- WHATS NEW IN 1.9.18alpha5 Oct 25th 1997
- =======================================
+ WHATS NEW IN Samba 2.0.4b
+ =========================
-This is NOT a production release of Samba code.
-For production servers please run Samba 1.9.17p4
-or later releases in the 1.9.17 series.
+This is the latest stable release of Samba. This is the
+version that all production Samba servers should be running
+for all current bug-fixes.
-This release contains some experimental features and
-changes and is being made available so people can
-test and provide feedback and patches for ongoing
-Samba development.
+New/Changed parameters in 2.0.4
+-------------------------------
-Please note that only the Domain controller code
-is truly experimental. The other changes have
-been extensively tested and are of the same
-quality as normal Samba alpha releases. The
-Domain controller code is disabled in the Makefile
-by default and is being made available to Samba
-programmers in the interests of advancing a
-public implementation of this important protocol.
+There are 5 new parameters and one modified parameter in
+the smb.conf file.
-This release contains three major changes to the
-1.9.17 series and much re-written code.
+allow trusted domains
+restrict anonymous
+mangle locks
+oplock break wait time
+oplock contention limit
+The new parameters are :
-The main changes are :
+allow trusted domains
+---------------------
-1). Oplock support now operational.
------------------------------------
+This option is used in "security=domain" settings and allows
+the Samba admin to restrict access to users within the domain
+the the Samba server is in.
-Samba now supports 'exclusive' and 'batch' oplocks.
-These are an advanced networked file system feature
-that allows clients to obtain a exclusive use of a
-file. This allows a client to cache any changes it
-makes locally, and greatly improves performance.
+restrict anonymous
+------------------
-Windows NT has this feature and prior to this
-release this was one of the reasons Windows NT
-could be faster in some situations.
+This parameter allows the Samba admin to cause Samba to
+refuse access to anonymous users. Use of this parameter
+is only recommened for homogenous NT client environments.
-The oplock code in Samba has been extensively
-tested and is believed to be completely stable.
+mangle locks
+------------
-Please report any problems to the samba-bugs alias.
+This parameter was added to get around a bug in Windows NT
+when dealing with Samba running on 32-bit systems (such
+as Linux x86). This bug causes NT to send 64 bit locking
+requests to 32-bit systems even though Samba correctly
+tells the NT client not to do so. This option causes Samba
+to map the lock requests from 64 bits to 32 bits on these
+systems.
+oplock break wait time
+----------------------
-2). Experimental Primary Domain controller code.
-------------------------------------------------
-
-Samba now contains a *VERY* experimental client and
-server implementation of part of the Windows NT
-4.x Domain Controller specification, as
-published by Paul Ashton (now a Samba Team
-member).
-
-This code is not enabled in the Makefile by default,
-and to work on this code you must read the file :
-
- docs/NTDOMAIN.txt
-
-Please note that as this code is not complete,
-it is being made available as part of this release
-to allow interested parties to contribute and help
-the Samba Team in documenting and implementing
-this important feature.
-
-Please do not expect to be able to replace your
-NT Domain Controllers with Samba until this code
-is finished, tested and an announcement is made.
-
-At present the Domain Controller code is for
-programmers and people interested in Microsoft
-protocols only.
+This tuning parameter, added to help with clients that don't
+respond to oplock break requests, causes Samba to deley for
+this number of milliseconds before sending an oplock break
+request to a client that caused the break to be sent. The
+default is 10ms. This is an advanced tuning parameter and
+should not be changed lightly.
+
+oplock contention limit
+-----------------------
+
+This tuning parameter causes Samba not to grant oplocks
+when an smbd daemon notices that there have been this
+many concurrent requests for an oplock on a file. This
+prevents the "baton passing" oplock problem where many
+clients accessing one file pass the oplock between themselves
+like a baton. The default is 2. This is an advanced tuning
+parameter and should not be changed lightly.
+
+The modified parameter is :
+
+nt acl support
+--------------
+
+This is a global parameter that defaulted to False in
+the previous release (2.0.3) and now defaults to True
+as the RPC code has been added to Samba to allow it to
+map UNIX permissions to NT ACLs.
+
+All of these new parameters and changes are documented in the
+smb.conf man pages and html pages.
+
+Updated and New documentation
+-----------------------------
+
+A new document describing the manipulation of UNIX permissions
+via the Windows NT security dialogs and their interaction with
+Samba 2.0.4 is provided as :
+
+docs/textdocs/NT_Security.txt
+docs/htmldocs/NT_Security.html
+
+Changes in 2.0.4b
+-----------------
+
+A bug with MS-Word 97 saving files with zero UNIX permissions
+was fixed. Even though a workaround is available (set force
+create mode = 644 on the share) Word is such an important
+application that a point fix was neccessary.
+
+Changes in 2.0.4a
+-----------------
+
+The text and html versions of NT_Security were missing from
+the shipping tarball. Also a compile bug for platforms that
+don't have usleep was fixed.
+
+Bugfixes added since 2.0.3
+--------------------------
+
+1). Fix for 8 character password problem when using HPUX and
+plaintext passwords.
+2). --with-pam option added to ./configure.
+3). Client fixes for memory leak and display of 64 bit values.
+4). Fixes for -E and -s option with smbclient.
+5). smbclient now allows -L //server or -L \\server
+6). smbtar fix for display of 64 bit values.
+7). Endian independence added to DCE/RPC code.
+8). DCE/RPC marshalling/unmarshalling code re-written to provide
+overflow reporting and sign and seal support.
+9). Bind NAK reply packet added to DCE/RPC code, used to correctly
+refuse bind requests (prevents NT system event log messages).
+10). Mapping of UNIX permissions into NT ACL's for get and set
+added.
+11). DCE/RPC enumeration of numbers of shares made dynamic.
+Samba now has no limit on the number of exported shares seen.
+12). Fix to speed up random number seed generation on /dev/urandom
+being unavailable.
+13). Several memory fixes added by running Purify on the code.
+14). Read from client error messages improved.
+15). Fixed endianness used in UNICODE strings.
+16). Cope with ERRORmoredata in an RPC pipe client call.
+17). Check for malformed responses in nmbd register name.
+18). NT Encrypted password changing from the NT password dialog box
+now fully implmented.
+19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit
+Samba platform.
+20). Allow file to be pseudo-openend in order to read security only.
+21). Improve filename mangling to reduce chance of collisions.
+22). Added code to prevent granting of oplocks when a file is under
+contention.
+23). Added tunable wait time before sending an oplock break request
+to a client if the client caused the break request. Helps with clients
+not responding to oplock breaks.
+24). Always respond negatively to queued local oplock break messages
+before shutdown. This can prevent "freezes" on an oplock error.
+25). Allow admin to restrict logons to correct domain when in domain
+level security.
+26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org)
+to prevent parameter substitution problems with anonymous connections.
+27). Fix SMBseek where seeking to a negative number sets the offset
+to zero.
+28). Fixed problem with mode getting corrupted in trans2 request
+(setting to zero means please ignore it).
+29). Correctly become the authenticated user on an authenticated
+DCE/RPC pipe request.
+30). Correctly reset debug level in nmbd if someone set it on the
+command line.
+31). Added more checking into testparm
+32). NetBench simulator added to smbtorture by Andrew.
+33). Fixed NIS+ option compile (was broken in 2.0.3).
+34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt
+(ejb@ql.org)
+
+Bugfixes added since 2.0.2
+--------------------------
+
+1). --with-ssl configure now include ssl include directory. Fix
+from Richard Sharpe.
+2). Patch for configure for glibc2.1 support (large files etc.).
+3). Several bugfixes for smbclient tar mode from Bob Boehmer
+(boehmer@worldnet.att.net) to fix smbclient aborting problems
+when restoring tar files.
+4). Some automount fixes for smbmount.
+5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as
+root. As no-one has given us root access to such a server this
+cannot be tested fully, but should work.
+6). Crash bug fix in debug code where *real* uid rather than
+*effective* uid was being checked before attempting to rotate
+log files. This fix should help a *lot* of people who were
+reporting smbd aborting in the middle of a copy operation.
+7). SIGALRM bugfix to ensure infinate file locks time out.
+8). New code to implement NT ACL reporting for cacls.exe program.
+9). UDP loopback socket rebind fix for Solaris.
+10). Ensure all UNICODE strings are correctly in little-endian
+format.
+11). smbpasswd file locking fix.
+12). Fixes for strncpy problems with glibc2.1.
+13). Ensure smbd correctly reports major and minor version number
+and server type when queried via NT rpc calls.
+14). Bugfix for short mangled names not being pulled off the
+mangled stack correctly.
+15). Fix for mapping of rwx bits being incorrectly overwritten
+when doing ATTRIB.EXE
+16). Fix for returning multiple PDU packets in NT rpc code. Should
+allow multiple shares to be returned correctly).
+17). Improved mapping of NT open access requests into UNIX open
+modes.
+18). Fix for copying files from an NTFS volume that contain
+multiple data forks. Added 'magic' error code NT needs.
+19). Fixed crash bug when primary NT authentication server
+is down, rolls over to secondaries correctly now.
+20). Fixed timeout processing to be timer based. Now will
+always occur even if smbd is under load.
+21). Fixed signed/unsigned problem in quotas code.
+22). Fixed bug where setting the password of a completely fresh
+user would end up setting the account disabled flag.
+23). Improved user logon messages to help admins having
+trouble with user authentication.
+
+Bugfixes added since 2.0.1
+--------------------------
+
+Note that due to a critical signal handling bug in 2.0.1,
+this release has been removed and replaced immediately with
+2.0.2. The Samba Team would like to apologise for any problem
+this may have caused.
+
+1). Fixed smbd looping on SIGCLD problem. This was
+ caused by a missing break statement in a critical
+ piece of code.
+
+Bugfixes added since 2.0.0
+--------------------------
+
+1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6
+2). Autoconf changes to help HPUX configure correctly.
+3). Autoconf changes to allow lock directory to be set.
+4). Client fix to allow port to be set.
+5). clitar fix to send debug messages to stderr.
+6). smbmount race condition fix.
+7). Fix for bug where trying to browse large numbers of shares
+ generated an error from an NT client.
+8). Wrapper for setgroups for SunOS 4.x
+9). Fix for directory deleting failing from multiuser NT.
+10). Fix for crash bug if bitmap was full.
+11). Fix for Linux genrand where /dev/random could cause
+ clients to timeout on connect if the entropy pool was
+ empty.
+12). The default PASSWD_CHAT may now be overridden in local.h
+13). HPUX printing fixes for default programs.
+14). Reverted (erroneous) code in MACHINE.SID generation that
+ was setting the sid to 0x21 - should be *decimal* 21.
+15). Fix for printing to remote machine under SVR4.
+16). Fix for chgpasswd wait being interrupted with EINTR.
+17). Fix for disk free routine. NT and Win98 now correctly
+ show greater than 2GB disks.
+18). Fix for crash bug in stat cache statistics printing.
+19). Fix for filenames ending in .~xx.
+20). Fix for access check code wait being interrupted with EINTR.
+21). Fix for password changes from "invalid password" to a valid
+ one setting the account disabled bit.
+22). Fix for smbd crash bug in SMBreadraw cache prime code.
+23). Fix for overly zealous lock range overflow reporting.
+24). Fix for large disk disk free reporting (NT SMB code).
+25). Fix for NT failing to truncate files correctly.
+26). Fix for smbd crash bug with SMBcancel calls.
+27). Additional -T flag to nmblookup to do reverse DNS on addresses.
+28). SWAT fix to start/stop smbd/nmbd correctly.
+
+Major changes in Samba 2.0
+--------------------------
+
+This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file
+and print server for Windows systems.
+
+There have been many changes in Samba since the last major release,
+1.9.18. These have mainly been in the areas of performance and
+SMB protocol correctness. In addition, a Web based GUI interface
+for configuring Samba has been added.
+
+In addition, Samba has been re-written to help portability to
+other POSIX-based systems, based on the GNU autoconf tool.
+
+There are many major changes in Samba for version 2.0. Here are
+some of them:
+
+=====================================================================
+
+1). Speed
+---------
+
+Samba has been benchmarked on high-end UNIX hardware as out-performing
+all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark.
+Many changes to the code to optimise high-end performance have been made.
+
+2). Correctness
+---------------
+Samba now supports the Windows NT specific SMB requests. This
+means that on platforms that are capable Samba now presents a
+64 bit view of the filesystem to Windows NT clients and is
+capable of handling very large files.
-3). New Internationalization support.
--------------------------------------
+3). Portability
+---------------
-With this release Samba no longer needs to be
-separately compiled for Japanese (Kanji) support,
-the same binary will serve both Kanji and non-Kanji
-clients.
+Samba is now self-configuring using GNU autoconf, removing
+the need for people installing Samba to have to hand configure
+Makefiles, as was needed in previous versions.
-A new method of dynamically loading client code pages
-has been added to allow the case insensitivity to
-be done dependent on the code page of the client.
+You now configure Samba by running "./configure" then "make". See
+docs/textdocs/UNIX_INSTALL.txt for details.
-Note that Samba still will only handle one client
-code page at a time. This will be fixed when
-Samba is fully UNICODE enabled.
+4). Web based GUI configuration
+-------------------------------
-Please see the new man page for make_smbcodepage
-for details on adding additional client code page
-support.
+Samba now comes with SWAT, a web based GUI config system. See
+the swat man page for details on how to set it up.
+5). Cross protocol data integrity
+---------------------------------
-Changed code.
--------------
+An open function interface has been defined to allow
+"opportunistic locks" (oplocks for short) granted by Samba
+to be seen by other UNIX processes. This allows complete
+cross protocol (NFS and SMB) data integrety using Samba
+with platforms that support this feature.
-Samba no longer needs the libdes library to support
-encrypted passwords. Samba now contains a restricted
-version of DES that can only be used for authentication
-purposes (to comply with the USA export encryption
-regulations and to allow USA Mirror sites to carry
-Samba source code). The 'encrypt passwords' parameter
-may now be used without recompiling.
+6). Domain client capability
+----------------------------
-Much of the internals of Samba has been re-structured
-to support the oplock and Domain controller changes.
+Samba is now capable of using a Windows NT PDC for user
+authentication in exactly the same way that a Windows NT
+workstation does, i.e. it can be a member of a Domain. See
+docs/textdocs/DOMAIN_MEMBER.txt for details.
-The WINS client and WINS server capabilities in nmbd
-are also being restructured, to make it easier to
-understand and maintain.
+7). Documentation Updates
+-------------------------
-Samba supports the NT 4.0 Domain Authentication Protocol
-to a degree sufficient to download Profiles to an NT
-Workstation ("Welcome to the SAMBA Domain").
+All the reference parts of the Samba documentation (the
+manual pages) have been updated and converted to a document
+format that allows automatic generation of HTML, SGML, and
+text formats. These documents now ship as standard in HTML
+and manpage format.
-There is also code in smbclient to generate the same
-requests as an NT Workstation would when doing an NT
-Domain Logon. This has only been tested against a Samba
-"Experimental" PDC so far.
+=====================================================================
-Some of the new parameters for NT Domain Logons and
-Profile support are now also used by the Win95 Domain
-Logons and Profile support.
+NOTE - Some important option defaults changed
+---------------------------------------------
-The Automount code has been slightly reshuffled, such
-that the home directory (and profile location) can be
-specified by \\%N\homes and \\%N\homes\profiles
-respectively, which are the defaults for these values.
-If -DAUTOMOUNT is enabled, then %N is the server
-component of the user's NIS auto.home entry. Obviously,
-you will need to be running Samba on the user's home
-server as well as the one they just logged in on.
+Several parameters have changed their default values. The most
+important of these is that the default security mode is now user
+level security rather than share level security.
+This (incompatible) change was made to ease new Samba installs
+as user level security is easier to use for Windows 95/98 and
+Windows NT clients.
-New parameters in smb.conf.
----------------------------
+********IMPORTANT NOTE****************
-New Global parameters.
-----------------------
+If you have no "security=" line in the [global] section of
+your current smb.conf and you update to Samba 2.0 you will
+need to add the line :
-Documented in the smb.con man pages :
+security=share
-"bind interfaces only"
-"username level"
+to get exactly the same behaviour with Samba 2.0 as you
+did with previous versions of Samba.
-"domain sid"
-"domain groups"
+********END IMPORTANT NOTE*************
-"logon drive"
-"logon home"
+In addition, Samba now defaults to case sensitivity options that
+match a Windows NT server precisely, that is, case insensitive
+but case preserving.
+The default format of the smbpasswd file has also been
+changed for this release, although the new tools will read
+and write the old format, for backwards compatibility.
-Not yet documented in the smb.conf man page, please
-read docs/NTDOMAIN.txt or examine the source code for
-information on the next parameters :
+=====================================================================
-"domain other sids"
-"domain admin users"
-"domain guest users"
+NOTE - Primary Domain Controller Functionality
+----------------------------------------------
+This version of Samba contains code that correctly implements
+the undocumented Primary Domain Controller authentication
+protocols. However, there is much more to being a Primary
+Domain Controller than serving Windows NT logon requests.
-New Share level parameters.
----------------------------
+A useful version of a Primary Domain Controller contains
+many remote procedure calls to do things like enumerate users,
+groups, and security information, only some of which Samba currently
+implements. In addition, there are outstanding (known) bugs with
+using Samba as a PDC in this release that the Samba Team are actively
+working on. For this reason we have chosen not to advertise and
+actively support Primary Domain Controller functionality with this
+release.
-Documented in the smb.con man pages :
+This work is being done in the CVS (developer) versions of Samba,
+development of which continues at a fast pace. If you are
+interested in participating in or helping with this development
+please join the Samba-NTDOM mailing list. Details on joining
+are available at :
-"delete veto files"
-"oplocks"
+http://samba.org/listproc/
+Details on obtaining CVS (developer) versions of Samba
+are available at:
-Reporting bugs.
----------------
+http://samba.org/cvs.html
-If you have problems, or think you have found a
-bug please email a report to :
+=====================================================================
-samba-bugs@samba.anu.edu.au
+If you have problems, or think you have found a bug please email
+a report to :
-Please state the version number of Samba that
-you are running, and *full details* of the steps
-we need to reproduce the problem.
+ samba-bugs@samba.org
As always, all bugs are our responsibility.
Regards,
- The Samba Team.
+ The Samba Team.
git.samba.org / nivanova / samba-autobuild / .git / blobdiff