4 Samba 4 is the ambitious next version of the Samba suite that is being
5 developed in parallel to the stable 3.0 series. The main emphasis in
6 this branch is support for the Active Directory logon protocols used
7 by Windows 2000 and above.
9 While we welcome your interest in Samba 4, we don't want you to run your
10 network with it quite yet. Please note the WARNINGS below, and the
11 STATUS file, which aims to document what should and should not work.
13 With 4 years of development under our belt since Tridge first proposed
14 a new Virtual File System (VFS) layer for Samba3 (a project which
15 eventually lead to our Active Directory efforts), we felt that we
16 should create something we could 'show off' to our users. This is a
17 Technology Preview (TP), aimed at allowing you, our users, managers and
18 developers to see how we have progressed, and to invite your feedback and
24 Samba4 is currently at alpha stage. That is more a reference to
25 Samba4's lack of the features we expect you will need than a statement
26 of code quality, but clearly it hasn't seen a broad deployment yet. If
27 you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find
28 many things work, but that other key features you may have relied on
29 simply are not there yet.
31 For example, while Samba 3.0 is an excellent member of a Active
32 Directory domain, Samba4 is happier as a domain controller: (This is
33 where we have done most of the research and development).
35 While Samba4 is subjected to an awesome battery of tests on an
36 automated basis, and we have found Samba4 to be very stable in it's
37 behaviour, we have to recommend against upgrading production servers
38 from Samba 3 to Samba 4 at this stage. If you are upgrading an
39 experimental server, or looking to develop and test Samba, you should
40 backup all configuration and data.
42 As we research the needs of Active Directory integration more closely,
43 we may need to change the format of the user database, in particular
44 as we begin to understand how the attributes are generated and stored.
45 At a worst case, we expect users will be able to extract the stored
46 data as LDIF and hand munge it, but until we make an alpha release, we
47 won't do this automatically. Indeed, many module changes are simply
48 easier to cope with if you just re-provision after the upgrade.
50 We value the security of your computers, and so we must warn you that
51 Samba 4 Technology Preview includes basic Access Control List (ACL)
52 protection on the main user database, but due to time constraints,
53 none on the registry at this stage. We also do not currently have
54 ACLs on the SWAT web-based management tool. This means that Samba 4
55 Technology Preview is not secure, and should not be exposed to
58 Within the above proviso, file system access should occur as the
59 logged in user, much as Samba3 does.
61 As such, we must strongly recommend against using Samba4 in a
62 production environment at this stage.
67 Samba4 supports the server-side of the Active Directory logon environment
68 used by Windows 2000 and later, so we can do full domain join
69 and domain logon operations with these clients.
71 Our Domain Controller (DC) implementation includes our own built-in
72 LDAP server and Kerberos Key Distribution Centre (KDC) as well as the
73 Samba3-like logon services provided over CIFS. We correctly generate
74 the infamous Kerberos PAC, and include it with the Kerberos tickets we
77 SWAT is now integrated into Samba 4 as the user-friendly interface to
78 Samba server management. SWAT provides easy access to our
79 setup and migration tools. Using SWAT, you can migrate windows
80 domains in Samba 4, allowing easy setup of initial user databases, and
81 upgrades from Samba 3.
83 The new VFS features in Samba 4 adapts the file-system on the server to
84 match the Windows client semantics, allowing Samba 4 to better match
85 windows behaviour and application expectations. This includes file
86 annotation information (in streams) and NT ACLs in particular. The
87 VFS is backed with an extensive automated test suite.
89 A new scripting interface has been added to Samba 4, allowing
90 JavaScript programs to interface to Samba's internals.
92 The Samba 4 architecture is based around an LDAP-like database that
93 can use a range of modular backends. One of the backends supports
94 standards compliant LDAP servers (including OpenLDAP), and we are
95 working on modules to map between AD-like behaviours and this back-end.
96 We are aiming for Samba 4 to be powerful front-end to large
102 Those familiar with Samba 3 can find a list of user-visible changes
103 since that release series in the NEWS file.
105 - An optional password is no longer supported as the second argument to
108 - The default location of smb.conf in non-FHS builds has changed from the
109 PREFIX/lib directory to the PREFIX/etc directory.
114 - Standalone server and domain member roles are not currently
115 supported. While we have much of the infrastructure required, we
116 have not collected these pieces together.
118 - There is no printing support in the current release.
120 - SWAT can be painful with <TAB> and forms. Just use the mouse, as
121 the JavaScript layer doing this will change.
126 A short guide to setting up Samba 4 can be found in the howto.txt file
127 in root of the tarball.
129 Development and feedback
130 ------------------------
132 Bugs can be filed at https://bugzilla.samba.org/. Please
133 look at the STATUS file before filing a bug to see if a particular
134 is supposed to work yet.
136 Development and general discussion about Samba 4 happens mainly on
137 the #samba-technical IRC channel (on irc.freenode.net) and
138 the samba-technical mailing list (see http://lists.samba.org/ for
git.samba.org / jelmer / samba4-debian.git / blob