- WHATS NEW IN Samba 3.0.0 RC2
- August 28 2003
+ WHATS NEW IN Samba 3.0.1pre3
+ November 14, 2003
==============================
-This is the second release candidate snapshot of Samba 3.0.0. A release
-candidate implies that the code is very close to a final release, remember
-that this is still a non-production release intended for testing purposes.
-Use at your own risk.
+This is a preview release of the Samba 3.0.1 code base and is
+provided for testing only. This release is *not* intended for
+production servers. Use at your own risk.
-The purpose of this release candidate is to get wider testing of the major
-new pieces of code in the current Samba 3.0 development tree.
-Please refer to the section on "Known Issues" for more details.
+There have been several bug fixes since the 3.0.0 release that
+we feel are important to make available to the Samba community
+for wider testings. See the "Changes" section for details on
+exact updates.
+
+
+######################################################################
+Changes
+#######
+Changes since 3.0.1pre2
+-----------------------
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details:
+
+1) Skip over the winbind separator when looking up a user.
+ This fixes the bug that prevented local users from
+ matching an AD user when not running winbindd (bug 698).
+2) Fix a problem with configure on *BSD systems. Make sure
+ we add -liconv etc to LDFLAGS.
+3) Fix core dump bug when "security = server" and the authentication
+ server goes away.
+4) Correct crash bug due to an empty munged dial string.
+5) Show files locked by a specific user (smbstatus -u 'user')
+ (bug 590).
+6) Fix bug preventing print jobs from display in the queue
+ monitor used by Windows NT and later clients (bug 660).
+7) Fix several reported problems with point-n-print from
+ Windows 2000/XP clients due to a bug in the EnumPrinterDataEx()
+ reply (bug 338, 527 & 643).
+8) Fix a handful of potential memory leaks in the LDAP code used
+ by ldapsam[_compat] and the LDAP idmap backend.
+
+
+Changes since 3.0.1pre1
+-----------------------
+
+1) Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value.
+2) Updated Japanese welcome file in SWAT.
+3) Fix to nt-time <-> unix-time functions reversible.
+4) Ensure that winbindd uses the the escaped DN when querying
+ an AD ldap server.
+5) Fix portability issues when compiling (bug 505, 550)
+6) Compile fix for tdbbackup when Samba needs to override
+ non-C99 compliant implementations of snprintf().
+7) Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574).
+8) Make sure we break out of samsync loop on error.
+9) Ensure error code path doesn't free unmalloc()'d memory
+ (bug 628).
+10) Add configure test for krb5_keytab_entry keyblock vs key
+ member (bug 636).
+11) Fixed spinlocks.
+12) Modified testparm so that all output so all debug output goes
+ to stderr, and all file processing goes to stdout.
+13) Fix error return code for BUFFER_TOO_SMALL in smbcacls
+ and smbcquotas.
+14) Fix "NULL dest in safe_strcpy()" log message by ensuring that
+ we have a devmode before copying a string to the devicename.
+15) Support mapping REALM.COM\user to a local user account (without
+ running winbindd) for compatibility with 2.2.x release.
+16) Ensure we don't use mmap() on blacklisted systems.
+17) fixed a number of bugs and memory leaks in the AIX
+ winbindd shim
+18) Call initgroups() in SWAT before becomming the user so that
+ secondary group permissions can be used when writing to
+ smb.conf.
+19) Fix signing problems when reverse connecting back to a
+ client for printer notify
+20) Fix signing problems caused by a miss-sequence bug.
+21) Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
+ Fixes NEXUS tools running on Win9x clients (bug 64).
+22) Don't leave the domain field uninitialized in cli_lsa.c if some
+ SID could not be mapped.
+23) Fix segfault in mount.cifs helper when there is no options
+ specified during mount.
+24) Change the \n after the password prompt to go to tty instead
+ of stdout (bug 668).
+25) Stop net -P from prompting for machine account password (bug 451).
+26) Change in behavior to Not only change the effective uid but also
+ the real uid when becoming unprivileged.
+27) Cope with Exchange 5.5 cleartext pop password auth.
+28) New files for support of initshutdown pipe. Win2k doesn't
+ respond properly to all requests on the winreg pipe, so we need
+ to handle this new pipe (bug 534).
+29) Added more va_copy() checks in configure.in.
+30) Include fixes for libsmbclient build problems.
+31) Missing UNIX -> DOS codepage conversion in lanman.c.
+32) Allow DFMS-S filenames can now have arbitrary case (bug 667).
+33) Parameterize the listen backlog in smbd and make it larger by
+ default. A backlog of 5 is way too small these days.
+34) Check for an invalid fid before dereferencing the fsp pointer
+ (bug 696).
+35) Remove invalid memory frees and return codes in pdb_ldap.c.
+36) Prompt for password when invoking --set-auth-user and no
+ password is given.
+37) Bind the nmbd sending socket to the 'socket address'.
+38) Re-order link command for smbd, rpcclient and smbpasswd to ensure
+ $LDFLAGS occurs before any library specification (bug 661).
+39) Fix large number of printf() calls for 64-bit size_t.
+40) Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the
+ keyblock in the krb5 structs.
+41) Remove #include <compat.h> in hopes to avoid problems with
+ apache header files.
+42) COrrect winbindd build problems on HP-UX 11
+43) Lowercase netgroups lookups (bug 703).
+44) Use the actual size of the buffer in strftime instead of a made
+ up value which just happens to be less than sizeof(fstring).
+ (bug 713).
+45) Add ldaplibs to pdbedit link line (bug 651).
+46) Fix crash bug in smbclient completion (bug 659).
+47) Fix packet length for browse list reply (bug 771).
+48) Fix coredump in cli_get_backup_list().
+49) Make sure that we expand %N (bug 612).
+50) Allow rpcclient adddriver command to specify printer driver
+ version (bug 514).
+51) Compile tdbdump by default.
+52) Apply patches to fix iconv detection for FreeBSD.
+53) Do not allow the 'guest account' to be added to a passdb backend
+ using smbpasswd or pdbedit (bug 624).
+54) Save LDFLAGS during iconv detection (bug 57).
+55) Run krb5 logins through the username map if the winbindd
+ lookup fails (bug 698).
+56) Add const for lp_set_name_resolve_order() to avoid compiler
+ warnings (bug 471).
+57) Add support for the %i macro in smb.conf to stand in for the for
+ the local IP address to which a client connected.
+58) Allow winbindd to match local accounts to domain SID when
+ 'winbind trusted domains only = yes' (bug 680).
+59) Remove code in idmap_ldap that searches the user suffix and group
+ suffix. It's not needed and provides inconsistent functionality
+ from the tdb backend.
+60) Patch to handle munged dial string for Windows 200 TSE.
+61) Correct the "smbldap_open: cannot access when not root error"
+ messages when looking up group information (bug 281).
+
+
+
+Changes since 3.0.0
+-------------------
+
+Modified parameters
+ * mangled map (deprecated)
+
+Removed Parameters
+ * mangled stack (unused)
+
+
+1) Change the interface for init_unistr2 to not take a length
+ but a flags field. We were assuming that
+ 2*strlen(mb_string) == length of ucs2-le string. (bug 480).
+2) Allow d_printf() to handle strings with escaped quotation
+ marks since the msg file includes the escape character (bug 489).
+3) Fix bad html table row termination in SWAT wizard code (bug 413).
+4) Fix to parse the level-2 strings.
+5) Fix for "valid users = %S" in [homes]. Fix read/write
+ list as well.
+6) Change AC_CHECK_LIB_EXT to prepend libraries instead of append.
+ This is the same way AC_CHECK_LIB works (bug 508).
+7) Testparm output fixes for clarity.
+8) Fix broken wins hook functionality -- i18n bug (bug 528).
+9) Take care of condition where DOS and NT error codes must differ.
+10) Default to using only built-in charsets when a working iconv
+ implementation cannot be located.
+11) Wrap internals of sys_setgroups() so the sys_XX() call can
+ be done unconditionally (bug 550).
+12) Remove duplicate smbspool link on SWAT's front page (bug 541).
+13) Save and restore CFLAGS before/after AC_PROG_CC. Ensures that
+ --enable-debug=[yes|no] works correctly.
+14) Allow ^C to interrupt smbpasswd if using our getpass
+ (e.g. smbpasswd command).
+15) Support signing only on RPC's (bug 167).
+16) Correct bug that prevented Excel 2000 clients from opening
+ files marked as read-only.
+17) Portability fix bugs 546 - 549).
+18) Explicitly initialize the value of AR for vendor makes that don't
+ do this (e.g. HPUX 11). (bug 552).
+19) More i18n fixes for SWAT (bug 413).
+20) Change the cwd before the postexec script to ensure that a
+ umount will succeed.
+21) Correct double free that caused winbindd to crash when a DC
+ is rebooted (bug 437).
+22) Fix incorrect mode sum (bug 562).
+23) Canonicalize SMB_INFO_ALLOCATION in the same was as
+ SMB_FS_FULL_SIZE_INFORMATION (bug 564).
+24) Add script to generate *msg files.
+25) Add Dutch SWAT translation file.
+26) Make sure to call get_user_groups() with the full winbindd
+ name for a user if he/she has one (bug 406).
+27) Fix up error code returns from Samba4 tester. Ensure invalid
+ paths are validated the same way.
+28) Allow Samba3 to pass the Samba4 RAW-READ tests.
+29) Refuse to configure if --with-expsam=$BACKEND was used but no
+ libraries were found for $BACKEND.
+30) Move sysquotas autoconf tests to a separate file.
+31) Match W2K w.r.t. writelock and writeclose. Samba4 torture
+ tester
+32) Make sure that the files that contain the static_init_$subsystem;
+ macro get recompiled after configure by removing the object
+ files.
+33) Ensure canceling a blocking lock returns the correct error
+ message.
+34) Match Samba 2.2, and make ACB_NORMAL the default ACB value.
+
+
+
+######################################################################
+
+ =======================================
+ The original 3.0.0 release notes follow
+ =======================================
Major new features:
join a ADS realm as a member server and authenticate
users using LDAP/Kerberos.
-2) Unicode support. Samba will now negotiate UNICODE on the wire and
- internally there is now a much better infrastructure for multi-byte
- and UNICODE character sets.
+2) Unicode support. Samba will now negotiate UNICODE on the wire
+ and internally there is now a much better infrastructure for
+ multi-byte and UNICODE character sets.
-3) New authentication system. The internal authentication system has
- been almost completely rewritten. Most of the changes are internal,
- but the new auth system is also very configurable.
+3) New authentication system. The internal authentication system
+ has been almost completely rewritten. Most of the changes are
+ internal, but the new auth system is also very configurable.
4) New default filename mangling system.
6) Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
-7) Better Windows 2000/XP/2003 printing support including publishing
+7) Better Windows 2000/XP/2003 printing support including publishing
printer attributes in active directory.
-8) New loadable module support for passdb backends and
- character sets.
+8) New loadable module support for passdb backends and character
+ sets.
9) New default dual-daemon winbindd support for better performance.
14) Full support for client and server SMB signing to ensure
compatibility with default Windows 2003 security settings.
+15) Improvement of ACL mapping features based on code donated by
+ Andreas Grünbacher.
+
+
Plus lots of other improvements!
License.
-######################################################################
-Changes since 3.0rc1
-####################
-
-Please refer to the CVS log for the SAMBA_3_0 branch for complete
-details:
-
-1) Add levels 261 and 262 to search. Found using Samba4 tester.
-2) Correct bad error return code in session setup reply
-3) Fix bug where smbd returned DOS error codes from SMBsearch
- even when NT1 protocol was negotiated.
-4) Implement SMBexit properly.
-5) Return group lists from a Samba PDC to a Windows 9x/ME box
- in implementing user level access control (bug 314).
-6) Prevent SWAT from crashing when adding shares (bug 254)
-7) Fix various documentation issues (bugs 304 & 214)
-8) Fix wins server listing in SWAT (bug 197)
-9) Fix problem in rpcclient that caused enumerating printer
- drivers to report failure (bug 294).
-10) Use kerberos 5 authentication in our client code whenever possible
-11) Fix schannel bug that caused Active Directory DC's to downgrade our
- machine account to an NT member.
-12) Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAIN call (bug 252).
-13) Implement automatic generation of include/version.h
-14) Include initial version of smbldap-tool scripts for the Samba
- 3.0 schema.
-15) Implement numerous fixes for multi-byte character strings.
-16) Enable 'unix extensions' parameter by default.
-17) Make sure we set the SID type when falling back to the rid
- algorithm (bug 245).
-18) Correct linking problems with pam_smbpass (bug 327).
-19) Add SYSV defines for Irix and Solaris to ensure the 'printing'
- parameter default to the correct value (bug 230)
-20) Fix recursion bug in alloc_string_sub() (bug 289, et. al.)
-21) Ensure that 'make install' includes the static and shared
- versions of the libsmbclient libraries.
-22) Add CP850 and CP437 internal character set support (bug 150).
-23) Add support to examples/LDAP/convertSambaAccount for generating
- LDIF modify files instead of just add (303).
-24) Fix support for -W option in smbclient (bug 39)
-25) Remove 'ldap trust ids' parameter since it could not be supported
- by the current architecture.
-26) Don't crash when no argument is given to -T in smbclient (bug 345).
-27) Ensure smbadduser contains the same paths for the smbpasswd file
- as the other Samba tools (bug 290).
-28) Port of 'available = no' fix for [homes] from SAMBA_2_2 cvs tree.
-29) Add sanity checks to DeletePrinterData[Ex]() and ensure that the
- modified printer is written to disk.
-30) Force winbindd to periodically update the trusted domain cache.
-31) Remove outdated import/export script to convert an smbpasswd file
- to and from and LDAP directory. Use the pdbedit tool instead.
-32) Ensure that %U substitution is restored on next valid packet
- if a logon fails.
-
-
-
-
-Changes since 3.0beta3
-######################
-
-1) Various memory leak fixes.
-2) Provide full support for SMB signing (server and client)
-3) Check for broken getgrouplist() in glibc.
-4) Don't get stuck in an infinite loop listing directories
- recursively if the server returns an empty directory name
- (bug 222).
-5) Idle LDAP connections after 150 seconds.
-6) Patched make uninstallmodules (bug 236).
-7) Fix bug that caused smbd to return incomplete directory listings
- when UNIX files contained MS wildcard characters.
-8) Quiet default debug messages in command line tools.
-9) Fixes to avoid panics on invalid multi-byte strings.
-10) Fix error messages when creating a new smbpasswd file (bug 198).
-11) Implemented better detection routines in autoconf scripts for
- locating ads support on the host OS.
-12) Fix bug that caused libraries in /usr/local/lib to be ignored
- (bug 174).
-13) Ensure winbindd_ads uses the correct realm or domain name when
- connecting to trusted DC.
-14) Ensure a correct prototype is created for snprintf() (bug 187)
-15) Stop files being created on read-only shares in some circumstances.
-16) Fix wbinfo -p (bug 251)
-17) Support schannel on any tcp/ip connection if necessary
-18) Correct bug in user_in_list() so that it works with winbind groups
- again.
-19) Ensure the schannel bind credentials default to the domain
- of the destination host.
-20) Default password expiration time in account_pol.tdb to never
- expire. Remove any existing account_pol.tdb file to reset
- the new default policy (bug 184).
-21) Add buttons to SWAT to change the view of smb.conf (bug 212)
-22) Fix incorrect checks that determine whether or not the 'add user
- script' has been set.
-23) More cleanup for internal character set conversions.
-24) Fixes for multi-byte strings in stat cache code.
-25) Ensure that the net command honors the 'workgroup' parameter
- in smb.conf when not overridden from the command line.
-26) Add gss-spnego support to the ntlm_auth tool.
-27) Add vfs_default_quota VFS module.
-28) Added server support for NT quota interfaces.
-29) Prevent Krb5 replay attacks by adding a replay_cache.
-30) Fix problems with winbindd and transitive trusts in AD domains.
-31) Added -S to client tools for setting SMB signing options on the
- command line.
-32) Fix bug causing the 'passwd change program' to be called as the
- connected user and not root.
-33) Fixed data corruption bug in byte-range locking (e.g. affected MS Excel).
-34) Support winbindd on FreeBSD is possible.
-35) Look at only the first OID in the security blob sent in the session
- setup request to determine the token type.
-36) Only push locks onto a blocking lock queue if the posix lock failed with
- EACCES or EAGAIN (this means another lock conflicts). Else return an
- error and don't queue the request.
-37) Fix command line argument processing for smbtar.
-38) Correct issue that caused smbd to return generic unix_user.<uid>
- for lookupsid().
-39) Default to algorithmic mapping when generating a rid for a group
- mapping.
-40) Expand %g and %G in logon script, profile path, etc... during
- a domain logon (bug 208).
-41) Make sure smbclient obeys '-s <config>'
-42) Added win2k3 shadow copy operations to VFS interface.
-43) Allow connections to samba domain member as SERVER\user (don't
- always default to DOMAIN\user).
-44) Remove checks in winbindd that caused it to attempt to use
- non-transitive trust relationships.
-45) Remove delays in winbindd caused by invalid DNS lookups.
-46) Fix supplementary group memberships on systems with slightly
- broken NSS implementations (bug 267).
-47) Correct issue that prevented smbclient from viewing shares on
- a win2k server when using a non-anonymous connection (bug 284).
-48) Add --domain=DOMAIN_NAME to wbinfo for limiting operations like
- 'wbinfo -u' to a single domain. The '.' character represents
- our domain.
-49) Fix group enumeration bug when using an LDAP directory for
- storing group mappings.
-50) Default to use NTLMv2 if available. Fallback to not use LM/NTLM
- when the extended security capability bit is not set.
-51) Fix crash in 'wbinfo -a' when using extended characters in the
- username (bug 269).
-52) Fix multi-byte strupper() panics (bug 205).
-53) Add vfs_readonly VFS module.
-54) Make sure to initialize the sambaNextUserRid and sambaNextGroupRid
- attributes when using 'idmap backend = ldap' (bug 280).
-55) Make sure that users shared between a Samba PDC and member
- samba server are seen as domain users and not local users on the
- domain member.
-56) Fix Query FS Info level 2.
-57) Allow enumeration of users and groups by win9x "file server" (bug
- 286).
-58) Create symlinks during install for modules that support mutliple
- functions (bug 91).
-59) More iconv detection fixes.
-60) Fix path length error in vfs_recycle module (bug 291).
-61) Added server support for the LSA_DS UUID on the \lsarpc pipe.
- (server DsRoleGetPrimaryDomainInfo() is currently disabled).
-62) Fix SMBseek and get/set position calls.
-62) Fix SetFileInfo level 1.
-63) Added tool to convert smbd log file to a pcap file (log2pcaphex).
-
-
-
-Changes since 3.0beta2
-######################
-
-1) Added fix for Japanese case names in statcache code;
- these can change size on upper casing.
-2) Correct issues with iconv detection in configure script
- (support needed to find iconv libraries on FreeBSD).
-3) Fix bug that caused a WINS server to be marked as dead
- incorrectly (bug #190).
-4) Removing additional deadlocks conditions that prevented
- winbindd from running on a Samba PDC (used for trust
- relationships).
-5) Add support for searching for Active Directory for
- published printers (net ads printer search).
-6) Separate UNIX username from DOMAIN\username in pipe
- credentials.
-7) Auth modules now support returning NT_STATUS_NOT_IMPLEMENTED
- for cases that they cannot handle.
-8) Flush winbindd connection cache when the machine trust account
- password is changed while a connection is open (bug #200).
-9) Add support for 'OSVersion' server printer data string
- (corrects problem with uploading printer drivers from
- WinXP clients).
-10) Numerous memory leak fixes.
-11) LDAP fixes ("passdb backend = ldapsam" & "idmap backend = ldap"):
- - Store domain SID in LDAP directory.
- - store idmap information in existing entries (use sambaSID=...
- if adding a new entry).
-12) Fix incorrect usage of primary group SID when looking up user
- groups (bug #109).
-13) Remove idmap_XX_to_XX calls from smbd. Move back to the the
- winbind_XXX and local_XXX calls used in 2.2.
-14) All uid/gid allocation must involve winbindd now (we do not
- attempt to map unknown SIDs to a UNIX identify).
-15) Add 'winbind trusted domains only' parameter to force a domain
- member. The server to use matching users names from /etc/passwd
- for its domain (needed for domain member of a Samba domain).
-16) Rename 'idmap only' to 'enable rid algorithm' for better clarity
- (defaults to "yes").
-17) Add support for multi-byte statcache code (bug #185)
-18) Fix open mode race condition.
-19) Implement winbindd local account management functions. Refer to
- the "Winbind Changes" section for details.
-20) Move RID allocation functions into idmap backend.
-21) Fix parsing error that prevented publishing printers from a
- Samba server in an AD domain.
-22) Revive NTLMSSP support for named pipes.
-23) More SCHANNEL fixes.
-24) Correct SMB signing with NTLMSSP.
-25) Fix coherency bug in print handle/printer object caching code
- that could cause XP clients to infinitely loop while updating
- their local printer cache.
-26) Make winbindd use its dual-daemon mode by default (use -Y to
- start as a single process).
-27) Add support to nmbd and winbindd for 'smbcontrol <pid>
- reload-config'.
-28) Correct problem with smbtar when dealing with files > 8Gb
- (bug #102).
-
-
-
-Changes since 3.0beta1
-######################
-
-1) Rework our smb signing code again, this factors out some of
- the common MAC calculation code, and now supports multiple
- outstanding packets (bug #40).
-2) Enforce 'client plaintext auth', 'client lanman auth' and 'client
- ntlmv2 auth'.
-3) Correct timestamp problem on 64-bit machines (bug #140).
-4) Add extra debugging statements to winbindd for tracking down
- failures.
-5) Fix bug when aliased 'winbind uid/gid' parameters are used.
- ('winbind uid/gid' are now replaced with 'idmap uid/gid').
-6) Added an auth flag that indicates if we should be allowed
- to fall back to NTLMSSP for SASL if krb5 fails.
-7) Fixed the bug that forced us not to use the winbindd cache when
- we have a primary ADS domain and a secondary (trusted) NT4
- domain.
-8) Use lp_realm() to find the default realm for 'net ads password'.
-9) Removed editreg from standard build until it is portable..
-10) Fix domain membership for servers not running winbindd.
-11) Correct race condition in determining the high water mark
- in the idmap backend (bug #181).
-12) Set the user's primary unix group from usrmgr.exe (partial
- fix for bug #45).
-13) Show comments when doing 'net group -l' (bug #3).
-14) Add trivial extension to 'net' to dump current local idmap
- and restore mappings as well.
-15) Modify 'net rpc vampire' to add new and existing users to
- both the idmap and the SAM. This code needs further testing.
-16) Fix crash bug in ADS searches.
-17) Build libnss_wins.so as part of nsswitch target (bug #160).
-18) Make net rpc vampire return an error if the sam sync RPC
- returns an error.
-19) Fail to join an NT 4 domain as a BDC if a workstation account
- using our name exists.
-20) Fix various memory leaks in server and client code
-21) Remove the short option to --set-auth-user for wbinfo (-A) to
- prevent confusion with the -a option (bug #158).
-22) Added new 'map acl inherit' parameter.
-23) Removed unused 'privileges' code from group mapping database.
-24) Don't segfault on empty passdb backend list (bug #136).
-25) Fixed acl sorting algorithm for Windows 2000 clients.
-26) Replace universal group cache with netsamlogon_cache
- from APPLIANCE_HEAD branch.
-27) Fix autoconf detection issues surrounding --with-ads=yes
- but no Krb5 header files installed (bug #152).
-28) Add LDAP lookup for domain sequence number in case we are
- joined using NT4 protocols to a native mode AD domain.
-29) Fix backend method selection for trusted NT 4 (or 2k
- mixed mode) domains.
-30) Fixed bug that caused us to enumerate domain local groups
- from native mode AD domains other than our own.
-31) Correct group enumeration for viewing in the Windows
- security tab (bug #110).
-32) Consolidate the DC location code.
-33) Moved 'ads server' functionality into 'password server' for
- backwards compatibility.
-34) Fix winbindd_idmap tdb upgrades from a 2.2 installation.
- ( if you installed beta1, be sure to
- 'mv idmap.tdb winbindd_idmap.tdb' ).
-35) Fix pdb_ldap segfaults, and wrong default values for
- ldapsam_compat.
-36) Enable negative connection cache for winbindd's ADS backend
- functions.
-37) Enable address caching for active directory DC's so we don't
- have to hit DNS so much.
-38) Fix bug in idmap code that caused mapping to randomly be
- redefined.
-39) Add tdb locking code to prevent race condition when adding a
- new mapping to idmap.
-40) Fix 'map to guest = bad user' when acting as a PDC supporting
- trust relationships.
-41) Prevent deadlock issues when running winbindd on a Samba PDC
- to handle allocating uids & gids for trusted users and groups
-42) added LOCALE patch from Steve Langasek (bug #122).
-43) Add the 'guest' passdb backend automatically to the end of
- the 'passdb backend' list if 'guest account' has a valid
- username.
-44) Remove samstrict_dc auth method. Rework 'samstrict' to only
- handle our local names (or domain name if we are a PDC).
- Move existing permissive 'sam' method to 'sam_ignoredomain'
- and make 'samstrict' the new default 'sam' auth method.
-45) Match Windows NT4/2k behavior when authenticating a user with
- and unknown domain (default to our domain if we are a DC or
- domain member; default to our local name if we are a
- standalone server).
-46) Fix Get_Pwnam() to always fall back to lookup 'user' if the
- 'DOMAIN\user' lookup fails. This matches 2.2. behavior.
-47) Fix the trustdom_cache code to update the list of trusted
- domains when operating as a domain member and not using
- winbindd.
-48) Remove 'nisplussam' passdb backend since it has suffered for
- too long without a maintainer.
-
-
-
-
######################################################################
Upgrading from a previous Samba 3.0 beta
########################################
* domain guest group
* force unknown acl user
* nt smb support
- * post script
+ * postscript
* printer driver
* printer driver file
* printer driver location
* status
+ * strip dot
* total print jobs
* use rhosts
* valid chars
General Configuration
---------------------
* preload modules
- * privatedir
+ * private dir
Modified Parameters (changes in behavior):
upgrade databases as they are opened (if necessary), but downgrading
from 3.0 to 2.2 is an unsupported path.
-Name Description Backup?
----- ----------- -------
-account_policy User policy settings yes
-gencache Generic caching db no
-group_mapping Mapping table from Windows yes
- groups/SID to unix groups
-winbindd_idmap ID map table from SIDS to UNIX yes
- uids/gids.
-namecache Name resolution cache entries no
-netsamlogon_cache Cache of NET_USER_INFO_3 structure no
- returned as part of a successful
- net_sam_logon request
-printing/*.tdb Cached output from 'lpq no
- command' created on a per print
- service basis
-registry Read-only samba registry skeleton no
- that provides support for exporting
- various db tables via the winreg RPCs
+Name Description Backup?
+---- ----------- -------
+account_policy User policy settings yes
+gencache Generic caching db no
+group_mapping Mapping table from Windows yes
+ groups/SID to unix groups
+winbindd_idmap ID map table from SIDS to UNIX yes
+ uids/gids.
+namecache Name resolution cache entries no
+netsamlogon_cache Cache of NET_USER_INFO_3 structure no
+ returned as part of a successful
+ net_sam_logon request
+printing/*.tdb Cached output from 'lpq no
+ command' created on a per print
+ service basis
+registry Read-only samba registry skeleton no
+ that provides support for exporting
+ various db tables via the winreg RPCs
Changes in Behavior
Known Issues
############
-* The smbldap perl scripts for managing user entries in an LDAP
- directory have not be updated to function with the Samba 3.0
- schema changes. This (or an equivalent solution) work is planned
- to be completed prior to the stable 3.0.0 release.
+* There are several bugs currently logged against the 3.0 codebase
+ that affect the use of NT 4.0 GUI domain management tools when run
+ against a Samba 3.0 PDC. This bugs should be released in an early
+ 3.0.x release.
Please refer to https://bugzilla.samba.org/ for a current list of bugs
filed against the Samba 3.0 codebase.
A new bugzilla installation has been established to help support the
Samba 3.0 community of users. This server, located at
-https://bugzilla.samba.org/, will replace the existing jitterbug server
-and the old http://bugs.samba.org now points to the new bugzilla server.
+https://bugzilla.samba.org/, has replaced the older jitterbug server
+previously located at http://bugs.samba.org/.
git.samba.org / jra / samba / .git / blobdiff