last touches on release notes

[kai/samba.git] / WHATSNEW.txt

                 WHATS NEW IN Samba 3.0 alpha21
                 ===============================

This is a pre-release of Samba 3.0. This is NOT a stable release.
Use at your own risk.

The purpose of this alpha release is to get wider testing of the major
new pieces of code in the current Samba 3.0 development tree. We have 
officially ceased development on the 2.2.x release of Samba and are 
concentrating on Samba 3.0. To reduce the time before the final Samba 3.0 
release we need as many people as possible to start testing these alpha 
releases, and hopefully giving us some high quality feedback on what needs 
fixing.

Note that Samba 3.0 is not feature complete yet. There is a more
coding we have planned, but unless we get what we have done already more 
widely tested we will have a hard time doing a stable release in a 
reasonable time frame.

Major new features:
-------------------

- Active Directory support. This release is able to join a ADS realm
  as a member server and authenticate users using LDAP/kerberos. 

- Unicode support. Samba will now negotiate UNICODE on the wire and
  internally there is now a much better infrastructure for multi-byte
  and UNICODE character sets.

- New authentication system. The internal authentication system has
  been almost completely rewritten. Most of the changes are internal,
  but the new auth system is also very configurable. 

- new filename mangling system. The filename mangling system has been
  completely rewritten. An internal database now stores mangling maps
  persistently. This needs lots of testing.

- new "net" command. A new "net" command has been added. It is
  somewhat similar to the "net" command in windows. Eventually we plan
  to replace a bunch of other utilities (such as smbpasswd) with
  subcommands in "net", at the moment only a few things are
  implemented.

- Samba now negotiates NT-style status32 codes on the wire. This
  improves error handling a lot.

- better w2k printing support. The support for printing from win2000
  clients has improved greatly.

Plus lots of other changes!


Reporting bugs & Development Discussion
---------------------------------------

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.openprojects.net

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.


Removed Parameters
------------------

  * postscript
  * printer driver
  * printer driver location
  * printer driver file

Added Parameters
---------------

  * ldap trust ids
  * acl compatibility
  * mangle prefix


Modified Parameters
-------------------

  * restrict anonymous
  * password server


Changes in alpha21:

 See cvs log for SAMBA_3_0 for complete details.  There are many
 smaller numerous changes that would clutter the release notes.

1)  Numerous documentation updates including new Samba FAQ
2)  Fixed logic error in checking wins server lists
3)  Added more Solaris sendfile checks
4)  Added --with-ldapsam for compatibility with 2.2.x Samba/LDAP setups
5)  Add new client side support the Win2k LSARPC UUID in rpcbinds
    Detect a native mode Win2k DC when in "security = domain"
6)  Include Domain Local Groups in listing when a member of a native
    mode Win2k domain
7)  Fix ACL inheritance problem
8)  Register <0x1c> name on unicast subnet
9)  Removed stat() call in lp_add_home()
10) Change default of max_xmit to match W2K. Ensure NT negprot uses it
11) Merge the new ACL mapping code from Andreas Gruenbacher
12) Removed make_printerdef tool from build
13) Fix fd leak on printer queue tdb's
14) Better error/status loggin in both the pam_winbind client and
    winbindd_pam
15) Fix fd leak with kernel change notify
16) Fix slowdown because of enumerating all print queues on every smbd startup
17) Fix --set-auth-user command to delete entries from the secrets file
    when an empty username/password is passed on the command line
18) Added --get-auth-user to wbinfo for displaying account information
    used to enumerate users and groups
19) Numerous updates for 'net rpc vampire' to migrate from an NT 4.0 Domain
20) Merge of scalable printing code from APP_HEAD
21) Numerous changes the passdb layer
22) More work on printer publishing in Active Directory
23) Enable "make modules" to build VFS libraries
24) Enable print notify messages on printer attributes from smbcontrol
25) Enable auto lookup of domain controllers when adding '*' to
    "password server" parameter.  Allows to have preferred list
    of DC's, but not authoritative (e.g. password server = DC1 DC2 *)



                 ===============================

Changes in older alpha releases follow:

---------------------------------------------------------------------

Changes in alpha20:

1)   Rework the 'guest account gets RID 501' code again...
2)   Change to use NT-based session key negotiated for Win2k SPNEGO
3)   Support printer data registry keys other than the default
     PrinterDriverData
4)   Moved internal printerdata to REGISTRY_VALUE object
5)   Corrected bug in dependentfiles list of DRIVER_INFO_3
6)   fixed logic bug in blocking locks code
7)   Updated registry api code to work with new printer data key
     support
8)   Added vfstest tool
9)   round lock timeouts in lockingX upwards to multiples of 1 second
10)  Fixed bugs in Printer Change Notify code
11)  added a 'net ads lookup' command that does a CLDAP NetLogon
     query to a win2000 server
12)  Added script to find undocumented smb.conf parameters
13)  Added missing parameters to smb.conf(5)
14)  receive & parse main CLDAP reply from win2k server
15)  removed "admin log" & "alternate permissions" parameters from smb.conf
16)  added a generic print_guid utility, and get the byte order handing
17)  fixed memory corruption in cli_full_connection()
18)  remove unused 'max packet' and 'packet size' options
19)  add support for the "value,OID" format described in MSDN for Printer
     Data values
20)  moves NT_TOKEN generation into our authentication code
21)  Update documentation build system
22)  Several fixes for IRIX compiler
23)  Correctly handle "max data count" value in smb transacts
24)  Fix for permissions error when adding/modifying using a Print
     server handle
25)  Fix pam_smbpass to always check the return value of pdb_getsampwnam()
26)  Use the 'init' flag to determine if the UID is set, rather than testing
     the uid for -1
27)  Cope with non-unix accounts ) we just won't get the groups for those users
28)  Add 'net rpc getsid' to fetch the PDC's SID into the local secrets.tdb.
     Print domain SID on 'net rpc info'
29)  don't use lp_passwd_file() to retrieve NIS domain name, but use location
     instead
30)  Various POSIX compatibility fixes
31)  Show only non-default values in testparm
32)  Fix longstanding bug in Win2k clients by clearing the shortname
     buffer before returning ascii short name.
33)  Add example backtrace script
34)  Added NETLOGON NetServerAuthenticate3 include and parser file
35)  fix for difference in strsep and strtok semantics in nmbd
36)  Ensure we don't change to a user that we can't get an NT_TOKEN for
37)  Put back in BDC support in set_server_role()
38)  added a 'net rpc samdump' command for dumping the whole sam via
     samsync operations (as a BDC)
39)  don't use spnego in the client unless enabled in smb.conf
40)  Added some new delta types discovered by Ronnie from ethereal
41)  Cope with negative cache dns entries better
42)  do not expose special files, only files, directories and links
43)  attempts to simplify Samba's external lib dependencies
44)  support non-root-mode systems without getgrouplist()
45)  Some fixes for SMB signing
46)  Pass the object name down to the enum_printers client rpc
47)  add the netatalk VFS module
48)  Ensure we have at least smb_size bytes before processing a packet
49)  Allow us to "lock" printer tdb entries in memory to stop them being
     re-used as cache
50)  fix 2 byte alignment/offset bug that prevented Win2k/XP clients
     from receiving all the printer data in EnumPrinterDataEx()
51)  Add option to compile new sam system can be enabled with the
     configure option --with-sam
52)  Added SGML/DocBook version of developer oriented docs to build process
53)  Return correct FILE_SUPERSEDED response
54)  Added example sam module (skeleton)
55)  Add plugin support for the sam system (based on passdb code)
56)  show builtin groups in samdump
57)  Adding samtest utility used to test sam backends
58)  fix connecting to a BDC when the PDC is down but in WINS and no bcast
     can be used to find a BDC
58)  convert the LDAP/SASL code to use GSS-SPNEGO if possible
59)  added cli_net_auth_3 client code
60)  merge of phant0m key fix from APP_HEAD
61)  allow rpcclient's samlogon command to use cli_net_3()
62)  Added attribute specific OPEN tests
63)  Fix bug with stat mode open being done on read-only open with
     truncate
64)  Add lots of const casts to function parameters
65)  Implemented some more client side spoolss functions
66)  usrmgr expects UNICODE as ProductType
67)  Change JOB_INFO_CTR to return a pointer to an array rather than array of
     pointers in client code
68)  Various NTLMSSP fixes
69)  fixed crash bug in cli_connection code
70)  DeletePrinterDriver[Ex]() fixes from APP_HEAD
71)  remove some inet_aton() calls for portability
72)  Set default ACB attributes on 'unixsam' accounts
73)  Add bcast_msg_flags to connection struct
74)  aggregate change notify events in the smbd sender and when transmitting
75)  Added better error code on out of space in printer spool directory
76)  Removed total jobs check ) not applicable any more
77)  fixed bug in share enumeration RPC code
78)  extend the ADS_STATUS system to include NTSTATUS
79)  commit trusted domain patch n+3
80)  remove block VFS module
81)  restrict readline headers to readline.c
82)  merge of various recycle bin VFS patches
83)  Winbind client-side cleanups
84)  change parametric option name to vfs_recycle_bin it is more
     sane and do not pollute standard options namespace too much
85)  added --enable-python configure option for building the samba-python
     unit tests
86)  correct trans2 bugs in client for enumerating files/directories
87)  Re-add OS/2 EA error codes
88)  Added patch for required attributes in directory listings to reply code
89)  Fix browse synchronization bug by noticing that W2K DMB's return empty
     NetServerEnum2 on port 445, but not on port 139
90)  Fix semantics of AbortPrinter() spoolss call in server code
91)  Ensure we've failed a lock with a lock denied message before automatically
     pushing it onto the blocking queue
92)  Added experimental sendfile code
93)  Initialize user_rid value in WINBIND_USERINFO structure returned by
     the rpc version of query_user()
94)  added gencache implementation
95)  Merge the cli_shutdown change from 2_2
96)  Fixes for DeletePrinterDriverEx()
97)  Fixed alignment error in spoolss code
98)  Changed Major/Minor version info reported to Server Manager to 4.9
99)  Applied new display mode FLAGS for SWAT
100) Update to add DEVELOPER option to more parameters
101) Added --with-ads option, defaults to yes
102) Added --with-ldap option to configure
103) Add clock skew handling to our kerberos code
104) correct race condition in password change code for out machine account
     when a member of a domain
105) First implementation for 'net rpc vampire'
106) store current handle's Device Mode with print job
107) Move functionality to check whether entries for lp_workgroup() and
     "BUILTIN" exist and add them if necessary from check_correct_backend_entries
     into sam_context_check_default_backends
108) allow --with-krb5 to override the location of the kerberos libs on
    redhat
109) unlink spool file after submitting print job when using CUPS api
110) Add framework for samtest commands
111) Add the ability to view/set the current local domain SIDs to net command
112) When creating a group you have to take care of the fact that the
     underlying unix might not like the group name
113) Don't uppercase the username and domain in a session setup
114) Merge of "profile acls" code from SAMBA_2_2
115) Check for existing of security descriptor in PRINTER_INFO_2 structure
     in rpc client code
116) Move to common user token debugging, and ensure we always print both the
     NT_TOKEN and the unix credentials
117) If adding a user to ldap, make sure we have the 'account' structural class,
     or else we can't add to OpenLDAP 2.1
118) Kill of Get_Pwnam_Modify and smb_getpwnam()
119) add a 'ldap passwd sync' option to smb.conf
120) Whenever we deal with adding machine/trusted domain accounts, always reset
     the flag to what we expect
121) Fix the circular dependency that was preventing 'domain master = auto' (the
     default) from working
122) move all the passdb internal interface to NTSTATUS
123) to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to
     store \\server\user back) and to correctly notice 'not set' compared to 'null
     string' etc.
124) get some more of our access control bits right on the SAMR pipe
125) Add -r parameter to smbgroupedit. With -r you can manually choose
     a rid

Changes in alpha19
1)  Virtual registry framework with printing hooks (jerry)
2)  Heavy registry updates (jerry)
3)  Use 850 as the default DOS character set in smb.conf (tpot)
4)  printer fixes ) removed encoding of queueid in job number (jra)
5)  A lot of small fixes (jra)
6)  Don't crash on setfileinfo on printer fsp(jra)
7)  fixed line buffer mode in XFILE(jra)
8)  update samba.schema from 2.2 (jerry,idra)
9)  Fix problem with oplock breaks and win2k )
    noticed by Lev Iserovich <lev@ciprico.com> (jra)
10) Update smbgroupedit to document -d ) thanks to metze (abartlet)
11) Support weird behaviour used by win9x pass-through auth (abartlet,tpot)
12) Support for duplicating stderr in log files (abartlet)
13) Move startup time initialisation to server.c (abartlet)
14) *A lot* of fixes and cleanups (abartlet)
15) Fix up compiler warnings (abartlet)
16) Few small fixes (tpot)
17) Renamed new_cli_netlogon_* -> cli_netlogon_* (tpot)
18) Fixed segfault in net time when host is unavailable (tridge)
19) Ensure to be root when opening printer backend tdb (jra)
20) Merges from APPLIANCE_HEAD (tpot,jerry)
21) configure updates (tridge)
22) getgrouplist() updates (tridge)
23) Support for pdbedit to query account policy values (abartlet)
24) Allow one to create trusting domain account using smbpasswd (mimir,abartlet)
25) 'Net rpc trustdom list' (mimir, abartlet)
26) Fix fallback to anonymous connection (mimir, abartlet)
27) Fix for pdb_ldap and OpenLDAP 2.1
28) Added support in swat to determine whether winbind is running (idra)
29) Add 'hide unwritable' option (idra)
30) Correct pickup of [homes] share after subsequent session setups (abartlet)
31) Update rebind code in pdb_ldap (abartlet)
32) Add some info levels to RPC srvsvc code )
   thanks to Nigel Williams" <nigel@veritas.com> (abartlet)
33) Small doc fixes (tridge)
34) good security patch from Timothy.Sell@unisys.com (tridge)
35) fix minor nits in nmbd from adtam@cup.hp.com (tridge)
36) make sure async dns nmbd child dies (tridge)
37) interim fix for nmbd not registering DOMAIN#1b (tridge)
38) fix for smbtar filename matching (tridge)
39) Better quote handling in smb.conf (abartlet)
40) Support browsers setting multiple languages in swat (idra)
41) Changed str_list_make to be able to use a different separator string (idra)
42) Samsync support to insert account info into the pdb (tpot)
43) Don't hide unwritable dirs when 'hide unwritable' is enabled )
    suggested by Alexander Oswald <oswald@is.haw-hamburg.de> (idra)
44) Fix for handling sparse files in smbd (tridge)
45) Merges from 2_2 (jerry)
46) Minor printer fixes (jerry)
47) Add some checks to SID lookup code (abartlet)
48) Cascaded VFS (Alexander Bokovoy, idra)
49) Some netbios-less connections support in ADS mode (tridge)
50) ADS tweaks (tridge)
51) Fix plaintext passwords with win2k (tridge)
52) 'net ads info' reports IP of LDAP server (tridge)
53) Add some more RPC functions (jmcd)
54) Add 'smb ports = ' option (tridge)
55) Various small fixes (tridge)
56) Passdb security checks (abartlet)
57) Large winbind updates (abartlet)
58) Moved rpc client routines from libsmb to rpc_client (tpot)
59) Few nmbd fixes (jmcd)
60) Fix swat to handle new debug level code (idra)
61) Fix name length bug in namequeries (tridge)
62) Don't have client binaries depend on libs they don't use )
   patch from Steve Langasek <vorlon@netexpress.net> (abartlet)
63) Printing change notification (merged from HEAD_APPLIANCE) (jerry)
64) fix delete printer driver (from HEAD_APPLIANCE) (jerry)
65) Added pdb_xml and pdb_mysql (jelmer)
66) Update pdb_test (jelmer)
67) Fix security issues with %m (abartlet)
68) Support for service joins from win2k AND use SPNEGO (jmcd)
69) pdbedit -i and -e fix, add -b (idra)
70) textdocs converted to sgml (jelmer, jerry)
71) Merge netbios namecache code from APPLIANCE_HEAD (tpot)
72) Fix segs in new NTLMSSP code (abartlet)
73) Always make guest rid 501 (abartlet)