mirror of
https://github.com/samba-team/samba.git
synced 2025-02-22 05:57:43 +03:00
r21022: Trying out a new style for some of our WHATSNEW and README
documentation, prepareing for TP4. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
Gerald (Jerry) Carter
parent
b975ce3a47
commit
86b5c558fa
8
BUGS.txt
8
BUGS.txt
@ -1,6 +1,6 @@
|
||||
Samba 4 is still feature incomplete. If you are using it for anything other
|
||||
than education you are insane.
|
||||
than education you are insane, or perhaps just very interested.
|
||||
|
||||
Please file bug reports at https://bugzilla.samba.org/, product: Samba4.
|
||||
Please include as much information as possible, such as SVN revision number
|
||||
and backtraces.
|
||||
We welcome your testing, please file bug reports at
|
||||
https://bugzilla.samba.org/, product: Samba4. Please include as much
|
||||
information as possible, such as SVN revision number and backtraces.
|
||||
|
||||
66
README
66
README
@ -3,42 +3,59 @@ developed in parallel to the stable 3.0 series. The main emphasis in
|
||||
this branch is support for the Active Directory logon protocols used
|
||||
by Windows 2000 and above.
|
||||
|
||||
Samba 4 is currently not yet in a state where it is usable in
|
||||
production environments. Note the WARNINGS below, and the STATUS file,
|
||||
While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet. Please note the WARNINGS below, and the STATUS file,
|
||||
which aims to document what should and should not work.
|
||||
|
||||
With 3 years of development under our belt since Tridge first proposed
|
||||
With 4 years of development under our belt since Tridge first proposed
|
||||
a new Virtual File System (VFS) layer for Samba3 (a project which
|
||||
eventually lead to our Active Directory efforts), it was felt that we
|
||||
eventually lead to our Active Directory efforts), we was felt that we
|
||||
should create something we could 'show off' to our users. This is a
|
||||
Technology Preview (TP), aimed at allowing users, managers and
|
||||
developers to see how we have progressed, and to invite feedback and
|
||||
Technology Preview (TP), aimed at allowing you, our users, managers and
|
||||
developers to see how we have progressed, and to invite your feedback and
|
||||
support.
|
||||
|
||||
WARNINGS
|
||||
========
|
||||
|
||||
Samba4 TP is currently a pre-alpha technology. It may eat your cat, but
|
||||
is far more likely to choose to munch on your password database. We
|
||||
recommend against upgrading any production servers from Samba 3 to
|
||||
Samba 4 at this stage. If you are upgrading an experimental server,
|
||||
you should backup all configuration and data.
|
||||
Samba4 TP is currently a pre-alpha technology. That is more a
|
||||
reference to Samba4's lack of the features we expect you will need
|
||||
than a statement of code quality, but clearly it hasn't seen a broad
|
||||
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
|
||||
Samba4, you would find many things work, but that other key features
|
||||
you may have relied on simply are not there yet.
|
||||
|
||||
We expect that format changes will require that the user database be
|
||||
rebuilt from scratch a number of times before we make a final release,
|
||||
losing password data each time.
|
||||
For example, while Samba 3.0 is an excellent member of a Active
|
||||
Directory domain, Samba4 is happier as a domain controller: (This is
|
||||
where we have done most of the research and development).
|
||||
|
||||
While Samba4 is subjected to an awesome battery of tests on an
|
||||
automated basis, and we have found Samba4 to be very stable in it's
|
||||
behaviour, we have to recommend against upgrading production servers
|
||||
from Samba 3 to Samba 4 at this stage. If you are upgrading an
|
||||
experimental server, or looking to develop and test Samba, you should
|
||||
backup all configuration and data.
|
||||
|
||||
As we research the needs of Active Directory integration more closely,
|
||||
we may need to change the format of the user database, in particular
|
||||
as we begin to understand how the attributes are generated and stored.
|
||||
At a worst case, we expect users will be able to extract the stored
|
||||
data as LDIF and hand munge it, but until we make an alpha release, we
|
||||
won't do this automatically. Indeed, many module changes are simply
|
||||
easier to cope with if you just re-provision after the upgrade.
|
||||
|
||||
We value the security of your computers, and so we must warn you that
|
||||
Samba 4 Technology Preview includes basic Access Control List (ACL)
|
||||
protection on the main user database, but due to time constraints,
|
||||
none on the registry at this stage. We also do not currently have
|
||||
ACLs on the SWAT web-based management tool. This means that Samba 4
|
||||
Technology Preview is not secure.
|
||||
Technology Preview is not secure, and should not be exposed to
|
||||
untrusted networks..
|
||||
|
||||
File system access should occur as the logged in user, much as Samba3
|
||||
does.
|
||||
Within the above proviso, file system access should occur as the
|
||||
logged in user, much as Samba3 does.
|
||||
|
||||
Again, we strongly recommend against use in a production environment
|
||||
at this stage.
|
||||
As such, we must strongly recommend against using Samba4 in a
|
||||
production environment at this stage.
|
||||
|
||||
NEW FEATURES
|
||||
============
|
||||
@ -48,7 +65,7 @@ used by Windows 2000 and later, so we can do full domain join
|
||||
and domain logon operations with these clients.
|
||||
|
||||
Our Domain Controller (DC) implementation includes our own built-in
|
||||
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
|
||||
LDAP server and Kerberos Key Distribution Centre (KDC) as well as the
|
||||
Samba3-like logon services provided over CIFS. We correctly generate
|
||||
the infamous Kerberos PAC, and include it with the Kerberos tickets we
|
||||
issue.
|
||||
@ -59,7 +76,7 @@ setup and migration tools. Using SWAT, you can migrate windows
|
||||
domains in Samba 4, allowing easy setup of initial user databases, and
|
||||
upgrades from Samba 3.
|
||||
|
||||
The new VFS features in Samba 4 adapts the filesystem on the server to
|
||||
The new VFS features in Samba 4 adapts the file-system on the server to
|
||||
match the Windows client semantics, allowing Samba 4 to better match
|
||||
windows behaviour and application expectations. This includes file
|
||||
annotation information (in streams) and NT ACLs in particular. The
|
||||
@ -71,8 +88,8 @@ JavaScript programs to interface to Samba's internals.
|
||||
The Samba 4 architecture is based around an LDAP-like database that
|
||||
can use a range of modular backends. One of the backends supports
|
||||
standards compliant LDAP servers (including OpenLDAP), and we are
|
||||
working on modules to map between AD-like behaviours and this backend.
|
||||
We are aiming for Samba 4 to be powerful frontend to large
|
||||
working on modules to map between AD-like behaviours and this back-end.
|
||||
We are aiming for Samba 4 to be powerful front-end to large
|
||||
directories.
|
||||
|
||||
CHANGES
|
||||
@ -99,9 +116,6 @@ KNOWN ISSUES
|
||||
- SWAT can be painful with <TAB> and forms. Just use the mouse, as
|
||||
the JavaScript layer doing this will change.
|
||||
|
||||
- Domain logons (using Kerberos) from windows clients incorrectly
|
||||
state that the password expires today.
|
||||
|
||||
RUNNING Samba4
|
||||
==============
|
||||
|
||||
|
||||
237
WHATSNEW.txt
237
WHATSNEW.txt
@ -1,171 +1,72 @@
|
||||
This file contains a history of changes since the first Samba 4 Technology
|
||||
Preview. For a general introduction to Samba 4, see the README file in this
|
||||
directory. The NEWS file contains a list of differences between
|
||||
Samba 3 and Samba 4.
|
||||
'Samba4 TP4' presents you with an opportunity to see a Technology
|
||||
Preview (TP) snapshot of Samba4's development, as at January 2007.
|
||||
|
||||
In the last few months since TP3 was released in October 2006,
|
||||
significant work has been done across many parts of Samba4. Since that
|
||||
time, we have added the basis for some new and exciting features:
|
||||
|
||||
PKINIT support to Samba4's KDC will allow, smart-card login to a
|
||||
Samba4 domain. TP4 demonstrates this with static key files, but
|
||||
work will continue to enable actual hardware cards.
|
||||
|
||||
Clustering support was always a design goal of Samba4, and with TP4
|
||||
we have the ctdb framework, a cluster-aware shared database. This
|
||||
allows Samba4 to share a shared cluster file-system with it's clients.
|
||||
Presented at this year's linux.conf.au, including a highly rigged
|
||||
demo, you can expect to see this mature over the next few months.
|
||||
|
||||
Non-blocking and Asynchronous IO support, has always been a design
|
||||
goal in Samba4, and TP4 will use new Linux Kernel features to
|
||||
implement event driven asynchronous IO. This makes Samba more
|
||||
efficient on systems where some data may be 'further away' than a
|
||||
local disk, such as HSM systems. This allows the Kernel to handle
|
||||
reading the returned data from the disk, only notifying Samba when
|
||||
the data is ready for dispatch to the client.
|
||||
|
||||
Our web-management console, known as SWAT, is being revamped, and in
|
||||
TP4 you can find a new Web 2.0 style user interface, being used to
|
||||
support a web-based ldb browser. We hope this new system will allow
|
||||
things simple not possible with the form-submit style of web
|
||||
management.
|
||||
|
||||
Using LDB LDAP back-end integration has improved in this release, with an
|
||||
improved mapping module allowing the start of Fedora DS back-end
|
||||
support.
|
||||
|
||||
In continuing our research effort, TP4 includes the work to better
|
||||
understand and implement the DRSUAPI replication protocols. By better
|
||||
understanding the needs of replication now, we can structure our
|
||||
databases so that their format will have to change less in future.
|
||||
|
||||
We hope to use this replication function to replace the SamSync based
|
||||
Vampire process so effectively demonstrated since TP1, and to
|
||||
eventually join an Active Directory domain, as a replicating partner.
|
||||
|
||||
Behind the scenes, much of the core infrastructure of Samba4 continues
|
||||
development:
|
||||
|
||||
In Kerberos, we have continued to track the development of the
|
||||
Heimdal Kerberos implementation, and reduce the custom diff between
|
||||
our branch and upstream. Heimdal now provides plug-in APIs for
|
||||
almost all of the hooks we need, including management and validation
|
||||
of the PAC.
|
||||
|
||||
In testing, our test infrastructure has undergone a quiet
|
||||
revolution, as we improve our unit test framework. Likewise, the
|
||||
tests themselves have continued to expand, as we follow our
|
||||
test-driven development pattern.
|
||||
|
||||
In providing an abstraction above our raw RPC layer, the libnet
|
||||
library continues to expand, becoming a C and JS management API for
|
||||
Samba4 and remote servers.
|
||||
|
||||
To ensure that, as an administrator and developer, you can easily
|
||||
read and edit our internal databases, our LDB layer has been
|
||||
optimised for speed. The aim here is to avoid needing to use the faster, but
|
||||
more opaque, TDB layer.
|
||||
|
||||
These are just some of the highlights of the work done in the past few
|
||||
months. More details can be found in our SVN history.
|
||||
|
||||
========================================
|
||||
Changes in Samba4-TP2
|
||||
Release date: 22 March 2006
|
||||
========================================
|
||||
|
||||
* Make ldb async internally (idra)
|
||||
|
||||
* Use HDB-LDB as the keytab (abartlet)
|
||||
|
||||
* Call the wins hook script again (metze)
|
||||
|
||||
* Make sure no more than 25 records are added in the WINS database (metze)
|
||||
|
||||
* Documentation updates (jelmer)
|
||||
|
||||
* Fix termination issue in winreg server (metze)
|
||||
|
||||
* AES fix for Samba 4 <-> Samba4 (abartlet)
|
||||
|
||||
* Better conformance to FHS (abartlet, jelmer)
|
||||
|
||||
* Improve internal API and code quality in smbclient (jelmer)
|
||||
|
||||
* Add testsuite for smbclient (jelmer)
|
||||
|
||||
* Remove support for password as an optional second parameter in
|
||||
smbclient (jelmer)
|
||||
|
||||
* Various warning fixes (metze)
|
||||
|
||||
* Several clarifications of comments (abartlet)
|
||||
|
||||
* Remove use of pstring in some places (jelmer)
|
||||
|
||||
* Re-add the global -k option to enable kerberos (abartlet)
|
||||
|
||||
* Various memory allocation fixes (abartlet)
|
||||
|
||||
* Add new cifsdd client (jpeach)
|
||||
|
||||
* Add tests for even more insane delete-on-close semantics (jra, tridge)
|
||||
|
||||
* Initial work on BASE-DELETE test passing (tridge)
|
||||
|
||||
* Optimizations in tdb (tridge)
|
||||
|
||||
* Improvements to ldb documentation (idra, Brad Hards)
|
||||
|
||||
* Check attribute names to obey rfc2251 (idra)
|
||||
|
||||
* Allow WINS replication with NT4SP6A (metze)
|
||||
|
||||
* Add ManageDSAIT control (Pete Rowley, idra)
|
||||
|
||||
* Add tests for LDB controls (idra)
|
||||
|
||||
* Various LDB crash fixes (idra)
|
||||
|
||||
* Initial work on vlv LDB control (idra)
|
||||
|
||||
* Add -p option to smbtorture (jpeach)
|
||||
|
||||
* Several improvements to the SMB URL and UNC parsing (jpeach)
|
||||
|
||||
* Make DCE/RPC connect functions work async (rafal)
|
||||
|
||||
* Fix invalid steal on supportedControls (closes: #3525) (abartlet)
|
||||
|
||||
* Start parsing saslauthd requests (metze)
|
||||
|
||||
* Split the NBT-WINSREPLICATION test into multiple tests (metze)
|
||||
|
||||
* Add new ACB-bits as seen in acct_flags in the PAC info3 (gd)
|
||||
|
||||
* Move header files out of include/ (jelmer)
|
||||
|
||||
* Create separate library for generic utility functions (jelmer)
|
||||
|
||||
* Add highestCommittedUSN, uSNChanged and uSNCreated support to LDB (tridge)
|
||||
|
||||
* Allow more control over the the winbindd socket location (abartlet)
|
||||
|
||||
* Allow messaging without a server messaging context (abartlet)
|
||||
|
||||
* Make GSSAPI SASL mech work (abartlet)
|
||||
|
||||
* Write out Samba4 version when provisioning (idra)
|
||||
|
||||
* Allow servers to bind to non-broadcast interfaces (tridge, abartlet)
|
||||
|
||||
* Initialize some ASN.1 elements that are optional (metze)
|
||||
|
||||
* Various improvements to RPC-SCHANNEL (abartlet)
|
||||
|
||||
* Make Samba4 pass some of the newer schannel tests (abartlet)
|
||||
|
||||
* Better handling of connections without SPNEGO (abartlet)
|
||||
|
||||
* Generate seperate headers for RPC client functions (jelmer)
|
||||
|
||||
* Improve NTLMSSP tests (abartlet, vl)
|
||||
|
||||
* Support any size pointers in pidl (tridge)
|
||||
|
||||
* Large overhaul of the opendb code to pass BASE-DELETE (tridge)
|
||||
|
||||
* Use doxygen for documenting lib/util and lib/registry (jelmer)
|
||||
|
||||
* Add registration mechanism for modules and backends in ldb (idra, jelmer)
|
||||
|
||||
* Support building shared libraries in the build system (metze, jelmer)
|
||||
|
||||
* Install headers in a sane location (jelmer)
|
||||
|
||||
* Fix BASE-NEGNOWAIT (tridge)
|
||||
|
||||
* Add prefixes to most of the SMB-related functions (metze)
|
||||
|
||||
* Get rid of proto.h (jelmer)
|
||||
|
||||
* Reduce number of headers included in includes.h (jelmer)
|
||||
|
||||
* Support header dependencies (jelmer)
|
||||
|
||||
* Add RAW-NOTIFY (tridge, metze)
|
||||
|
||||
* Fix 'your password has expired' on every login (abartlet)
|
||||
|
||||
* Improvements to RPC-SAMSYNC (abartlet)
|
||||
|
||||
* Work on supporting change notify (tridge, metze)
|
||||
|
||||
* Reopen log files after SIGHUP (metze)
|
||||
|
||||
* Add BUGS.txt (#3523) (jelmer)
|
||||
|
||||
* Add summary to configure (#3442) (metze, jelmer)
|
||||
|
||||
* Swig fixes (idra)
|
||||
|
||||
* Improve NBT-WINSREPLICATION-OWNED test (metze)
|
||||
|
||||
* Fix a lot of compiler warnings (metze)
|
||||
|
||||
* Several code improvements found by static code checker (tridge, metze)
|
||||
|
||||
* Force correct alignment when in ASCII mode (#2921) (tridge)
|
||||
|
||||
* Fix coverity bug #127 (vl)
|
||||
|
||||
* Add support for changing process titles (metze)
|
||||
|
||||
* Support raw NTLMSSP (abartlet)
|
||||
|
||||
* Fix debug levels in several places (abartlet)
|
||||
|
||||
* Work to unify the ntvfs structures for smb and smb2 (metze, tridge)
|
||||
|
||||
* Initial work on asynchronous libnet (rafal)
|
||||
|
||||
* Improvements to the wide character set functions (tridge)
|
||||
|
||||
* Several heimdal build improvements (abartlet, jelmer)
|
||||
|
||||
* A lot of small cleanups and typo fixes
|
||||
(metze, abartlet, idra, jpeach, tridge, jelmer)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user