mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
3df66745b5
prepare WHATSNEW.txt for release notes (similar as we do for Samba3).
(This used to be commit b4e9f0c995)
123 lines
4.7 KiB
Plaintext
123 lines
4.7 KiB
Plaintext
Samba 4 is the ambitious next version of the Samba suite that is being
|
|
developed in parallel to the stable 3.0 series. The main emphasis in
|
|
this branch is support for the Active Directory logon protocols used
|
|
by Windows 2000 and above.
|
|
|
|
Samba 4 is currently not yet in a state where it is usable in
|
|
production environments. Note the WARNINGS below, and the STATUS file,
|
|
which aims to document what should and should not work.
|
|
|
|
With 3 years of development under our belt since Tridge first proposed
|
|
a new Virtual File System (VFS) layer for Samba3 (a project which
|
|
eventually lead to our Active Directory efforts), it was felt that we
|
|
should create something we could 'show off' to our users. This is a
|
|
Technology Preview (TP), aimed at allowing users, managers and
|
|
developers to see how we have progressed, and to invite feedback and
|
|
support.
|
|
|
|
WARNINGS
|
|
========
|
|
|
|
Samba4 TP is currently a pre-alpha technology. It may eat your cat, but
|
|
is far more likely to choose to munch on your password database. We
|
|
recommend against upgrading any production servers from Samba 3 to
|
|
Samba 4 at this stage. If you are upgrading an experimental server,
|
|
you should backup all configuration and data.
|
|
|
|
We expect that format changes will require that the user database be
|
|
rebuilt from scratch a number of times before we make a final release,
|
|
losing password data each time.
|
|
|
|
Samba 4 Technology Preview includes basic Access Control List (ACL)
|
|
protection on the main user database, but due to time constraints,
|
|
none on the registry at this stage. We also do not currently have
|
|
ACLs on the SWAT web-based management tool. This means that Samba 4
|
|
Technology Preview is not secure.
|
|
|
|
File system access should occur as the logged in user, much as Samba3
|
|
does.
|
|
|
|
Again, we strongly recommend against use in a production environment
|
|
at this stage.
|
|
|
|
NEW FEATURES
|
|
============
|
|
|
|
Samba4 supports the server-side of the Active Directory logon environment
|
|
used by Windows 2000 and later, so we can do full domain join
|
|
and domain logon operations with these clients.
|
|
|
|
Our Domain Controller (DC) implementation includes our own built-in
|
|
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
|
|
Samba3-like logon services provided over CIFS. We correctly generate
|
|
the infamous Kerberos PAC, and include it with the Kerberos tickets we
|
|
issue.
|
|
|
|
SWAT is now integrated into Samba 4 as the user-friendly interface to
|
|
Samba server management. SWAT provides easy access to our
|
|
setup and migration tools. Using SWAT, you can migrate windows
|
|
domains in Samba 4, allowing easy setup of initial user databases, and
|
|
upgrades from Samba 3.
|
|
|
|
The new VFS features in Samba 4 adapts the filesystem on the server to
|
|
match the Windows client semantics, allowing Samba 4 to better match
|
|
windows behaviour and application expectations. This includes file
|
|
annotation information (in streams) and NT ACLs in particular. The
|
|
VFS is backed with an extensive automated test suite.
|
|
|
|
A new scripting interface has been added to Samba 4, allowing
|
|
JavaScript programs to interface to Samba's internals.
|
|
|
|
The Samba 4 architecture is based around an LDAP-like database that
|
|
can use a range of modular backends. One of the backends supports
|
|
standards compliant LDAP servers (including OpenLDAP), and we are
|
|
working on modules to map between AD-like behaviours and this backend.
|
|
We are aiming for Samba 4 to be powerful frontend to large
|
|
directories.
|
|
|
|
CHANGES
|
|
=======
|
|
|
|
Those familiar with Samba 3 can find a list of user-visible changes
|
|
since that release series in the NEWS file.
|
|
|
|
- An optional password is no longer supported as the second argument to
|
|
smbclient.
|
|
|
|
- The default location of smb.conf in non-FHS builds has changed from the
|
|
PREFIX/lib directory to the PREFIX/etc directory.
|
|
|
|
KNOWN ISSUES
|
|
============
|
|
|
|
- Standalone server and domain member roles are not currently
|
|
supported. While we have much of the infrastructure required, we
|
|
have not collected these pieces together.
|
|
|
|
- There is no printing support in the current release.
|
|
|
|
- SWAT can be painful with <TAB> and forms. Just use the mouse, as
|
|
the JavaScript layer doing this will change.
|
|
|
|
- Domain logons (using Kerberos) from windows clients incorrectly
|
|
state that the password expires today.
|
|
|
|
RUNNING Samba4
|
|
==============
|
|
|
|
A short guide to setting up Samba 4 can be found in the howto.txt file
|
|
in root of the tarball.
|
|
|
|
DEVELOPMENT and FEEDBACK
|
|
========================
|
|
Bugs can be filed at https://bugzilla.samba.org/. Please
|
|
look at the STATUS file before filing a bug to see if a particular
|
|
is supposed to work yet.
|
|
|
|
Development and general discussion about Samba 4 happens mainly on
|
|
the #samba-technical IRC channel (on irc.freenode.net) and
|
|
the samba-technical mailing list (see http://lists.samba.org/ for
|
|
details).
|
|
|
|
|