- WHATS NEW IN Samba 3.0 alphaX
- =============================
+ WHATS NEW IN Samba 3.0 alpha24
+ 14th May 2003
+ ==============================
-Changes in alpha17
-- OpenLinux packaging updates (jht)
-- Locking updates - fix zero timeout (tridge, jra)
-- Default ACL support (jra, based on code from Olaf Frczyk <olaf@cbk.poznan.pl>)
-- printing updates - spoolss stuff (tpot)
-- 'make install' directory creation fixes (abartlet)
-- Lots of fixes for SID handling, local v domain sids etc
-- better mangle debugging (abartlet)
-- fixes to allow 'net' to return more than 1000 users from ADS (jmcd)
- - winbind support to come very shortly
-- lock some more tdbs to allow concurrent access for backups
-- 'net' help cleanups (jmcd)
-- 'net join' automatic transport detection
-
-Changes in alpha16
-- LDAP schema updates (jerry)
-- initial ADS LDAP printer advertising (jmcd)
-- spoolss and printing updates (tpot, jerry)
- (the is the major update in this alpha, and work continues)
-- Winbindd connection cache improvements (abartlet)
-- spnego segfault fixes (abartlet)
-- net ads segfault fixes ( Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
-- header cleanups (tpot)
-- Serialise domain auth requests - win2k bug (tridge)
-- fix winbind talloced memory leak (dleducq@arkoon.net, tridge)
-- call unmangle in don_unmangle (abartlet)
-- UTF8 Charset functions - for ADS LDAP calls (Hasch@t-online.de)
-- Fix security tab for mapped drives on unicode clients (tridge)
-- Better configure tests for snprintf and immidiate structures (abartlet)
-- allow 'passdb backend = plugin : /path/to/plugin.so : plguin args'
- (loads a passdb module) (Jelmer Vernooij <jelmer@nl.linux.org>)
-- change the way we store our domain join info - you will need to
-rejoin the domain (tridge)
-- xcopy /o fixes (tridge)
-- fix the 'convert_string' level 0 debugs.
-- Patch for Domain users not showing up from "Ivan Zhakov" <vunny@mail.ru>
-- tdb backup support
-- The beginning of trusted and trusting domain support - net commands
- (Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>)
-- nmbd signal processing fixes (jra)
-- lseek-on-pipe support (jra)
-- Allow Samba to trust NT4 Domains (abartlet)
-- LDAPsam updates (abartlet):
- - Now runtime selectable (when configured)
- - ldap user suffix and ldap group suffix support.
- - non unix account support
- - select with 'passdb backend = ldapsam' or 'passdb backend =
- ldapsam_nua'
-- start to allow NT4 domains to trust Samba, netlogon fixes (abartlet)
-- make default unix charset UTF8 (tridge)
-- Fix SIGSEGV on error message when trying to add a user to smbpasswd
-file without a unix account (jmcd)
-- better detection of dead ADS connections, so we have some chance of
-reconnecting (tridge)
-- removed bogus prepend_domain() call which was screwing up getpwuid()
-with the new default domain code
-- Domain/workstation SID fixes.
-- patch from Alexey Kotovich <a.kotovich@sam-solutions.net> that adds
- the security decsriptor code for ADS workstation accounts.
- (allow self password change, self remove)
- (after much review and disscussion with abartlet and tridge)
-
-Changes in alpha15
-- Improvements in pam_winbind/winbindd_pam.c: (abartlet)
- - Much better error reporting
- - Password changing is now stackable
- - now returns multiple PAM errors based on the NTSTATUS
- that winbind got.
- - returns an error string the client can use in their own logs.
-- Print form updates (tpot)
-- added 'wbinfo --sequence' to show sequence numbers of
- all domains (tridge)
-- better winbind memory mangement (tridge)
-- make signal processing work correctly in winbindd
- Michael Steffens <michael_steffens@hp.com>
-- Inital ADS printer publishing work. (jmcd)
-- Debian packaging
-- large debian packaging checking from Eloy. (merge by jerry)
-- Make smbgroupedit a little easier on the user (select groups
- by name rather than by sid) (abartlet)
-- rework parts of smbtorture (tridge)
-
-Changes in alpha14
-- 'Winbind Default Domain' support:
- This allows winbind to supply usernames without a 'DOMAIN\'
- prefix. Particularly handy for shell and e-mail servers,
- as well as Unix workstations in NT domains.
-- Associated cleanups in winbindd and smbd.
- (Alexander Bokovoy <a.bokovoy@sam-solutions.net> and
- abartlet)
-- Winbind protocol changes for better Squid intergration
- (current version is 3) (abartlet)
-- pam_winbind password changing
- (Samuel Ziegler <sam@xpedion.com>, tpot)
-- runtime selectable pluggable passdb interface.
- (abartlet)
-- 'non unix account' support (abartlet)
- (This allows machines and even users not to exist
- in /etc/passwd)
-- Inital implementation of the WINS replication deamon
- (jfm)
-- Changes for better winbind PDC/BDC failover support
- (tpot)
-- Various Winbind/ADS mode stabilty and flexablity fixes
- (tridge)
-- Mangle names like .bashrc properly (trige)
-- CIFS UNIX extensions (client and server) (jra)
-- Universal group support outside smbd (via a cache)
- (Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
-- Write cache fixes (jra)
-
-Changes in alpha13
-- updates to try to get more out-of-the-box compiles
- (mostly kerberos and ldap stuff) (various)
-- 'net rpc shutdown' remote shutdown of servers
- (abartlet, original code from idra)
-- authentication subsystem rework, including move to
- new RPC client code (abartlet)
-- winbind changes:
- - use new client code (abartlet)
- - change winbind_auth_pam_crap interface for squid's
- benifit. (abartlet)
- - new interface versioning functionality (abartlet)
- - cope better when inteface does change (tpot)
- - better winbind trusted domain code (tpot)
-- doc updates (jerry)
-- new NTSTAUS -> DOS error map (abartlet)
-- large user list (> 1500) enumeration (jra)
-- dmalloc support (mbp)
-- spoolss changes (tpot)
-- talloc accounting (mbp)
-- rename fixes (jra)
-- smbmount trivial fixup (abartlet)
-- start of new unix extenions to CIFS (jra)
-
-Changes in alpha12
-- doc updates (jerry)
-- store domain sid on ADS join (tridge)
-- allow a winbind username on ADS connection (tridge)
-
-Changes in alpha11
-- fixed fallback to "ads server" option (tridge)
-- fix ACL failure on HP HFS (jra)
-- net ads password and net ads chostpass commands (Remus Koos)
-- fixed valid char array generation (tridge)
-- fixed QFS_INFO for win98 long filenames (tridge)
-- added net lookup command (tridge)
-- fixed map to guest with spnego (tridge)
-- fixed irix warnings (tridge)
-
-
-Changes in alpha10
-- hide unreadable fix using acl fns (jra)
-- lsa_open_policy cleanup (jfm)
-- mangled directories fix (jra)
-- fix error return on bad pipe (jra)
-- fix homes share with no home dir (tpot)
-- fixed handling of dead or empty domains in winbindd (tridge)
-- added talloc torture program (mbp)
-- talloc debug code (mbp)
-- added trusted domains to winbindd/ADS (tridge)
-- fix trusted domains in auth code (tridge)
-- new gss error handling code (a.bokovoy@sam-solutions.net & tridge)
-- support mixed ADS/NT4 domains (tridge)
-
-Changes in alpha9
-- nicer net error messages (tpot)
-- trust account patches (mimir)
-- solaris link option update (davecb)
-- added lsa_query_secobj() server fn (jfm)
-- spoolss changeid fix (jerry)
-- domain auth error fix (jmcd)
-- HPUX acl code (jra)
-- set filetime on close fix (jra)
-- allow select of org unit in ads join (tridge)
-
-Changes in alpha8
-- fixed compile of wb_client.c (tridge)
-- fixed net time to use localtime (tridge)
-- net help cleanups (jmcd)
-- debug level fix (tpot)
-- utmp string length fixes (monyo)
-
-
-Changes in alpha7
-
-- added "net ads info" to probe basic into on your ads server without
- any authentication
-- improved some error handling
-
-Changes in alpha6
-
-- added "net time zone" command (tridge)
-- pam_smbpass updates (a.bokovoy@sam-solutions.net)
-- irix updates (herb)
-- net rpc join handles existing machine acct (tridge)
-
-Changes in alpha5
-
-- added "net time" command (tridge)
-- allow client tools to specify a hostname of form HOST#xx (tridge)
-- added wbinfo --set-auth-user (tpot)
-- added lsaquerysecobj to rpcclient (tpot)
-
-Changes in alpha4
-
-- fixed nexus/win9x user list (jfm)
-- fixed large user/group lists in winbindd (tridge)
-- fixed gssapi headers in redhat (jmcd)
-- fixed rap error code handling (jra)
-- more usermanager rpc calls (jfm)
-- re-added RAP calls at top level to net command (tridge)
-
-Changes in alpha3
-
-- fixed a silly tdb bug in alpha2 that affected internal databases
-
-Changes in alpha2
-
-- we no longer use cyrus-sasl for LDAP SASL/gssapi. This makes our ADS
- code much more robust.
-- winbindd cache code rewritten to be much more efficient. It also
- copes much better with server outages.
-- jfm implemented full group mapping and smb.conf option 'domain admin
- group' is now gone. Consult the GROUP-MAPPING-HOWTO.txt to know how
- to gain back administrator rights.
-- docs update started
-- numerous small bugfixes
-
-Changes in alpha1
-
- - winbindd now uses LDAP and works correctly with an ADS server in
- native mode
- - XFS quotas code on Linux
- - group mapping code from JFM
- - "net rpc join" command replaces smbpasswd -j
- - fixed winbind initgroups
-
---------------
-
-This is a pre-release of Samba 3.0 alpha0. This is NOT a stable
-release. Use at your own risk.
+This is a pre-release of Samba 3.0. This is NOT a stable release.
+Use at your own risk.
The purpose of this alpha release is to get wider testing of the major
-new pieces of code in the current Samba 3.0 development tree. We are
-planning on ceasing development on the 2.2.x release of Samba very
-shortly and after that we will be concentrating on Samba 3.0. To
-reduce the time before the final Samba 3.0 release we need as many
-poeple as possible to start testing these alpha releases, and
-hopefully giving us some high quality feedback on what needs fixing.
-
-Note that Samba 3.0 is not anywhere near feature complete yet. There
-is a lot more coding we have planned, but unless we get what we have
-done already more widely tested we will have a hard time doing a
-stable release in a reasonable time frame.
-
-This release is also missing major pieces of documentation, and there
-are many parts of the docs that have not been updated to reflect the
-new options and features in 3.0.
+new pieces of code in the current Samba 3.0 development tree. We have
+officially ceased development on the 2.2.x release of Samba and are
+concentrating on Samba 3.0. To reduce the time before the final Samba 3.0
+release we need as many people as possible to start testing these alpha
+releases, and hopefully giving us some high quality feedback on what needs
+fixing.
+
+Note that Samba 3.0 is not feature complete yet. There is a more
+coding we have planned, but unless we get what we have done already more
+widely tested we will have a hard time doing a stable release in a
+reasonable time frame.
Major new features:
-------------------
- Active Directory support. This release is able to join a ADS realm
- as a member server and authenticate users using
- LDAP/kerberos. Please read ADS-HOWTO.txt in the release for a very
- rough guide on how to set this up.
+ as a member server and authenticate users using LDAP/kerberos.
-- Unicode support. Samba will now negotiate unicode on the wire and
- interally there is now a much better infrastructure for multi-byte
- and unicode character sets. You may need the "dos charset", "unix
- charset" and "display charset" options. The unicode support is not
- yet documented.
+- Unicode support. Samba will now negotiate UNICODE on the wire and
+ internally there is now a much better infrastructure for multi-byte
+ and UNICODE character sets.
- New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
- but the new auth system is also very configurable. Not documented
- yet.
+ but the new auth system is also very configurable.
- new filename mangling system. The filename mangling system has been
completely rewritten. An internal database now stores mangling maps
- persistantly. This needs lots of testing.
+ persistently. This needs lots of testing.
- new "net" command. A new "net" command has been added. It is
somewhat similar to the "net" command in windows. Eventually we plan
- Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
-- better w2k printing support. The support for printing from win2000
- clients has improved greatly.
+- better w2k printing support including publishing printer
+ attributes in active directory
-Plus lots of other changes!
+- new loadable RPC modules
+
+- new dual-daemon winbindd support for better performance
-Note that many new features are not documented. Don't let this stop
-you from using Samba 3.0. It is particularly important that the basic
-file/print serving abilities of Samba 3.0 are widely tested to ensure
-that we have not broken any of the basic functionality. As we do more
-alpha releases we will start to document the new features.
+- support for migrating from a Windows NT 4.0 domain
+
+- support for establishing trust relationships with Windows NT 4.0
+ domain controllers
+
+Plus lots of other changes!
Reporting bugs & Development Discussion
---------------------------------------
Please discuss this release on the samba-technical mailing list or by
-joining the #samba-technical IRC channel on irc.openprojects.net
+joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.
+
+Changes in alpha24:
+-------------------
+
+ LDAP Schema Changes
+ -------------------
+ A new objectclass (sambaSamAccount) has been introduced to replace the old
+ sambaAccount. This change aids us in the renaming of attributes to prevent
+ clashes with attributes from other vendors. There is a conversion script
+ (examples/LDAP/convertSambaAccount) to modify and LDIF file to the new schema.
+
+ Example:
+
+ $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
+ $ convertSambaAccount <DOM SID> old.ldif new.ldif
+
+ The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
+ on the Samba PDC as root.
+
+ The sambaDomain and sambaGroupMapping objects have also been modified
+ to use the new attribute naming conventions as well. There are no
+ conversion scripts for this data since the old schema was never published
+ in a stable release.
+
+ The old sambaAccount schema may still be used by specifying the
+ "ldapsam_compat" passdb backend.
+
+ Parameters
+ ----------
+
+ Removed Parameters
+
+ * total print jobs
+
+ Known Issues
+ ------------
+
+ The following are known issues with this release and will be corrected
+ in future versions:
+
+ 1) Automatically generating accounts for users and groups from
+ trusted domains when Samba is acting as a PDC
+ 2) Maintaining idmap ID's in a LDAP directory in order to implement
+ a distributed winbind solution
+
+ ChangeLog
+ ---------
+
+ See cvs log for SAMBA_3_0 for complete details. There are many
+ smaller numerous changes that would clutter the release notes.
+
+1) Fix policy handle leak and crash bug in rpc printing code
+2) Changed the order of checking whether a SID is a UID or a GID
+ in posix acls
+3) Merge of winbind nss cleanup from HEAD branch
+4) Inclusion of idmap backend for mapping SIDs to uids/gids
+5) Fix for very subtle POSIX lock interaction race condition
+6) Re-fix close of delete semantics
+7) Inclusion of schannel functionality (merged from SAMBA_TNG)
+8) Remove unixsam passdb
+9) Add debugging code to decode the Win2k PAC
+10) Very large amounts of documentation fixes (including the move from
+ SGML->XML DocBook)
+11) Fix support for local_password_change() in pam_smbpass
+12) Ensure we have WinXP-like semantics for checking TIDs and FIDs
+13) More print job change notify fixes
+14) Handle deep referrals in MS-DFS code
+15) Add echo named pipe for testing purposes
+16) Workaround streams leak on SCO openserver 5.0.x
+17) Lots of popt changes to command line tools
+18) Use the new modules system for passdb (merge from HEAD)
+19) Inclusion of editreg.c for editing Windows NT+registry files off line
+20) Fix byte ordering when using CIDR notation in hosts allow/deny (again)
+21) Replace smbgroupedit tool with 'net groupmap'
+22) Merge SMB Signing, NTLMv2 and NTLMSSP fixes from HEAD branch
+23) Merge of trusted domain code from HEAD branch
+24) Fix up crashes in lanman printing code (e.g. disable spoolss = yes)
+25) Store the IP address in the utmp record when possible
+26) Fix bug in FindFirst code and OS/2 clients
+27) Fix local master browsing bug when synchronizing browse lists
+28) Fix browse synchronization when primary interface is no listed
+ in the interfaces list and "bind interfaces only" is enabled.
+29) removed ldapsam_nua and tdbsam_nua passdb backends (replaced by idmap)
+30) Include support for storing next rid value in LDAP using a
+ sambaDomain object
+31) Removed "printing = SOFTQ" option
+32) Fix winbindd dual mode
+33) Revert from wins.tdb back to wins.dat (flat text file)
+34) More Trust relationship fixes
+35) More quota fixes (including server support for NT quota info levels)
+36) VFS API has been stabilized and is feature full for final release
git.samba.org / sfrench / samba-autobuild / .git / blobdiff