1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/WHATSNEW.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

131 lines
4.7 KiB
Plaintext
Raw Normal View History

Release Announcements
=====================
This is the first pre release of Samba 4.20. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.20 will be the next version of the Samba suite.
UPGRADING
=========
NEW FEATURES/CHANGES
====================
New Minimum MIT Krb5 version for Samba AD Domain Controller
-----------------------------------------------------------
Samba now requires MIT 1.21 when built against a system MIT Krb5 and
acting as an Active Directory DC. This addresses the issues that were
fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures that
Samba builds against the MIT version that allows us to avoid that
attack.
Removed dependency on Perl JSON module
--------------------------------------
Distributions are advised that the Perl JSON package is no longer
required by Samba builds that use the imported Heimdal. The build
instead uses Perl's JSON::PP built into recent perl5 versions.
Current lists of packages required by Samba for major distributions
are found in the bootstrap/generated-dists/ directory of a Samba
source tree. While there will be some differences - due to features
chosen by packagers - comparing these lists with the build dependencies
in a package may locate other dependencies we no longer require.
samba-tool user getpassword / syncpasswords ;rounds= change
-----------------------------------------------------------
The password access tool "samba-tool user getpassword" and the
password sync tool "samba-tool user syncpasswords" allow attributes to
be chosen for output, and accept parameters like
pwdLastSet;format=GeneralizedTime
These attributes then appear, in the same format, as the attributes in
the LDIF output. This was not the case for the ;rounds= parameter of
virtualCryptSHA256 and virtualCryptSHA512, for example as
--attributes="virtualCryptSHA256;rounds=50000"
This release makes the behaviour consistent between these two
features. Installations using GPG-encrypted passwords (or plaintext
storage) and the rounds= option, will find the output has changed
from:
virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
to:
virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
Group Managed service account client-side features
--------------------------------------------------
samba-tool has been extended to provide client-side support for Group
Managed Service accounts. These accounts have passwords that change
automatically, giving the advantages of service isolation without risk
of poor, unchanging passwords.
Where possible, Samba's existing samba-tool password handling
commands, which in the past have only operated against the local
sam.ldb have been extended to permit operation against a remote server
with authenticated access to "-H ldap://$DCNAME"
Supported operations include:
- reading the current and previous gMSA password via
"samba-tool user getpassword"
- writing a Kerberos Ticket Granting Ticket (TGT) to a local
credentials cache with a new command
"samba-tool user get-kerberos-ticket"
REMOVED FEATURES
================
Get locally logged on users from utmp
-------------------------------------
The Workstation Service Remote Protocol [MS-WKST] calls NetWkstaGetInfo
level 102 and NetWkstaEnumUsers level 0 and 1 return the list of locally
logged on users. Samba was getting the list from utmp, which is not
Y2038 safe. This feature has been completely removed and Samba will
always return an empty list.
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
smb3 unix extensions Per share -
KNOWN ISSUES
============
2011-09-12 08:16:12 +04:00
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.20#Release_blocking_bugs
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================