diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e4df1b63f98..3bc90b1406d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -22,8 +22,9 @@ the section on "Known Issues" for more details. Major new features: ------------------- -1) Active Directory support. This release is able to join a ADS realm - as a member server and authenticate users using LDAP/kerberos. +1) Active Directory support. Samba 3.0 is now able to + to join a ADS realm as a member server and authenticate + users using LDAP/Kerberos. 2) Unicode support. Samba will now negotiate UNICODE on the wire and internally there is now a much better infrastructure for multi-byte @@ -37,30 +38,29 @@ Major new features: completely rewritten. An internal database now stores mangling maps persistently. This needs lots of testing. -5) New "net" command. A new "net" command has been added. It is - somewhat similar to the "net" command in windows. Eventually we - plan to replace a bunch of other utilities (such as smbpasswd) - with subcommands in "net", at the moment only a few things are - implemented. +5) A new "net" command has been added. It is somewhat similar to + the "net" command in windows. Eventually we plan to replace + numerous other utilities (such as smbpasswd) with subcommands + in "net". 6) Samba now negotiates NT-style status32 codes on the wire. This improves error handling a lot. 7) Better Windows 2000/XP/2003 printing support including publishing - printer attributes in active directory + printer attributes in active directory. -8) New loadable RPC modules +8) New loadable RPC modules. -9) New dual-daemon winbindd support (-B) for better performance +9) New dual-daemon winbindd support (-B) for better performance. 10) Support for migrating from a Windows NT 4.0 domain to a Samba - domain and maintaining user, group and domain SIDs + domain and maintaining user, group and domain SIDs. 11) Support for establishing trust relationships with Windows NT 4.0 - domain controllers + domain controllers. 12) Initial support for a distributed Winbind architecture using - an LDAP directory for storing SID to uid/gid mappings + an LDAP directory for storing SID to uid/gid mappings. 13) Major updates to the Samba documentation tree. @@ -86,76 +86,77 @@ details 1) Rework our smb signing code again, this factors out some of the common MAC calculation code, and now supports multiple - outstanding packets (bug #40) + outstanding packets (bug #40). 2) Enforce 'client plaintext auth', 'client lanman auth' and 'client - ntlmv2 auth' -3) Correct timestamp problem on 64-bit machines (bug #140) + ntlmv2 auth'. +3) Correct timestamp problem on 64-bit machines (bug #140). 4) Add extra debugging statements to winbindd for tracking down - failures -5) Fix bug when aliased 'winbind uid/gid' parameters are used - ('winbind uid/gid' are now replaced with 'idmap uid/gid') + failures. +5) Fix bug when aliased 'winbind uid/gid' parameters are used. + ('winbind uid/gid' are now replaced with 'idmap uid/gid'). 6) Added an auth flag that indicates if we should be allowed - to fall back to NTLMSSP for SASL if krb5 fails + to fall back to NTLMSSP for SASL if krb5 fails. 7) Fixed the bug that forced us not to use the winbindd cache when - we have a primary ADS domain and a secondary (trusted) NT4 domain. -8) Use lp_realm() to find the default realm for 'net ads password' -9) Removed editreg from standard build until it is portable. -10) Fix domain membership for servers not running winbindd + we have a primary ADS domain and a secondary (trusted) NT4 + domain. +8) Use lp_realm() to find the default realm for 'net ads password'. +9) Removed editreg from standard build until it is portable.. +10) Fix domain membership for servers not running winbindd. 11) Correct race condition in determining the high water mark - in the idmap backend (bug #181) + in the idmap backend (bug #181). 12) Set the user's primary unix group from usrmgr.exe (partial - fix for bug #45) -13) Show comments when doing 'net group -l' (bug #3) + fix for bug #45). +13) Show comments when doing 'net group -l' (bug #3). 14) Add trivial extension to 'net' to dump current local idmap - and restore mappings as well + and restore mappings as well. 15) Modify 'net rpc vampire' to add new and existing users to both the idmap and the SAM. This code needs further testing. -16) Fix crash bug in ADS searches -17) Build libnss_wins.so as part of nsswitch target (bug #160) +16) Fix crash bug in ADS searches. +17) Build libnss_wins.so as part of nsswitch target (bug #160). 18) Make net rpc vampire return an error if the sam sync RPC - returns an error + returns an error. 19) Fail to join an NT 4 domain as a BDC if a workstation account - using our name exists + using our name exists. 20) Fix various memory leaks in server and client code 21) Remove the short option to --set-auth-user for wbinfo (-A) to - prevent confusion with the -a option (bug #158) -22) Added new 'map acl inherit' parameter -23) Removed unused 'privileges' code from group mapping database -24) Don't segfault on empty passdb backend list (bug #136) -25) Fixed acl sorting algorithm for Windows 2000 clients + prevent confusion with the -a option (bug #158). +22) Added new 'map acl inherit' parameter. +23) Removed unused 'privileges' code from group mapping database. +24) Don't segfault on empty passdb backend list (bug #136). +25) Fixed acl sorting algorithm for Windows 2000 clients. 26) Replace universal group cache with netsamlogon_cache - from APPLIANCE_HEAD branch + from APPLIANCE_HEAD branch. 27) Fix autoconf detection issues surrounding --with-ads=yes - but no Krb5 header files installed (bug #152) + but no Krb5 header files installed (bug #152). 28) Add LDAP lookup for domain sequence number in case we are - joined using NT4 protocols to a native mode AD domain + joined using NT4 protocols to a native mode AD domain. 29) Fix backend method selection for trusted NT 4 (or 2k - mixed mode) domains + mixed mode) domains. 30) Fixed bug that caused us to enumerate domain local groups - from native mode AD domains other than our own + from native mode AD domains other than our own. 31) Correct group enumeration for viewing in the Windows - security tab (bug #110) -32) Consolidate the DC location code + security tab (bug #110). +32) Consolidate the DC location code. 33) Moved 'ads server' functionality into 'password server' for - backwards compatibility -34) Fix winbindd_idmap tdb upgrades from a 2.2 installation + backwards compatibility. +34) Fix winbindd_idmap tdb upgrades from a 2.2 installation. ( if you installed beta1, be sure to - 'mv idmap.tdb winbindd_idmap.tdb' ) + 'mv idmap.tdb winbindd_idmap.tdb' ). 35) Fix pdb_ldap segfaults, and wrong default values for - ldapsam_compat + ldapsam_compat. 36) Enable negative connection cache for winbindd's ADS backend - functions + functions. 37) Enable address caching for active directory DC's so we don't - have to hit DNS so much + have to hit DNS so much. 38) Fix bug in idmap code that caused mapping to randomly be - redefined + redefined. 39) Add tdb locking code to prevent race condition when adding a - new mapping to idmap + new mapping to idmap. 40) Fix 'map to guest = bad user' when acting as a PDC supporting - trust relationships + trust relationships. 41) Prevent deadlock issues when running winbindd on a Samba PDC to handle allocating uids & gids for trusted users and groups -42) added LOCALE patch from Steve Langasek (bug #122) +42) added LOCALE patch from Steve Langasek (bug #122). 43) Add the 'guest' passdb backend automatically to the end of the 'passdb backend' list if 'guest account' has a valid username. @@ -166,14 +167,14 @@ details 45) Match Windows NT4/2k behavior when authenticating a user with and unknown domain (default to our domain if we are a DC or domain member; default to our local name if we are a - standalone server) + standalone server). 46) Fix Get_Pwnam() to always fall back to lookup 'user' if the 'DOMAIN\user' lookup fails. This matches 2.2. behavior. 47) Fix the trustdom_cache code to update the list of trusted domains when operating as a domain member and not using - winbindd + winbindd. 48) Remove 'nisplussam' passdb backend since it has suffered for - too long without a maintainer + too long without a maintainer. @@ -183,7 +184,7 @@ Upgrading from Samba 2.2 ######################## This section is provided to help administrators understand the details -involved with upgrading a Samba 2.2 server to Samba 3.0 +involved with upgrading a Samba 2.2 server to Samba 3.0. Building