-'Samba4 TP5' presents you with a snapshot into Samba4's ongoing
-development, as we move towards our first alpha releases. This Technology
-Preview (TP) is snapshot of Samba4's development, as at June 2007.
+What's new in Samba 4 alpha1
+============================
-In the time since TP4 was released in January 2007, Samba has
+Samba 4 is the ambitious next version of the Samba suite that is being
+developed in parallel to the stable 3.0 series. The main emphasis in
+this branch is support for the Active Directory logon protocols used
+by Windows 2000 and above.
+
+Samba 4 is currently not yet in a state where it is usable in
+production environments. Note the WARNINGS below, and the STATUS file,
+which aims to document what should and should not work.
+
+Samba4 alpha1 is the culmination of 4.5 years of development under our
+belt since Tridge first proposed a new Virtual File System (VFS) layer
+for Samba3 (a project which eventually lead to our Active Directory
+efforts), and 1.5 years since we first released a Technology Preview,
+we wish to allow users, managers and developers to see how we have
+progressed, and to invite feedback and support.
+
+WARNINGS
+========
+
+Samba4 alpha1 is not a final Samba release. That is more a reference
+to Samba4's lack of the features we expect you will need than a
+statement of code quality, but clearly it hasn't seen a broad
+deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
+Samba4, you would find many things work, but that other key features
+you may have relied on simply are not there yet.
+
+For example, while Samba 3.0 is an excellent member of a Active
+Directory domain, Samba4 is happier as a domain controller: (This is
+where we have done most of the research and development).
+
+While Samba4 is subjected to an awesome battery of tests on an
+automated basis, and we have found Samba4 to be very stable in it's
+behaviour, we have to recommend against upgrading production servers
+from Samba 3 to Samba 4 at this stage. If you are upgrading an
+experimental server, or looking to develop and test Samba, you should
+backup all configuration and data.
+
+NEW FEATURES
+============
+
+Samba4 supports the server-side of the Active Directory logon environment
+used by Windows 2000 and later, so we can do full domain join
+and domain logon operations with these clients.
+
+Our Domain Controller (DC) implementation includes our own built-in
+LDAP server and Kerberos Key Distribution Center (KDC) as well as the
+Samba3-like logon services provided over CIFS. We correctly generate
+the infamous Kerberos PAC, and include it with the Kerberos tickets we
+issue.
+
+The new VFS features in Samba 4 adapts the filesystem on the server to
+match the Windows client semantics, allowing Samba 4 to better match
+windows behaviour and application expectations. This includes file
+annotation information (in streams) and NT ACLs in particular. The
+VFS is backed with an extensive automated test suite.
+
+A new scripting interface has been added to Samba 4, allowing
+JavaScript programs to interface to Samba's internals.
+
+The Samba 4 architecture is based around an LDAP-like database that
+can use a range of modular backends. One of the backends supports
+standards compliant LDAP servers (including OpenLDAP), and we are
+working on modules to map between AD-like behaviours and this backend.
+We are aiming for Samba 4 to be powerful frontend to large
+directories.
+
+CHANGES SINCE TP5
+=================
+
+In the time since TP5 was released in June 2007, Samba has
continued to evolve, but you may particularly notice these areas:
- Work has continued on SWAT, the the libnet API behind it. These we
- hope will grow into a full web-based management solution for both
- local and remote Samba and windows servers.
-
- The DRSUAPI research effort has largely concluded, and an initial
- implementation of AD replication is present, included in torture
- test-cases. This includes the decryption of the AD passwords, which
- were specially and separately encrypted. This should be recognised
- as vital milestone.
-
- Likewise, the LDAP Backend project has moved from a research
- implementation into something that can be easily deployed outside
- the test infrastructure.
-
- Testing has been an area of great work, with renewed vigour to
- increase our test coverage over the past few months. In doing so,
- we now demonstrate PKINIT and many other aspects of kerberos, as
- well as command-line authentication handling in our testsuite.
-
- The testsuite infrastructure has been rewritten in perl and
- extended, to setup multiple environments: allowing testing of the
- domain member, as well as the domain controller, roles. Samba4's
- initial implementation of winbind has been revived, to fill in these
- tests.
-
- In clustering, work on CTDB (an implementation of a clustered Samba)
- has moved ahead very well, but the current code has not
- been merged into Samba4 in time for this release.
-
- To support better management, we have investigated group policy
- support, and include the infrastructure required. Unfortunately
- without MMC write support, you will need to place the polices into
- the directory by hand.
-
-As we move forward, we have many of the features we feel are required
-for a Samba4 Alpha. Similarly, we know enough about the data
-formats (particularly those that are encrypted) to be confident that
-we won't need to change the LDB format. Our plan is to publish a
-Samba4 alpha in the next few months.
+ Group Policy Support: Basic group policies may be defined, and are
+ enforced by Windows clients
+
+ MMC Support: The Active Directory Users and Computers console now
+ works, supporting most operations.
+
+ Winbind: Kai Blin has been working hard on his Google Summer of
+ Code project, creating a winbind implementation for Samba4.
+
+ Heimdal update: A Heimdal 1.0 snapshot is now included as the
+ internal Kerberos library in Samba4.
+
+ In the past few weeks, many small but significant bugs have been
+ fixed, particularly thanks to Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
These are just some of the highlights of the work done in the past few
months. More details can be found in our SVN history.
+CHANGES
+=======
+
+Those familiar with Samba 3 can find a list of user-visible changes
+since that release series in the NEWS file.
+
+KNOWN ISSUES
+============
+
+- Domain member support is in it's infancy, and is not comparable to
+ the support found in Samba3.
+
+- There is no printing support in the current release.
+
+- Support for managing groups is currently poor (as the
+ memberOf/member linked attributes are not kept in sync).
+
+- Renaming and deleting subtrees (containers) in the the LDB tree will
+ have unexpected results.
+
+- The Samba4 port of the CTDB clustering support is not yet complete
+
+- Clock Synchronisation is critical. Many 'wrong password' errors are
+ actually due to Kerberos objecting to a clock skew between client
+ and server.
+
+RUNNING Samba4
+==============
+
+A short guide to setting up Samba 4 can be found in the howto.txt file
+in root of the tarball.
+
+DEVELOPMENT and FEEDBACK
+========================
+Bugs can be filed at https://bugzilla.samba.org/ but please be aware
+that many features are simply not expected to work at this stage.
+
+The Samba Wiki at http://wiki.samba.org should detail some of these
+development plans.
+
+Development and general discussion about Samba 4 happens mainly on
+the #samba-technical IRC channel (on irc.freenode.net) and
+the samba-technical mailing list (see http://lists.samba.org/ for
+details).