X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=WHATSNEW.txt;h=dd60cd25bd65666fd5d2d4e19973aa99e9c0d3a3;hp=436d9bfdde02d30e7c06355022cdb7d552b4dc15;hb=ae2454c5be4a8314e504e65d46d1caaeff36fb31;hpb=aaee982b4a5c4f1f7c5d4146be9d178b53907067 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 436d9bfdde0..dd60cd25bd6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,203 +1,34 @@ Release Announcements ===================== -This is the first preview release of Samba 4.5. This is *not* +This is the first preview release of Samba 4.7. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Samba 4.5 will be the next version of the Samba suite. +Samba 4.7 will be the next version of the Samba suite. UPGRADING ========= -NTLMv1 authentication disabled by default ------------------------------------------ - -In order to improve security we have changed -the default value for the "ntlm auth" option from -"yes" to "no". This may have impact on very old -client which doesn't support NTLMv2 yet. - -The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x. - -By default Samba will only allow NTLMv2 via NTLMSSP now, -as we have the following default "lanman auth = no", -"ntlm auth = no" and "raw NTLMv2 auth = no". - NEW FEATURES/CHANGES ==================== -Support for LDAP_SERVER_NOTIFICATION_OID ----------------------------------------- - -The ldap server has support for the LDAP_SERVER_NOTIFICATION_OID -control. This can be used to monitor the active directory database -for changes. - -KCC improvements for sparse network replication ------------------------------------------------ - -The Samba KCC will now be the default knowledge consistency checker in -Samba AD. Instead of using full mesh replication between every DC, the -KCC will set up connections to optimize replication latency and cost -(using site links to calculate the routes). This change should allow -larger domains to function significantly better in terms of replication -traffic and the time spent performing DRS replication. - -VLV - Virtual List View ------------------------ - -The VLV Control allows applications to page the LDAP directory in the -way you might expect a live phone book application to operate, without -first downloading the entire directory. - -DRS Replication for the AD DC ------------------------------ - -DRS Replication in Samba 4.5 is now much more efficient in handling -linked attributes, particularly in large domains with over 1000 group -memberships or other links. - -Replication is also much more reliable in the handling of tree -renames, such as the rename of an organizational unit containing many -users. Extensive tests have been added to ensure this code remains -reliable, particularly in the case of conflicts between objects added -with the same name on different servers. - -Schema updates are also handled much more reliably. - -replPropertyMetaData Changes ----------------------------- - -During the development of the DRS replication, tests showed that Samba -stores the replPropertyMetaData object incorrectly. To address this, -be aware that dbcheck will now detect and offer to fix all objects in -the domain for this error. - -Linked attributes on deleted objects ------------------------------------- - -In Active Directory, an object that has been tombstoned or recycled -has no linked attributes. However, Samba incorrectly maintained such -links, slowing replication and run-time performance. dbcheck now -offers to remove such links, and they are no longer kept after the -object is tombstoned or recycled. - -Improved AD DC performance --------------------------- - -Many other improvements have been made to our LDAP database layer in -the AD DC, to improve performance, both during samba-tool domain -provision and at runtime. - -Other dbcheck improvements --------------------------- - - - samba-tool dbcheck can now find and fix a missing or corrupted - 'deleted objects' container. - - BUG 11433: samba-dbcheck no longer offers to resort auxiliary class values - in objectClass as these were then re-sorted at the next dbcheck indefinitely. - -Tombstone Reanimation ---------------------- - -Samba now supports tombstone reanimation, a feature in the AD DC -allowing tombstones, that is objects which have been deleted, to be -restored with the original SID and GUID still in place. - -Multiple DNS Forwarders on the AD DC ------------------------------------- - -Multiple DNS forwarders are now supported on the AD DC, allowing -samba to fall back between two different DNS servers for forwarded queries. - -Password quality plugin support in the AD DC --------------------------------------------- - -The check password script now operates correctly in the AD DC (this -was silently ignored in past releases) - -pwdLastSet is now correctly honoured ------------------------------------- - -BUG 9654: the pwdLastSet attribute is now correctly handled (this previously -permitted passwords that next expire). - -net ads dns unregister ----------------------- - -It is now possible to remove the DNS entries created with 'net ads register' -with the matching 'net ads unregister' command. - -Samba-tool improvements ------------------------- - -Running samba-tool on the command line should now be a lot snappier. The tool -now only loads the code specific to the subcommand that you wish to run. - -SMB 2.1 Leases enabled by default ---------------------------------- - -Leasing is an SMB 2.1 (and higher) feature which allows clients to -aggressively cache files locally above and beyond the caching allowed -by SMB 1 oplocks. This feature was disabled in previous releases, but -the SMB2 leasing code is now considered mature and stable enough to be -enabled by default. - -Open File Description (OFD) Locks ---------------------------------- - -On systems that support them (currently only Linux), the fileserver now -uses Open File Description (OFD) locks instead of POSIX locks to implement -client byte range locks. As these locks are associated with a specific -file descriptor on a file this allows more efficient use when multiple -descriptors having file locks are opened onto the same file. An internal -tunable "smbd:force process locks = true" may be used to turn off OFD -locks if there appear to be problems with them. - -Password sync as active directory domain controller ---------------------------------------------------- - -The new commands 'samba-tool user getpassword' -and 'samba-tool user syncpasswords' provide -access and syncing of various password fields. - -If compiled with GPGME support (--with-gpgme) it's -possible to store cleartext passwords in a PGP/OpenGPG -encrypted form by configuring the new "password hash gpg key ids" -option. This requires gpgme devel and python packages to be installed -(e.g. libgpgme11-dev and python-gpgme on debian/ubuntu). - - -REMOVED FEATURES -================ - -only user and username parameters ---------------------------------- -These two parameters have long been deprecated and superseded by -"valid users" and "invalid users". - smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- - kccsrv:samba_kcc Changed default yes - ntlm auth Changed default no - only user Removed - password hash gpg key ids New - smb2 leases Changed default yes - username Removed KNOWN ISSUES ============ -Currently none. +https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs + ####################################### Reporting bugs & Development Discussion