mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
11a3a8d9b9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jul 1 13:48:32 UTC 2021 on sn-devel-184
179 lines
6.0 KiB
Plaintext
179 lines
6.0 KiB
Plaintext
Release Announcements
|
|
=====================
|
|
|
|
This is the first pre release of Samba 4.15. This is *not*
|
|
intended for production environments and is designed for testing
|
|
purposes only. Please report any defects via the Samba bug reporting
|
|
system at https://bugzilla.samba.org/.
|
|
|
|
Samba 4.15 will be the next version of the Samba suite.
|
|
|
|
|
|
UPGRADING
|
|
=========
|
|
|
|
New GPG key
|
|
-----------
|
|
|
|
The GPG release key for Samba releases changed from:
|
|
|
|
pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
|
|
Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
|
|
uid [ full ] Samba Distribution Verification Key <samba-bugs@samba.org>
|
|
sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
|
|
|
|
to the following new key:
|
|
|
|
pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
|
|
Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620
|
|
uid [ultimate] Samba Distribution Verification Key <samba-bugs@samba.org>
|
|
sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
|
|
|
|
Starting from Jan 21th 2021, all Samba releases will be signed with the new key.
|
|
|
|
See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
|
|
|
|
|
|
NEW FEATURES/CHANGES
|
|
====================
|
|
- bind DLZ: Added the ability to set allow/deny lists for zone
|
|
transfer clients.
|
|
Up to now, any client could use a DNS zone transfer request
|
|
to the bind server, and get an answer from Samba.
|
|
Now the default behaviour will be to deny those request.
|
|
Two new options have been added to manage the list of
|
|
authorized/denied clients for zone transfer requests.
|
|
In order to be accepted, the request must be issued by a client
|
|
that is in the allow list and NOT in the deny list.
|
|
|
|
Improved command line user experience
|
|
-------------------------------------
|
|
|
|
Samba utilities did not consistently implement their command line interface. A
|
|
number of options were requiring to specify values in one tool and not in the
|
|
other, some options meant different in different tools.
|
|
|
|
These should be stories of the past now. A new command line parser has been
|
|
implemented with sanity checking. Also the command line interface has been
|
|
simplified and provides better control for encryption, singing and kerberos.
|
|
|
|
Also several command line options have a smb.conf variable to control the
|
|
default now.
|
|
|
|
All tools are logging to stderr by default. You can use --debug-stdout to
|
|
change the behavior.
|
|
|
|
### Common parser:
|
|
|
|
Options added:
|
|
--client-protection=off|sign|encrypt
|
|
|
|
Options renamed:
|
|
--kerberos -> --use-kerberos=required|desired|off
|
|
--krb5-ccache -> --use-krb5-ccache=CCACHE
|
|
--scope -> --netbios-scope=SCOPE
|
|
--use-ccache -> --use-winbind-ccache
|
|
|
|
Options removed:
|
|
-e|--encrypt
|
|
-C removed from --use-winbind-ccache
|
|
-i removed from --netbios-scope
|
|
-S|--signing
|
|
|
|
|
|
### Duplicates in command line utils
|
|
|
|
ldbadd/ldbsearch/ldbdel/ldbmodify/ldbrename:
|
|
-e is not available for --editor anymore
|
|
-s is not used for --configfile anymore
|
|
|
|
ndrdump:
|
|
-l is not available for --load-dso anymore
|
|
|
|
net:
|
|
-l is not available for --long anymore
|
|
|
|
sharesec:
|
|
-V is not available for --viewsddl anymore
|
|
|
|
smbcquotas:
|
|
--user -> --quota-user
|
|
|
|
nmbd:
|
|
--log-stdout -> --debug-stdout
|
|
|
|
smbd:
|
|
--log-stdout -> --debug-stdout
|
|
|
|
winbindd:
|
|
--log-stdout -> --debug-stdout
|
|
|
|
Scanning of trusted domains and enterpise principals
|
|
----------------------------------------------------
|
|
|
|
As an artifact from the NT4 times, we still scanned the list of trusted domains
|
|
on winbindd startup. This is wrong as we never can get a full picture in Active
|
|
Directory. It is time to change the default value to No. Also with this change
|
|
we always use enterprise principals for Kerberos so that the DC will be able
|
|
to redirect ticket requests to the right DC. This is e.g needed for one way
|
|
trusts. The options `winbind use krb5 enterprise principals` and
|
|
`winbind scan trusted domains` will be deprecated in one of the next releases.
|
|
|
|
|
|
REMOVED FEATURES
|
|
================
|
|
|
|
Tru64 ACL support has been removed from this release. The last
|
|
supported release of Tru64 UNIX was in 2012.
|
|
|
|
NIS support has been removed from this release. This is not
|
|
available in Linux distributions anymore.
|
|
|
|
The DLZ DNS plugin is no longer built for Bind versions 9.8 and 9.9,
|
|
which have been out of support since 2018.
|
|
|
|
smb.conf changes
|
|
================
|
|
|
|
Parameter Name Description Default
|
|
-------------- ----------- -------
|
|
client use kerberos New desired
|
|
client protection New default
|
|
preopen:posix-basic-regex New No
|
|
preopen:nomatch_log_level New 5
|
|
preopen:match_log_level New 5
|
|
preopen:nodigits_log_level New 1
|
|
preopen:founddigits_log_level New 3
|
|
preopen:reset_log_level New 5
|
|
preopen:push_log_level New 3
|
|
preopen:queue_log_level New 10
|
|
winbind use krb5 enterprise principals Changed Yes
|
|
winbind scan trusted domains Changed No
|
|
|
|
|
|
KNOWN ISSUES
|
|
============
|
|
|
|
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.15#Release_blocking_bugs
|
|
|
|
|
|
#######################################
|
|
Reporting bugs & Development Discussion
|
|
#######################################
|
|
|
|
Please discuss this release on the samba-technical mailing list or by
|
|
joining the #samba-technical IRC channel on irc.freenode.net.
|
|
|
|
If you do report problems then please try to send high quality
|
|
feedback. If you don't provide vital information to help us track down
|
|
the problem then you will probably be ignored. All bug reports should
|
|
be filed under the Samba 4.1 and newer product in the project's Bugzilla
|
|
database (https://bugzilla.samba.org/).
|
|
|
|
|
|
======================================================================
|
|
== Our Code, Our Bugs, Our Responsibility.
|
|
== The Samba Team
|
|
======================================================================
|
|
|