Samba 2.0 +-------------------------- + +This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file +and print server for Windows systems. + +There have been many changes in Samba since the last major release, +1.9.18. These have mainly been in the areas of performance and +SMB protocol correctness. In addition, a Web based GUI interface +for configuring Samba has been added. + +In addition, Samba has been re-written to help portability to +other POSIX-based systems, based on the GNU autoconf tool. + +There are many major changes in Samba for version 2.0. Here are +some of them: + +===================================================================== + +1). Speed +--------- + +Samba has been benchmarked on high-end UNIX hardware as out-performing +all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark. +Many changes to the code to optimise high-end performance have been made. + +2). Correctness +--------------- -Changes include support for multi-homed hosts -in the same way as an NT Server with multiple -IP interfaces behaves (registers with the WINS -server as a multi-homed name type), and also -support for multi-homed name registration in -the Samba WINS server. Another added feature -is robustness in the face of WINS server failure, -nmbd will now keep trying to contact the WINS -server until it is successful, in the same -way as an NT Server. +Samba now supports the Windows NT specific SMB requests. This +means that on platforms that are capable Samba now presents a +64 bit view of the filesystem to Windows NT clients and is +capable of handling very large files. -Also in this release is an implementation -of the Lanman announce protocol used by -OS/2 clients. Thanks to Jacco de Leeuw for -this code. +3). Portability +--------------- -3). New Internationalization support. -------------------------------------- +Samba is now self-configuring using GNU autoconf, removing +the need for people installing Samba to have to hand configure +Makefiles, as was needed in previous versions. -With this release Samba no longer needs to be -separately compiled for Japanese (Kanji) support, -the same binary will serve both Kanji and non-Kanji -clients. +You now configure Samba by running "./configure" then "make". See +docs/textdocs/UNIX_INSTALL.txt for details. -A new method of dynamically loading client code pages -has been added to allow the case insensitivity to -be done dependent on the code page of the client. +4). Web based GUI configuration +------------------------------- -Note that Samba still will only handle one client -code page at a time. This will be fixed when -Samba is fully UNICODE enabled. +Samba now comes with SWAT, a web based GUI config system. See +the swat man page for details on how to set it up. -Please see the new man page for make_smbcodepage -for details on adding additional client code page -support. +5). Cross protocol data integrity +--------------------------------- +An open function interface has been defined to allow +"opportunistic locks" (oplocks for short) granted by Samba +to be seen by other UNIX processes. This allows complete +cross protocol (NFS and SMB) data integrety using Samba +with platforms that support this feature. -Changed code. -------------- +6). Domain client capability +---------------------------- -Samba no longer needs the libdes library to support -encrypted passwords. Samba now contains a restricted -version of DES that can only be used for authentication -purposes (to comply with the USA export encryption -regulations and to allow USA Mirror sites to carry -Samba source code). The 'encrypt passwords' parameter -may now be used without recompiling. +Samba is now capable of using a Windows NT PDC for user +authentication in exactly the same way that a Windows NT +workstation does, i.e. it can be a member of a Domain. See +docs/textdocs/DOMAIN_MEMBER.txt for details. -Much of the internals of Samba has been re-structured -to support the oplock and Domain controller changes. +7). Documentation Updates +------------------------- -An implementation of the Windows 95 automatic printer -driver installation has been added to smbd. To use this -new feature please read the document: +All the reference parts of the Samba documentation (the +manual pages) have been updated and converted to a document +format that allows automatic generation of HTML, SGML, and +text formats. These documents now ship as standard in HTML +and manpage format. -docs/PRINTER_DRIVER.txt +===================================================================== -Thanks to Jean-Francois Micouleau for this new code. +NOTE - Some important option defaults changed +--------------------------------------------- -Printer support on System V systems (notably Solaris) -has been improved with the addition of code generously -donated by Norm Jacobs of Sun Microsystems. Sun have -also made a Solaris SPARC workstation available to the -Samba Team to aid in their porting efforts. +Several parameters have changed their default values. The most +important of these is that the default security mode is now user +level security rather than share level security. -Samba now contains an implementation of share modes -using System V shared memory as well as the mmap() -based code. This was done to allow the 'FAST_SHARE_MODES' -to be used on more systems (especially HPUX 9.x) that -have System V shared memory, but not the mmap() call. +This (incompatible) change was made to ease new Samba installs +as user level security is easier to use for Windows 95/98 and +Windows NT clients. -The System V shared memory code is used by default on -many systems as it has benchmarked as faster on many -systems. +********IMPORTANT NOTE**************** -The Automount code has been slightly re-shuffled, such -that the home directory (and profile location) can be -specified by \\%N\homes and \\%N\homes\profiles -respectively, which are the defaults for these values. -If -DAUTOMOUNT is enabled, then %N is the server -component of the user's NIS auto.home entry. Obviously, -you will need to be running Samba on the user's home -server as well as the one they just logged in on. - -The RPC Domain code has been moved into a separate directory -rpc_pipe/, and a LGPL License issued specifically for code -in this directory. This is so that people can use this -code in other projects. - -Missing feature. ----------------- - -One feature that we wanted to get into this release -that was not possible due to the re-write of the nmbd -code was the scalability features in the Samba WINS server. -This feature is now tentatively scheduled for the next -release (1.9.19). Apologies to anyone who was hoping -for this feature to be included. The nmbd re-write -will make it much easier to add such things in future. - -New parameters in smb.conf. ---------------------------- - -New Global parameters. ----------------------- +If you have no "security=" line in the [global] section of +your current smb.conf and you update to Samba 2.0 you will +need to add the line : -Documented in the smb.conf man pages : +security=share - "bind interfaces only" +to get exactly the same behaviour with Samba 2.0 as you +did with previous versions of Samba. - "lm announce" - "lm interval" +********END IMPORTANT NOTE************* - "logon drive" - "logon home" +In addition, Samba now defaults to case sensitivity options that +match a Windows NT server precisely, that is, case insensitive +but case preserving. - "min wins ttl" - "max wins ttl" +The default format of the smbpasswd file has also been +changed for this release, although the new tools will read +and write the old format, for backwards compatibility. - "username level" +===================================================================== -New Share level parameters. ---------------------------- +NOTE - Primary Domain Controller Functionality +---------------------------------------------- -Documented in the smb.conf man pages : +This version of Samba contains code that correctly implements +the undocumented Primary Domain Controller authentication +protocols. However, there is much more to being a Primary +Domain Controller than serving Windows NT logon requests. - "delete veto files" - "oplocks" +A useful version of a Primary Domain Controller contains +many remote procedure calls to do things like enumerate users, +groups, and security information, only some of which Samba currently +implements. In addition, there are outstanding (known) bugs with +using Samba as a PDC in this release that the Samba Team are actively +working on. For this reason we have chosen not to advertise and +actively support Primary Domain Controller functionality with this +release. +This work is being done in the CVS (developer) versions of Samba, +development of which continues at a fast pace. If you are +interested in participating in or helping with this development +please join the Samba-NTDOM mailing list. Details on joining +are available at : -Reporting bugs. ---------------- +http://samba.org/listproc/ + +Details on obtaining CVS (developer) versions of Samba +are available at: + +http://samba.org/cvs.html -If you have problems, or think you have found a -bug please email a report to : +===================================================================== - samba-bugs@samba.anu.edu.au +If you have problems, or think you have found a bug please email +a report to : -Please state the version number of Samba that -you are running, and *full details* of the steps -we need to reproduce the problem. + samba-bugs@samba.org As always, all bugs are our responsibility. Regards, - The Samba Team. + The Samba Team.