- ==============================
- Release Notes for Samba 3.2.x
- XX ##, 200Y
- ==============================
+ =================================
+ Release Notes for Samba 3.2.0pre2
+ Feb 29, 2008
+ =================================
+
+This is the second preview release of Samba 3.2.0. This is *not*
+intended for production environments and is designed for testing
+purposes only. Please report any defects via the Samba bug reporting
+system at https://bugzilla.samba.org/.
+
+Please be aware that Samba is now distributed under the version 3
+of the new GNU General Public License. You may refer to the COPYING
+file that accompanies these release notes for further licensing details.
+
+Major enhancements in Samba 3.2.0 include:
+
+ File Serving:
+ o Use of IDL generated parsing layer for several DCE/RPC
+ interfaces.
+ o Removal of the 1024 byte limit on pathnames and 256 byte limit on
+ filename components to honor the MAX_PATH setting from the host OS.
+ o Introduction of a registry based configuration system.
+ o Improved CIFS Unix Extensions support.
+ o Experimental support for file serving clusters.
+ o Support for IPv6 in the server, and client tools and libraries.
+ o Support for storing alternate data streams in xattrs.
+ o Encrypted SMB transport in client tools and libraries, and server.
+ o Support for Vista clients authenticating via Kerberos.
+
+ Winbind and Active Directory Integration:
+ o Full support for Windows 2003 cross-forest, transitive trusts
+ and one-way domain trusts.
+ o Support for userPrincipalName logons via pam_winbind and NSS
+ lookups.
+ o Expansion of nested domain groups via NSS calls.
+ o Support for Active Directory LDAP Signing policy.
+ o New LGPL Winbind client library (libwbclient.so).
+
+ Joining:
+ o New NetApi library for domain join related queries (libnetapi.so)
+ and example GTK+ Domain join gui.
+ o New client and server support for remotely joining and unjoining
+ Domains.
+ o Support for joining into Windows 2008 domains.
+
+ Users & Groups:
+ o New ldb backend for local group mapping tables
+ o Raised level of security defaults for authentication operations.
+
+
+ Documentation:
+ o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+ from O'Reilly Publishing.
+
+
+Now Licensed under the GNU GPLv3
+================================
+
+The Samba Team has adopted the Version 3 of the GNU General Public
+License for the 3.2 and later releases. The GPLv3 is the updated
+version of the GPLv2 license under which Samba is currently
+distributed. It has been updated to improve compatibility with other
+licenses and to make it easier to adopt internationally, and is an
+improved version of the license to better suit the needs of Free
+Software in the 21st Century.
+
+The original announcement is available on-line at
+
+ http://news.samba.org/announcements/samba_gplv3/
+
+
+New Security Defaults for Authentication
+========================================
+
+Support for LanMan passwords is now disabled in both client and server
+applications. Additionally, clear text authentication requests are
+disabled by default in client utilities such as smbclient and all
+libsmbclient based applications. This will affect connection both
+to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
+to the "Changes" section for details on the exact parameters that were
+updated.
+
+
+Registry Configuration Backend
+==============================
+
+Samba is now able to use a registry based configuration backed to
+supplement smb.conf setting. This feature may be enabled by setting
+"config backend = registry" and "registry shares = yes" in the [global]
+section of smb.conf and may be managed using the "net conf" command.
+
+More information may be obtained from the smb.conf(5) and net(8) man
+pages.
+
+
+Removed Features
+================
+
+Both the Python bindings and the libmsrpc shared library have been
+removed from the tree due to lack of an official maintainer.
+
+As smbfs is no longer supported in current kernel versions, smbmount has
+been removed in this Samba version. Please use cifs (mount.cifs) instead.
+See examples/scripts/mount/mount.smbfs as an example for a wrapper which
+calls mount.cifs instead of smbmount/mount.smbfs.
+
+
+Modified API for libsmbclient
+==============================================================================
+
+Maintaining ABI compatibility for libsmbclient has become increasingly
+difficult to accomplish, while also keeping the code organization such that it
+is easily readable. Towards the goal of maintaining ABI compatibility and
+also keeping the code easy to maintain and enhance, the API has changed
+somewhat. In particular, the fields in the SMBCCTX context structure are no
+longer intended to be read/write by the user. The names of the fields have
+changed to encourage any recompilations to use the new interface, but for
+continued ABI compatibility, the fields are in the same locations in the
+context structure as they were previously so any previously-compiled
+applications should continue to work with this new version.
+
+An application that previously accessed the members of the SMBCCTX context
+structure will encounter errors if recompiled. This is intentional to
+encourage implementation of the small changes required for the new interface.
+The number of changes is expected to be quite small for the vast majority of
+applications, and no changes need be made for many applications. The changes
+required for KDE (konqueror) to conform to the new interface, for example, are
+only four lines in only one file.
+
+Instead of the application manually changing or reading values in the context
+structure, there are now setter and getter functions for each configurable
+member in that structure. Similarly, the smbc_option_get() and
+smbc_option_set() functions are deprecated in favor of the setter/getter
+interface. The setters and getters are all documented in libsmbclient.h
+under these comment blocks:
+
+ Getters and setters for CONFIGURATION
+ Getters and setters for OPTIONS
+ Getters and setters for FUNCTIONS
+ Callable functions for files
+ Callable functions for directories
+ Callable functions applicable to both files and directories
+
+Example changes that may be required:
+
+ /* Set the debug level */
+ context->debug = 99;
+changes to:
+ smbc_setDebug(context, 99);
+
+ /* Specify the authentication callback function */
+ context->callbacks.auth_fn = auth_smbc_get_data;
+changes to:
+ smbc_setFunctionAuthData(context, auth_smbc_get_data);
+
+ /* Specify the new-style authentication callback with context parameter */
+ smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
+changes to:
+ smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
+
+ /* Set kerberos flags */
+ context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
+ SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
+changes to:
+ smbc_setOptionUseKerberos(context, 1);
+ smbc_setOptionFallbackAfterKerberos(context, 1);
+
+
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ client lanman auth Changed Default No
+ client ldap sasl wrapping New plain
+ client plaintext auth Changed Default No
+ clustering New No
+ cluster addresses New ""
+ config backend New file
+ ctdb socket New ""
+ debug class New No
+ hidden New No
+ lanman auth Changed Default No
+ ldap debug level New 0
+ ldap debug threshold New 10
+ mangle map Removed
+ open files database hashsize Removed
+ read bmpx Removed
+ registry shares New No
+ winbind expand groups New 1
+ winbind rpc only New No
+
+
+Changes since 3.2.0pre1:
+-----------------------
+
+o Michael Adam <obnox@samba.org>
+ * Add library for access to the registry configuration data.
+ * BUG 5023: Separate NFS4 and POSIX ACL code in file access checks.
+ * BUG 4308: Fix Excel save operation ACL bug.
+ * Refactor and consolidate logic for retrieving the machine
+ trust password information.
+ * VFS API cleanup (remove redundant parameter).
+ * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
+ * Add new option "debug class" to control printing of the debug class.
+ in debug headers.
+ * Enable building of the zfsacl and notify_fam vfs modules.
+ * BUG 5083: Fix memleak in solarisacl module.
+ * BUG 5063: Fix build on RHEL5.
+ * New smb.conf parameter "config backend = registry" to enable registry
+ only configuration.
+ * Move "net conf" functionality into a separate module libnet_conf.c
+ * Restructure registry code, eliminating the dynamic overlay.
+ Make use of reg_api instead of backend code in most places.
+ * Add support for intercepting LDAP libraries' debug output and print
+ it in Samba's debugging system.
+ * Libreplace fixes.
+ * Build fixes.
+ * Initial support for using subsystems as shared libraries.
+ Use talloc, tdb, and libnetapi as shared libraries internally.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Added support for IPv6 client and server connections.
+ * Add in the recvfile entry to the VFS layer.
+ * Removal of pstring data type.
+ * Remove unused utilities: smbctool and rpctorture.
+ * Fix service principal detection to match Windows Vista
+ (based on work from Andreas Schneider).
+ * Encrypted SMB transport in client tools and libraries, and server.
+
+
+o Kai Blin <kai@samba.org>
+ * Added support for an SMB_CONF_PATH environment variable
+ containing the path to smb.conf.
+ * Various fixes to ntlm_auth.
+ * make test now supports more extensive SPOOLSS testing using vlp.
+ * Correctly handle mixed-case hostnames in NTLMv2 authentication.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Add Winbind client library.
+ * Decouple static linking between smbd and winbindd's client
+ interface.
+
+
+o Guenther Deschner <gd@samba.org>
+ * Enhance client and server remote registry access.
+ * Add client calls for remotely joining a computer to a domain
+ (including calls from "net dom" command).
+ * Add libnetapi.so library for joining domains including
+ sample GTK+ app.
+ * Fixes for Vista SP1 Kerberos authdata handling to only pickup
+ the PAC.
+ * Various error code and error message fixes.
+ * Add initial draft of libnetconf to allow programmatic
+ configuration changes.
+ * Add libnet_join internal library for programmatically joining
+ and unjoining Domains.
+ * Add various fixes and new calls to libnetapi.so library.
+ * Various fixes for DsGetDcName and conversion to IDL based
+ structures.
+ * Fixes for pidl to correctly generate WERROR based client calls.
+ * Fixes for pidl to generate output that complies to coding
+ conventions.
+ * Various IDL fixes.
+ * Add ads_get_joinable_ous() to libads to get list of joinable ous.
+ * Add get_logon_hours_from_pdb() to comply with new IDL based
+ structures.
+ * Add debugging capabilities to dump AD connections to libads
+ (using ndr_print).
+ * Add "dump-domain-list" command for smbcontrol to retrieve better
+ debugging information out of winbindd.
+ * Migration of the entire client and server DCE/RPC code to IDL
+ based structures and autogenerated code for DSSETUP, LSA, SAMR
+ and NETLOGON.
+ * Started migration of client and server DCE/RPC code to IDL based
+ structures and autogenerated code for NTSSVC, SVCCTL and
+ EVENTLOG.
+ * Use IDL and autogenerated code for samlogoncache and Kerberos
+ PAC handling.
+ * Various fixes and cleanup of Kerberos PAC handling.
+ * Fix segfault in _srv_net_file_enum.
+ * Conversion of client join and unjoin code to libnet_join.
+ * Add remote join/unjoin server-side implementation.
+ * Removed a lot of code which has become obsolete.
+
+
+o Steve Langasek <vorlon@debian.org>
+ * Integrate 2 out of 3 --with-fhs patches from Debian packaging
+ for better adherence to the FHS standard.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Add talloc_stackframe() and talloc_pool() features.
+ * Removal of pstring data type.
+ * Add generic a in-memory cache.
+ * Import the Linux red-black tree implementation.
+ * Remove large amount of global variables.
+ * Support for storing xattrs in tdb files.
+ * Support for storing alternate data streams in xattrs.
+ * Implement a generic in-memory cache based on rb-trees.
+ * Add implicit temporary talloc contexts via talloc_stack().
+ * Speed up the smbclient "get" command
+ * Add the aio_fork module
+
+o Derrell Lipman <derrell@samba.org>
+ * Modified libsmbclient API for more easily maintaining ABI compatibility
+ while adding new features to libsmbclient.
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fixes for libreplace.
+ * Pidl fixes.
+ * Build fixes.
+ * Add nss_wrapper support.
+ * Start and test winbindd by 'make test'.
+ * Split up child_dispatch_table into domain, idmap and locator tables
+ in winbindd.
+ * Fix for a crash bug in pidl generated client code.
+ This could have happend with [in,out,unique] pointers
+ when the client sends a valid pointer, but the server
+ responds with a NULL pointer (as samba-3.0.26a does for some calls).
+ * Change NTSTATUS into enum ndr_err_code in librpc/ndr.
+ * Remove unused calls in the struct based winbindd protocol.
+ * Add --configfile option to wbinfo.
+ * Convert winbind_env_set(), winbind_on() and winbind_off() into macros.
+ * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode.
+ * Implement wbcErrorString() and wbcAuthenticateUserEx().
+ * Convert auth_winbind to use wbcAuthenticateUserEx().
+
+
+o James Peach <jpeach@samba.org>
+ * Add support for DNS Service Discovery. Based on work from
+ Rishi Srivatsavai <rishisv@gmail.com>.
+
+
+o Andreas Schneider <anschneider@suse.de>
+ * Don't restart winbind if a corrupted tdb is found during
+ initialization.
+ * Fix Windows 2008 (Longhorn) join.
+ * Fix crashbug in winbindd.
+ * Add share parameter "hidden".
+
+
+o Karolin Seeger <ks@sernet.de>
+ * Improve error messages of net subcommands.
+ * Add 'net rap file user'.
+ * Change LDAP search filter to find machine accounts which
+ are not located in the user suffix.
+ * Remove smbmount.
+
+
+o David Shaw <dshaw@jabberwocky.com>
+ * BUG 5073: Allow "delete readonly = yes" to correctly override
+ deletion of a file.
+
+
+o Rishi Srivatsavai <rishisv@gmail.com>
+ * Register the smb service with mDNS if mDNS is supported.
+ * Add smbclient support for basic mDNS browsing.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Fix padding between Winbind 32bit/64bit client library in
+ the request/response structures.
+ * Added a syncops VFS module for file systems which do not
+ guarantee meta-data operations are immediately committed to
+ disk in stable form.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Additional portability support for building shared libraries.
+
+
+o Corinna Vinschen <corinna@vinschen.de>
+ * Get Samba version or capability information from Windows user space.
+
+
+Original 3.2.0pre1 commits:
+---------------------------
+o Michael Adam <obnox@samba.org>
+ * Unified POSIX ACL detection including support for FreeBSD and
+ HP-UX.
+ * Performance improvements for Winbind's lookup functions (names,
+ SIDs, and group membership) when joined to an AD domain.
+ * Winbind cache validation support.
+ * Store domain trust passwords for Samba domain controller's in
+ the domain's passdb backend.
+ * Merged \winreg server code from the SAMBA_3_2 development branch.
+ * Fixes for libreplace.
+ * Implement new registry configuration backend.
+
+
+o Jeremy Allison <jra@samba.org>
+ * Add support for file system objectIDs.
+ * Winbind cache validation support.
+ * Add in the UNIX capability for 24-bit readX.
+ * Improve Delete-on-Close semantics.
+ * Removal of static file and path name buffers in SMB file serving
+ code.
+
+
+o Danilo Almeida <dalmeida@centeris.com>
+ * Move the machine account to the OU specified when running "net
+ ads join".
+
+
+o Andrew Bartlett <abartlet@samba.org>
+ * Tighten authentication protocol defaults in client tools and
+ servers.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Implement support for one-way trusts and two-way cross-forest
+ transitive trust in winbindd.
+ * Fixes for Winbind's offline/disconnected logon support when
+ using remote idmap backends.
+ * Fix LookupNames and LookupSids to use the same resolution
+ heuristics as Windows XP.
+ * Fix lockups in Winbind when running nscd.
+ * UPN logon support in pam_winbind.
+ * Add support for GNU linker scripts when build shared libraries
+ (based on work by Julien Cristau <jcristau@debian.org> and James
+ Peach).
+
+
+o Guenther Deschner <gd@samba.org>
+ * Additional support for decoding and downloading group policy
+ objects from Active Directory.
+ * Improvements to "net ads keytab" command.
+ * Fixes for linking against Heimdal Kerberos client libs.
+ * Support LDAP range retrieval searches.
+ * Fixes for failure to refresh user ticket caches in Winbind.
+ * UPN logon support in pam_winbind.
+ * Add KDC locator plugin for MIT kerberos 1.6 or later.
+
+
+o Steve Langasek <vorlon@debian.org>
+ * Allow SIGTERM to cause nmbd to exit while awaiting a interface
+ to come up.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Merge experimental cluster support patches from the ctdb branch.
+ * Add tdb storage abstraction for ctdb.
+ * Use IDL for internal message passing system.
+ * Add client support for the SamLogonEx() authentication request.
+ * Implement RPC proxy stubs in the Samba server code to allow
+ replacing implementation functions one by one.
+ * Remove static incoming and outgoing buffers from core server SMB
+ packet processing code.
+ * Add "net sam rights" command.
+
+
+o Steve French <sfrench@samba.org>
+ * Fixes for mount.cifs Linux utility.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Fixes for libreplace.
+ * Add support for LDAP digital signing policy.
+ * Experimental clustered file system support.
+
+
+o Lars Mueller <lars@samba.org>
+ * Makefile and build fixes.
+ * Add pam_pwd_expire for pam_winbind (original patch from Andreas
+ Schneider).
+
+
+o James Peach <jpeach@apple.com>
+ * Fixes for setgroups() and *BSD and Darwin.
+ * Support membership of >16 groups on Darwin.
+
+
+o Jiri Sasek <Jiri.Sasek@Sun.COM>
+ * Added vfs_zfsacl module.
+
+
+o Karolin Seeger <ks@sernet.de>
+ * Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
+ * Cleanup internal passdb functions.
+
+
+o Simo Sorce <idra@samba.org>
+ * Fixes for IDmap and Passdb backends.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Port ldb from the Samba 4 tree and add ldb group mapping plugin.
+ * Move several file serving related tdb files to use the dbwrap
+ API internally.
+ * Cleanup the GPFS VFS plugin.
+ * Experimental clustered file system support.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Implement NDR basic to support utilizing IDL files from Samba 4
+ tree for general DCE/RPC parsing stubs.
+
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
git.samba.org / kai / samba.git / blobdiff