Release Announcements
=====================
-This is the first release candidate of Samba 4.3. This is *not*
+This is the first preview release of Samba 4.8. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
-Samba 4.3 will be the next version of the Samba suite.
+Samba 4.8 will be the next version of the Samba suite.
UPGRADING
=========
-Nothing special.
-NEW FEATURES
-============
-
-Logging
--------
-
-The logging code now supports logging to multiple backends. In
-addition to the previously available syslog and file backends, the
-backends for logging to the systemd-journal, lttng and gpfs have been
-added. Please consult the section for the 'logging' parameter in the
-smb.conf manpage for details.
-
-Spotlight
----------
-
-Support for Apple's Spotlight has been added by integrating with Gnome
-Tracker.
-
-For detailed instructions how to build and setup Samba for Spotlight,
-please see the Samba wiki: <https://wiki.samba.org/index.php/Spotlight>
-
-New FileChangeNotify subsystem
-------------------------------
-
-Samba now contains a new subsystem to do FileChangeNotify. The
-previous system used a central database, notify_index.tdb, to store
-all notification requests. In particular in a cluster this turned out
-to be a major bottleneck, because some hot records need to be bounced
-back and forth between nodes on every change event like a new created
-file.
-
-The new FileChangeNotify subsystem works with a central daemon per
-node. Every FileChangeNotify request and every event are handled by an
-asynchronous message from smbd to the notify daemon. The notify daemon
-maintains a database of all FileChangeNotify requests in memory and
-will distribute the notify events accordingly. This database is
-asynchronously distributed in the cluster by the notify daemons.
-
-The notify daemon is supposed to scale a lot better than the previous
-implementation. The functional advantage is cross-node kernel change
-notify: Files created via NFS will be seen by SMB clients on other
-nodes per FileChangeNotify, despite the fact that popular cluster file
-systems do not offer cross-node inotify.
-
-Two changes to the configuration were required for this new subsystem:
-The parameters "change notify" and "kernel change notify" are not
-per-share anymore but must be set globally. So it is no longer
-possible to enable or disable notify per share, the notify daemon has
-no notion of a share, it only works on absolute paths.
-
-New SMB profiling code
-----------------------
-
-The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead
-of sysv IPC shared memory. This avoids performance problems and NUMA
-effects. The profile stats are a bit more detailed than before.
+NEW FEATURES/CHANGES
+====================
-Improved DCERPC man in the middle detection for kerberos
---------------------------------------------------------
+Using x86_64 Accelerated AES Crypto Instructions
+================================================
-The gssapi based kerberos backends for gensec have support for
-DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
+Samba on x86_64 can now be configured to use the Intel accelerated AES
+instruction set, which has the potential to make SMB3 signing and
+encryption much faster on client and server. To enable this, configure
+Samba using the new option --accel-aes=intelaesni.
-SMB signing required in winbindd by default
--------------------------------------------
+This is a temporary solution that is being included to allow users
+to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
+but the longer-term solution will be to move Samba to a fully supported
+external crypto library.
-The effective value for "client signing" is required
-by default for winbindd, if the primary domain uses active directory.
+The third_party/aesni-intel code will be removed from Samba as soon as
+external crypto library performance reaches parity.
-Experimental NTDB was removed
------------------------------
+The default is to build without setting --accel-aes, which uses the
+existing Samba software AES implementation.
-The experimental NTDB library introduced in Samba 4.0 has been
-removed again.
-
-Improved support for trusted domains (as AD DC)
------------------------------------------------
-
-The support for trusted domains/forests has improved a lot.
-
-samba-tool got "domain trust" subcommands to manage trusts:
-
- create - Create a domain or forest trust.
- delete - Delete a domain trust.
- list - List domain trusts.
- namespaces - Manage forest trust namespaces.
- show - Show trusted domain details.
- validate - Validate a domain trust.
-
-External trusts between individual domains work in both ways
-(inbound and outbound). The same applies to root domains of
-a forest trust. The transitive routing into the other forest
-is fully functional for kerberos, but not yet supported for NTLMSSP.
-
-While a lot of things are working fine, there are currently a few limitations:
-
- - Both sides of the trust need to fully trust each other!
- - No SID filtering rules are applied at all!
- - This means DCs of domain A can grant domain admin rights
- in domain B.
- - It's not possible to add users/groups of a trusted domain
- into domain groups.
-
-SMB 3.1.1 supported
--------------------
-
-Both client and server have support for SMB 3.1.1 now.
-
-This is the dialect introduced with Windows 10, it improves the secure
-negotiation of SMB dialects and features.
+smb.conf changes
+================
-New smbclient subcommands
--------------------------
+ Parameter Name Description Default
+ -------------- ----------- -------
+ oplock contention limit Removed
- - Query a directory for change notifications: notify <dir name>
- - Server side copy: scopy <source filename> <destination filename>
+NT4-style replication based net commands removed
+================================================
-New rpcclient subcommands
--------------------------
+The following commands and sub-commands have been removed from the
+"net" utility:
- netshareenumall - Enumerate all shares
- netsharegetinfo - Get Share Info
- netsharesetinfo - Set Share Info
- netsharesetdfsflags - Set DFS flags
- netfileenum - Enumerate open files
- netnamevalidate - Validate sharename
- netfilegetsec - Get File security
- netsessdel - Delete Session
- netsessenum - Enumerate Sessions
- netdiskenum - Enumerate Disks
- netconnenum - Enumerate Connections
- netshareadd - Add share
- netsharedel - Delete share
+net rpc samdump
+net rpc vampire ldif
-New modules
------------
+Also, replicating from a real NT4 domain with "net rpc vampire" and
+"net rpc vampire keytab" has been removed.
- idmap_script - see 'man 8 idmap_script'
- vfs_unityed_media - see 'man 8 vfs_unityed_media'
- vfs_shell_snap - see 'man 8 vfs_shell_snap'
+The NT4-based commands were accidentially broken in 2013, and nobody
+noticed the breakage. So instead of fixing them including tests (which
+would have meant writing a server for the protocols, which we don't
+have) we decided to remove them.
-######################################################################
-Changes
-#######
+For the same reason, the "samsync", "samdeltas" and "database_redo"
+commands have been removed from rpcclient.
-smb.conf changes
-----------------
-
- Parameter Name Description Default
- -------------- ----------- -------
- logging New (empty)
- msdfs shuffle referrals New no
- smbd profiling level New off
- spotlight New no
- tls priority New NORMAL:-VERS-SSL3.0
- use ntdb Removed
- change notify Changed to [global]
- kernel change notify Changed to [global]
- client max protocol Changed default SMB3_11
- server max protocol Changed default SMB3_11
-
-Removed modules
----------------
-
-vfs_notify_fam - see section 'New FileChangeNotify subsystem'.
+"net rpc vampire keytab" from Active Directory domains continues to be
+supported.
KNOWN ISSUES
============
-Currently none.
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.8#Release_blocking_bugs
+
#######################################
Reporting bugs & Development Discussion
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
-be filed under the Samba 4.3 product in the project's Bugzilla
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
git.samba.org / nivanova / samba-autobuild / .git / blobdiff