-What's new in Samba 4 Technology Preview
-========================================
+What's new in Samba 4 alpha4
+============================
Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
-Samba 4 is currently not yet in a state where it is usable in
-production environments. Note the WARNINGS below, and the STATUS file,
-which aims to document what should and should not work.
-
-With 3 years of development under our belt since Tridge first proposed
-a new Virtual File System (VFS) layer for Samba3 (a project which
-eventually lead to our Active Directory efforts), it was felt that we
-should create something we could 'show off' to our users. This is a
-Technology Preview (TP), aimed at allowing users, managers and
-developers to see how we have progressed, and to invite feedback and
-support.
+Samba4 alpha4 follows on from the alpha release series we have been
+publishing since September 2007
WARNINGS
========
-Samba4 TP is currently a pre-alpha technology. It may eat your cat, but
-is far more likely to choose to munch on your password database. We
-recommend against upgrading any production servers from Samba 3 to
-Samba 4 at this stage. If you are upgrading an experimental server,
-you should backup all configuration and data.
-
-We expect that format changes will require that the user database be
-rebuilt from scratch a number of times before we make a final release,
-losing password data each time.
+Samba4 alpha4 is not a final Samba release. That is more a reference
+to Samba4's lack of the features we expect you will need than a
+statement of code quality, but clearly it hasn't seen a broad
+deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
+Samba4, you would find many things work, but that other key features
+you may have relied on simply are not there yet.
-Samba 4 Technology Preview includes basic Access Control List (ACL)
-protection on the main user database, but due to time constraints,
-none on the registry at this stage. We also do not currently have
-ACLs on the SWAT web-based management tool. This means that Samba 4
-Technology Preview is not secure.
+For example, while Samba 3.0 is an excellent member of a Active
+Directory domain, Samba4 is happier as a domain controller, and it is
+in this role where it has seen deployment into production.
-File system access should occur as the logged in user, much as Samba3
-does.
+Samba4 is subjected to an awesome battery of tests on an
+automated basis, we have found Samba4 to be very stable in it's
+behaviour. We have to recommend against upgrading production servers
+from Samba 3 to Samba 4 at this stage, because there may be the features on
+which you may rely that are not present, or the mapping of
+your configuration and user database may not be complete.
-Again, we strongly recommend against use in a production environment
-at this stage.
+If you are upgrading, or looking to develop, test or deploy Samba4, you should
+backup all configuration and data.
NEW FEATURES
============
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.
-SWAT is now integrated into Samba 4 as the user-friendly interface to
-Samba server management. SWAT provides easy access to our
-setup and migration tools. Using SWAT, you can migrate windows
-domains in Samba 4, allowing easy setup of initial user databases, and
-upgrades from Samba 3.
-
The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations. This includes file
VFS is backed with an extensive automated test suite.
A new scripting interface has been added to Samba 4, allowing
-JavaScript programs to interface to Samba's internals.
+Python programs to interface to Samba's internals.
The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends. One of the backends supports
We are aiming for Samba 4 to be powerful frontend to large
directories.
+CHANGES SINCE Alpha4
+=====================
+
+In the time since Samba4 Alpha4 was released in June 2008, Samba has
+continued to evolve, but you may particularly notice these areas:
+
+(TODO: update list when closer to a release)
+
+ Python Bindings: Bindings for Python are now used for all internal
+ scripting, and the system python installation is used to run all
+ Samba python scripts (in place of smbpython found in the previous
+ alpha).
+
+ As such Python is no longer optional, and configure will generate an
+ error if it cannot locate an appropriate Python installation.
+
+ SWAT Remains Disabled: Due to a lack of developer time and without a
+ long-term web developer to maintain it, the SWAT web UI remains been
+ disabled (and would need to be rewritten in python in any case).
+
+ GNU Make: To try and simplfy our build system, we rely on GNU Make
+ to avoid autogenerating a massive single makefile.
+
+ Registry: Samba4's registry library has continued to improve.
+
+ ID mapping: Samba4 uses the internal ID mapping in winbind for all
+ but a few core users. Samba users should not appear in /etc/passwd,
+ as Samba will generate new user and group IDs regradless.
+
+ NTP: Samba4 can act as a signing server for the ntp.org NTP deamon,
+ allowing NTPd to reply using Microsoft's non-standard signing
+ scheme. A patch to make NTPd talk to Samba for this purpose has
+ been submitted to the ntp.org project.
+
+ CLDAP: Users should experience less arbitary delays and more success with
+ group policy, domain joins and logons due to an improved
+ implementation of CLDAP and the 'netlogon' mailslot datagrams.
+
+ SMB2: The Samba4 SMB2 server and testsuite have been greatly
+ improved, but the SMB2 server remains off by default.
+
+ Secure DNS update: Configuration for GSS-TSIG updates of DNS records
+ is now generated by the provision script.
+
+These are just some of the highlights of the work done in the past few
+months. More details can be found in our GIT history.
+
+
CHANGES
=======
Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.
- - An optional password is no longer supported as the second argument to
- smbclient.
-
- - The default location of smb.conf in non-FHS builds has changed from the
- PREFIX/lib directory to the PREFIX/etc directory.
-
KNOWN ISSUES
============
-- Standalone server and domain member roles are not currently
- supported. While we have much of the infrastructure required, we
- have not collected these pieces together.
+- Domain member support is in it's infancy, and is not comparable to
+ the support found in Samba3.
- There is no printing support in the current release.
-- SWAT can be painful with <TAB> and forms. Just use the mouse, as
- the JavaScript layer doing this will change.
+- There is no netbios browsing support in the current release
+
+- The Samba4 port of the CTDB clustering support is not yet complete
+
+- Clock Synchronisation is critical. Many 'wrong password' errors are
+ actually due to Kerberos objecting to a clock skew between client
+ and server. (The NTP work is partly to assist with this problem).
-- Domain logons (using Kerberos) from windows clients incorrectly
- state that the password expires today.
+- Samba4 alpha4 is currently only portable to recent Linux
+ distributions. Work to return support for other Unix varients is
+ expected during the next alpha cycle
+
+- Samba4 alpha4 is incompatible with GnuTLS 2.0, found in Fedora 9 and
+ recent Ubuntu releases. GnuTLS use may be disabled using the
+ --disable-gnutls argument to ./configure. (otherwise 'make test' and
+ LDAPS operations will hang).
RUNNING Samba4
==============
DEVELOPMENT and FEEDBACK
========================
-Bugs can be filed at https://bugzilla.samba.org/. Please
-look at the STATUS file before filing a bug to see if a particular
-is supposed to work yet.
+Bugs can be filed at https://bugzilla.samba.org/ but please be aware
+that many features are simply not expected to work at this stage.
+
+The Samba Wiki at http://wiki.samba.org should detail some of these
+development plans.
Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).
-
git.samba.org / kai / samba-autobuild / .git / blobdiff