+++ /dev/null
-This file aims to document the major changes since the latest released version
-of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
-and uses a different internal format for most data. Since this
-file is an initial draft, please update missing items.
-
-One of the main goals of Samba 4 was Active Directory Domain Controller
-support. This means Samba now implements several protocols that are required
-by AD such as Kerberos and DNS.
-
-An (experimental) upgrade script that performs a one-way upgrade
-from Samba 3 is available in source/setup/upgrade.
-
-Removal of nmbd and introduction of process models
-==================================================
-smbd now implements several network protocols other than just CIFS and
-DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
-various 'process models' that specify how concurrent connections are
-handled (when to fork, use threads, etc).
-
-Introduction of LDB
-===================
-Samba now stores most of its persistent data in a LDAP-like database
-called LDB (see ldb(7) for more info).
-
-Removed SWAT
-==================
-Unlike previous versions, Samba4 does not provide a web interface at this time.
-
-Built-in KDC
-============
-Samba4 ships with an integrated KDC (Kerberos Key Distribution
-Center). Backed directly onto our main internal database, and
-integrated with custom code to handle the PAC, Samba4's KDC is an
-integral part of our support for AD logon protocols.
-
-Built-in LDAP Server
-====================
-Like the situation with the KDC, Samba4 ships with it's own LDAP
-server, included to provide simple, built-in LDAP services in an AD
-(rather than distinctly standards) matching manner. The database is
-LDB, and it shares that in common with the rest of Samba.
-
-Changed configuration options
-=============================
-Several configuration options have been removed in Samba4 while others have
-been introduced. This section contains a summary of changes to smb.conf and
-where these settings moved. Configuration options that have disappeared may be
-re-added later when the functionality that uses them gets reimplemented in
-Samba 4.
-
-The 'security' parameter has been split up. It is now only used to choose
-between the 'user' and 'share' security levels (the latter is not supported
-in Samba 4 yet). The other values of this option and the 'domain master' and
-'domain logons' parameters have been merged into a 'server role' parameter
-that can be either 'domain controller', 'member server' or 'standalone'. Note that
-member server support does not work yet.
-
-The following parameters have been removed:
-- passdb backend: accounts are now stored in a LDB-based SAM database
-- update encrypted
-- public
-- guest ok
-- client schannel
-- server schannel
-- allow trusted domains
-- hosts equiv
-- map to guest
-- smb passwd file
-- algorithmic rid base
-- root directory
-- root dir
-- root
-- guest account
-- enable privileges
-- pam password change
-- passwd program
-- passwd chat debug
-- passwd chat timeout
-- check password script
-- username map
-- username level
-- unix password sync
-- restrict anonymous
-- username
-- user
-- users
-- invalid users
-- valid users
-- admin users
-- read list
-- write list
-- printer admin
-- force user
-- force group
-- group
-- write ok
-- writeable
-- writable
-- acl check permissions
-- acl group control
-- acl map full control
-- create mask
-- create mode
-- force create mode
-- security mask
-- force security mode
-- directory mask
-- directory mode
-- force directory mode
-- directory security mask
-- force directory security mode
-- force unknown acl user
-- inherit permissions
-- inherit acls
-- inherit owner
-- guest only
-- only guest
-- only user
-- allow hosts
-- deny hosts
-- preload modules
-- use kerberos keytab
-- syslog
-- syslog only
-- max log size
-- debug timestamp
-- timestamp logs
-- debug hires timestamp
-- debug pid
-- debug uid
-- allocation roundup size
-- aio read size
-- aio write size
-- aio write behind
-- large readwrite
-- protocol
-- read bmpx
-- reset on zero vc
-- acl compatibility
-- defer sharing violations
-- ea support
-- nt acl support
-- nt pipe support
-- profile acls
-- map acl inherit
-- afs share
-- max ttl
-- client use spnego
-- enable asu support
-- svcctl list
-- block size
-- change notify timeout
-- deadtime
-- getwd cache
-- keepalive
-- kernel change notify
-- lpq cache time
-- max smbd processes
-- max disk size
-- max open files
-- min print space
-- strict allocate
-- sync always
-- use mmap
-- use sendfile
-- hostname lookups
-- write cache size
-- name cache timeout
-- max reported print jobs
-- load printers
-- printcap cache time
-- printcap name
-- printcap
-- printing
-- cups options
-- cups server
-- iprint server
-- print command
-- disable spoolss
-- enable spoolss
-- lpq command
-- lprm command
-- lppause command
-- lpresume command
-- queuepause command
-- queueresume command
-- enumports command
-- addprinter command
-- deleteprinter command
-- show add printer wizard
-- os2 driver map
-- use client driver
-- default devmode
-- force printername
-- mangling method
-- mangle prefix
-- default case
-- case sensitive
-- casesignames
-- preserve case
-- short preserve case
-- mangling char
-- hide dot files
-- hide special files
-- hide unreadable
-- hide unwriteable files
-- delete veto files
-- veto files
-- hide files
-- veto oplock files
-- map readonly
-- mangled names
-- mangled map
-- max stat cache size
-- stat cache
-- store dos attributes
-- machine password timeout
-- add user script
-- rename user script
-- delete user script
-- add group script
-- delete group script
-- add user to group script
-- delete user from group script
-- set primary group script
-- add machine script
-- shutdown script
-- abort shutdown script
-- username map script
-- logon script
-- logon path
-- logon drive
-- logon home
-- domain logons
-- os level
-- lm announce
-- lm interval
-- domain master
-- browse list
-- enhanced browsing
-- wins proxy
-- wins hook
-- wins partners
-- blocking locks
-- fake oplocks
-- kernel oplocks
-- locking
-- lock spin count
-- lock spin time
-- level2 oplocks
-- oplock break wait time
-- oplock contention limit
-- posix locking
-- share modes
-- ldap server
-- ldap port
-- ldap admin dn
-- ldap delete dn
-- ldap group suffix
-- ldap idmap suffix
-- ldap machine suffix
-- ldap passwd sync
-- ldap password sync
-- ldap replication sleep
-- ldap suffix
-- ldap ssl
-- ldap timeout
-- ldap page size
-- ldap user suffix
-- add share command
-- change share command
-- delete share command
-- eventlog list
-- utmp directory
-- wtmp directory
-- utmp
-- default service
-- default
-- message command
-- dfree cache time
-- dfree command
-- get quota command
-- set quota command
-- remote announce
-- remote browse sync
-- homedir map
-- afs username map
-- afs token lifetime
-- log nt token command
-- time offset
-- NIS homedir
-- preexec
-- exec
-- preexec close
-- postexec
-- root preexec
-- root preexec close
-- root postexec
-- set directory
-- wide links
-- follow symlinks
-- dont descend
-- magic script
-- magic output
-- delete readonly
-- dos filemode
-- dos filetimes
-- dos filetime resolution
-- fake directory create times
-- panic action
-- vfs objects
-- vfs object
-- msdfs root
-- msdfs proxy
-- host msdfs
-- enable rid algorithm
-- passdb expand explicit
-- idmap backend
-- idmap uid
-- winbind uid
-- idmap gid
-- winbind gid
-- template homedir
-- template shell
-- winbind separator
-- winbind cache time
-- winbind enum users
-- winbind enum groups
-- winbind use default domain
-- winbind trusted domains only
-- winbind nested groups
-- winbind max idle children
-- winbind nss info
-
-The following parameters have been added:
-+ rpc big endian (G)
- Make Samba fake it is running on a bigendian machine when using DCE/RPC.
- Useful for debugging.
-
- Default: no
-
-+ case insensitive filesystem (S)
- Set to true if this share is located on a case-insensitive filesystem.
- This disables looking for a filename by trying all possible combinations of
- uppercase/lowercase characters and thus speeds up operations when a
- file cannot be found.
-
- Default: no
-
-+ setup directory
- Path to data used by provisioning script.
-
- Default: Set at compile-time
-
-+ ncalrpc dir
- Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
-
- Default: Set at compile-time
-
-+ ntvfs handler
- Backend to the NT VFS to use (more than one can be specified). Available
- backends include:
-
- - posix:
- Maps POSIX FS semantics to NT semantics
-
- - simple:
- Very simple backend (original testing backend).
-
- - unixuid:
- Sets up user credentials based on POSIX gid/uid.
-
- - cifs:
- Proxies a remote CIFS FS. Mainly useful for testing.
-
- - nbench:
- Filter module that saves data useful to the nbench benchmark suite.
-
- - ipc:
- Allows using SMB for inter process communication. Only used for
- the IPC$ share.
-
- - print:
- Allows printing over SMB. This is LANMAN-style printing (?), not
- the be confused with the spoolss DCE/RPC interface used by later
- versions of Windows.
-
- Default: unixuid default
-
-+ ntptr providor
- FIXME
-
-+ dcerpc endpoint servers
- What DCE/RPC servers to start.
-
- Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
-
-+ server services
- Services Samba should provide.
-
- Default: smb rpc nbt wrepl ldap cldap web kdc
-
-+ spoolss database
- Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
-
- Default: set at compile-time
-
-+ wins config database
- WINS configuration database location. This should be a LDB URL.
-
- Default: set at compile-time
-
-+ wins database
- WINS database location. This should be a LDB URL.
-
- Default: set at compile-time
-
-+ client use spnego principal
- Tells the client to use the Kerberos service principal specified by the
- server during the security protocol negotation rather than
- looking up the principal itself (cifs/hostname).
-
- Default: false
-
-+ nbt port
- TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
-
- Default: 137
-
-+ dgram port
- UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
-
- Default: 138
-
-+ cldap port
- UDP/IP port used by the CLDAP protocol.
-
- Default: 389
-
-+ krb5 port
- IP port used by the kerberos KDC.
-
- Default: 88
-
-+ kpasswd port
- IP port used by the kerberos password change protocol.
-
- Default: 464
-
-+ web port
- TCP/IP port SWAT should listen on.
-
- Default: 901
-
-+ tls enabled
- Enable TLS support for SWAT
-
- Default: true
-
-+ tls keyfile
- Path to TLS key file (PEM format) to be used by SWAT. If no
- path is specified, Samba will create a key.
-
- Default: none
-
-+ tls certfile
- Path to TLS certificate file (PEM format) to be used by SWAT. If no
- path is specified, Samba will create a certificate.
-
- Default: none
-
-+ tls cafile
- Path to CA authority file Samba will use to sign TLS keys it generates. If
- no path is specified, Samba will create a self-signed CA certificate.
-
- Default: none
-
-+ tls crlfile
- Path to TLS certificate revocation lists file.
-
- Default: none
-
-+ swat directory
- SWAT data directory.
-
- Default: set at compile-time
-
-+ large readwrite
- Indicate the CIFS server is able to do large reads/writes.
-
- Default: true
-
-+ unicode
- Enable/disable unicode support in the protocol.
-
- Default: true
git.samba.org / nivanova / samba-autobuild / .git / commitdiff