4 This is the first release candidate of Samba 4.2. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.2 will be the next version of the Samba suite.
15 Read the "Winbindd/Netlogon improvements" section (below) carefully!
21 Transparent File Compression
22 ============================
24 Samba 4.2.0 adds support for the manipulation of file and folder
25 compression flags on the Btrfs filesystem.
26 With the Btrfs Samba VFS module enabled, SMB2+ compression flags can
27 be set remotely from the Windows Explorer File->Properties->Advanced
28 dialog. Files flagged for compression are transparently compressed
29 and uncompressed when accessed or modified.
31 Previous File Versions with Snapper
32 ===================================
34 The newly added Snapper VFS module exposes snapshots managed by
35 Snapper for use by Samba. This provides the ability for remote
36 clients to access shadow-copies via Windows Explorer using the
37 "previous versions" dialog.
39 Winbindd/Netlogon improvements
40 ==============================
42 The whole concept of maintaining the netlogon secure channel
43 to (other) domain controllers is rewritten in order to maintain
44 global state in a netlogon_creds_cli.tdb. This is the proper fix
45 for a large number of bugs:
47 https://bugzilla.samba.org/show_bug.cgi?id=6563
48 https://bugzilla.samba.org/show_bug.cgi?id=7944
49 https://bugzilla.samba.org/show_bug.cgi?id=7945
50 https://bugzilla.samba.org/show_bug.cgi?id=7568
51 https://bugzilla.samba.org/show_bug.cgi?id=8599
53 In addition a strong session key is required by default now,
54 which means that communication to older servers or clients
55 might be rejected by default.
57 For the client side we the following new options:
58 "require strong key" (yes by default), "reject md5 servers" (no by default).
59 E.g. for Samba 3.0.37 you need "require strong key = no" and
60 for NT4 DCs you need "require strong key = no" and "client NTLMv2 auth = no",
62 On the server side (as domain controller) we have the following new options:
63 "allow nt4 crypto" (no by default), "reject md5 client" (no by default).
64 E.g. in order to allow Samba < 3.0.27 or NT4 members to work
65 you need "allow nt4 crypto = yes"
67 winbindd does not list group memberships for display purposes
68 (e.g. getent group <domain\<group>) anymore by default.
69 The new default is "winbind expand groups = 0" now,
70 the reason for this is the same as for "winbind enum users = no"
71 and "winbind enum groups = no". Providing this information is not always
72 reliably possible, e.g. if there're trusted domains.
74 Please consult the smb.conf manpage for more details of this new options.
76 Larger IO sizes for SMB2/3 by default
77 =====================================
79 The default values for "smb2 max read", "smb2 max write" and "smb2 max trans"
80 have been changed to 8388608 (8MiB) in order to match the default of
83 Improved DCERPC man in the middle detection
84 ===========================================
86 The DCERPC header signing has been implemented
87 in addition to the dcerpc_sec_verification_trailer
90 Overhauled "net idmap" command
91 ==============================
93 The command line interface of the "net idmap" command has been
94 systematized and subcommands for reading and writing the autorid idmap
95 database have been added. Note that the writing commands should be
96 used with great care. See the net(8) manual page for details.
101 The tdb library, our core mechanism to store Samba-specific data on disk and
102 share it between processes, has been improved to support process shared robust
103 mutexes on Linux. These mutexes are available on Linux and Solaris and
104 significantly reduce the overhead involved with tdb. To enable mutexes for
107 dbwrap_tdb_mutexes:* = yes
109 in the [global] section of your smb.conf.
111 Tdb has furthermore improved to manage its file space more efficiently. This
112 will lead to smaller and less fragmented databases.
114 Messaging improvements
115 ======================
117 Our internal messaging subsystem, used for example for things like oplock
118 break messages between smbds or setting a process debug level dynamically, has
119 been rewritten to use unix domain datagram messages.
122 ######################################################################
129 Parameter Name Description Default
130 -------------- ----------- -------
132 allow nt4 crypto New no
133 neutralize nt4 emulation New no
134 reject md5 client New no
135 reject md5 servers New no
136 require strong key New yes
137 smb2 max read Changed default 8388608
138 smb2 max write Changed default 8388608
139 smb2 max trans Changed default 8388608
140 winbind expand groups Changed default 0
146 #######################################
147 Reporting bugs & Development Discussion
148 #######################################
150 Please discuss this release on the samba-technical mailing list or by
151 joining the #samba-technical IRC channel on irc.freenode.net.
153 If you do report problems then please try to send high quality
154 feedback. If you don't provide vital information to help us track down
155 the problem then you will probably be ignored. All bug reports should
156 be filed under the Samba 4.2 product in the project's Bugzilla
157 database (https://bugzilla.samba.org/).
160 ======================================================================
161 == Our Code, Our Bugs, Our Responsibility.
163 ======================================================================