mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
a068dc6ede
Guenther
(This used to be commit 55e85ccd3e
)
463 lines
17 KiB
Plaintext
463 lines
17 KiB
Plaintext
=================================
|
|
Release Notes for Samba 3.2.0pre2
|
|
Feb 29, 2008
|
|
=================================
|
|
|
|
This is the second preview release of Samba 3.2.0. This is *not*
|
|
intended for production environments and is designed for testing
|
|
purposes only. Please report any defects via the Samba bug reporting
|
|
system at https://bugzilla.samba.org/.
|
|
|
|
Please be aware that Samba is now distributed under the version 3
|
|
of the new GNU General Public License. You may refer to the COPYING
|
|
file that accompanies these release notes for further licensing details.
|
|
|
|
Major enhancements in Samba 3.2.0 include:
|
|
|
|
File Serving:
|
|
o Use of IDL generated parsing layer for several DCE/RPC
|
|
interfaces.
|
|
o Removal of the 1024 byte limit on pathnames and 256 byte limit on
|
|
filename components to honor the MAX_PATH setting from the host OS.
|
|
o Introduction of a registry based configuration system.
|
|
o Improved CIFS Unix Extensions support.
|
|
o Experimental support for file serving clusters.
|
|
o Support for IPv6 in the server, and client tools and libraries.
|
|
o Support for storing alternate data streams in xattrs.
|
|
o Encrypted SMB transport in client tools and libraries, and server.
|
|
o Support for Vista clients authenticating via Kerberos.
|
|
|
|
Winbind and Active Directory Integration:
|
|
o Full support for Windows 2003 cross-forest, transitive trusts
|
|
and one-way domain trusts.
|
|
o Support for userPrincipalName logons via pam_winbind and NSS
|
|
lookups.
|
|
o Expansion of nested domain groups via NSS calls.
|
|
o Support for Active Directory LDAP Signing policy.
|
|
o New LGPL Winbind client library (libwbclient.so).
|
|
|
|
Joining:
|
|
o New NetApi library for domain join related queries (libnetapi.so)
|
|
and example GTK+ Domain join gui.
|
|
o New client and server support for remotely joining and unjoining
|
|
Domains.
|
|
o Support for joining into Windows 2008 domains.
|
|
|
|
Users & Groups:
|
|
o New ldb backend for local group mapping tables
|
|
o Raised level of security defaults for authentication operations.
|
|
|
|
|
|
Documentation:
|
|
o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
|
|
from O'Reilly Publishing.
|
|
|
|
|
|
Now Licensed under the GNU GPLv3
|
|
================================
|
|
|
|
The Samba Team has adopted the Version 3 of the GNU General Public
|
|
License for the 3.2 and later releases. The GPLv3 is the updated
|
|
version of the GPLv2 license under which Samba is currently
|
|
distributed. It has been updated to improve compatibility with other
|
|
licenses and to make it easier to adopt internationally, and is an
|
|
improved version of the license to better suit the needs of Free
|
|
Software in the 21st Century.
|
|
|
|
The original announcement is available on-line at
|
|
|
|
http://news.samba.org/announcements/samba_gplv3/
|
|
|
|
|
|
New Security Defaults for Authentication
|
|
========================================
|
|
|
|
Support for LanMan passwords is now disabled in both client and server
|
|
applications. Additionally, clear text authentication requests are
|
|
disabled by default in client utilities such as smbclient and all
|
|
libsmbclient based applications. This will affect connection both
|
|
to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
|
|
to the "Changes" section for details on the exact parameters that were
|
|
updated.
|
|
|
|
|
|
Registry Configuration Backend
|
|
==============================
|
|
|
|
Samba is now able to use a registry based configuration backed to
|
|
supplement smb.conf setting. This feature may be enabled by setting
|
|
"config backend = registry" and "registry shares = yes" in the [global]
|
|
section of smb.conf and may be managed using the "net conf" command.
|
|
|
|
More information may be obtained from the smb.conf(5) and net(8) man
|
|
pages.
|
|
|
|
|
|
Removed Features
|
|
================
|
|
|
|
Both the Python bindings and the libmsrpc shared library have been
|
|
removed from the tree due to lack of an official maintainer.
|
|
|
|
As smbfs is no longer supported in current kernel versions, smbmount has
|
|
been removed in this Samba version. Please use cifs (mount.cifs) instead.
|
|
See examples/scripts/mount/mount.smbfs as an example for a wrapper which
|
|
calls mount.cifs instead of smbmount/mount.smbfs.
|
|
|
|
|
|
|
|
######################################################################
|
|
Changes
|
|
#######
|
|
|
|
smb.conf changes
|
|
----------------
|
|
|
|
Parameter Name Description Default
|
|
-------------- ----------- -------
|
|
client lanman auth Changed Default No
|
|
client ldap sasl wrapping New plain
|
|
client plaintext auth Changed Default No
|
|
clustering New No
|
|
cluster addresses New ""
|
|
config backend New file
|
|
ctdb socket New ""
|
|
debug class New No
|
|
hidden New No
|
|
lanman auth Changed Default No
|
|
ldap debug level New 0
|
|
ldap debug threshold New 10
|
|
mangle map Removed
|
|
open files database hashsize Removed
|
|
read bmpx Removed
|
|
registry shares New No
|
|
winbind expand groups New 1
|
|
winbind rpc only New No
|
|
|
|
|
|
Changes since 3.2.0pre1:
|
|
-----------------------
|
|
|
|
o Michael Adam <obnox@samba.org>
|
|
* Add library for access to the registry configuration data.
|
|
* BUG 5023: Separate NFS4 and POSIX ACL code in file access checks.
|
|
* BUG 4308: Fix Excel save operation ACL bug.
|
|
* Refactor and consolidate logic for retrieving the machine
|
|
trust password information.
|
|
* VFS API cleanup (remove redundant parameter).
|
|
* BUG 4801: Correctly implement LSA lookup levels for LookupNames.
|
|
* Add new option "debug class" to control printing of the debug class.
|
|
in debug headers.
|
|
* Enable building of the zfsacl and notify_fam vfs modules.
|
|
* BUG 5083: Fix memleak in solarisacl module.
|
|
* BUG 5063: Fix build on RHEL5.
|
|
* New smb.conf parameter "config backend = registry" to enable registry
|
|
only configuration.
|
|
* Move "net conf" functionality into a separate module libnet_conf.c
|
|
* Restructure registry code, eliminating the dynamic overlay.
|
|
Make use of reg_api instead of backend code in most places.
|
|
* Add support for intercepting LDAP libraries' debug output and print
|
|
it in Samba's debugging system.
|
|
* Libreplace fixes.
|
|
* Build fixes.
|
|
* Initial support for using subsystems as shared libraries.
|
|
Use talloc, tdb, and libnetapi as shared libraries internally.
|
|
|
|
|
|
o Jeremy Allison <jra@samba.org>
|
|
* Added support for IPv6 client and server connections.
|
|
* Add in the recvfile entry to the VFS layer.
|
|
* Removal of pstring data type.
|
|
* Remove unused utilities: smbctool and rpctorture.
|
|
* Fix service principal detection to match Windows Vista
|
|
(based on work from Andreas Schneider).
|
|
* Encrypted SMB transport in client tools and libraries, and server.
|
|
|
|
|
|
o Kai Blin <kai@samba.org>
|
|
* Added support for an SMB_CONF_PATH environment variable
|
|
containing the path to smb.conf.
|
|
* Various fixes to ntlm_auth.
|
|
* make test now supports more extensive SPOOLSS testing using vlp.
|
|
* Correctly handle mixed-case hostnames in NTLMv2 authentication.
|
|
|
|
|
|
o Gerald (Jerry) Carter <jerry@samba.org>
|
|
* Add Winbind client library.
|
|
* Decouple static linking between smbd and winbindd's client
|
|
interface.
|
|
|
|
|
|
o Guenther Deschner <gd@samba.org>
|
|
* Enhance client and server remote registry access.
|
|
* Add client calls for remotely joining a computer to a domain
|
|
(including calls from "net dom" command).
|
|
* Add libnetapi.so library for joining domains including
|
|
sample GTK+ app.
|
|
* Fixes for Vista SP1 Kerberos authdata handling to only pickup
|
|
the PAC.
|
|
* Various error code and error message fixes.
|
|
* Add initial draft of libnetconf to allow programmatic
|
|
configuration changes.
|
|
* Add libnet_join internal library for programmatically joining
|
|
and unjoining Domains.
|
|
* Add various fixes and new calls to libnetapi.so library.
|
|
* Various fixes for DsGetDcName and conversion to IDL based
|
|
structures.
|
|
* Fixes for pidl to correctly generate WERROR based client calls.
|
|
* Fixes for pidl to generate output that complies to coding
|
|
conventions.
|
|
* Various IDL fixes.
|
|
* Add ads_get_joinable_ous() to libads to get list of joinable ous.
|
|
* Add get_logon_hours_from_pdb() to comply with new IDL based
|
|
structures.
|
|
* Add debugging capabilities to dump AD connections to libads
|
|
(using ndr_print).
|
|
* Add "dump-domain-list" command for smbcontrol to retrieve better
|
|
debugging information out of winbindd.
|
|
* Migration of the entire client and server DCE/RPC code to IDL
|
|
based structures and autogenerated code for DSSETUP, LSA, SAMR
|
|
and NETLOGON.
|
|
* Started migration of client and server DCE/RPC code to IDL based
|
|
structures and autogenerated code for NTSSVC, SVCCTL and
|
|
EVENTLOG.
|
|
* Use IDL and autogenerated code for samlogoncache and Kerberos
|
|
PAC handling.
|
|
* Various fixes and cleanup of Kerberos PAC handling.
|
|
* Fix segfault in _srv_net_file_enum.
|
|
* Conversion of client join and unjoin code to libnet_join.
|
|
* Add remote join/unjoin server-side implementation.
|
|
* Removed a lot of code which has become obsolete.
|
|
|
|
|
|
o Steve Langasek <vorlon@debian.org>
|
|
* Integrate 2 out of 3 --with-fhs patches from Debian packaging
|
|
for better adherence to the FHS standard.
|
|
|
|
|
|
o Volker Lendecke <vl@samba.org>
|
|
* Add talloc_stackframe() and talloc_pool() features.
|
|
* Removal of pstring data type.
|
|
* Add generic a in-memory cache.
|
|
* Import the Linux red-black tree implementation.
|
|
* Remove large amount of global variables.
|
|
* Support for storing xattrs in tdb files.
|
|
* Support for storing alternate data streams in xattrs.
|
|
* Implement a generic in-memory cache based on rb-trees.
|
|
* Add implicit temporary talloc contexts via talloc_stack().
|
|
* Speed up the smbclient "get" command
|
|
* Add the aio_fork module
|
|
|
|
|
|
o Stefan Metzmacher <metze@samba.org>
|
|
* Fixes for libreplace.
|
|
* Pidl fixes.
|
|
* Build fixes.
|
|
* Add nss_wrapper support.
|
|
* Start and test winbindd by 'make test'.
|
|
* Split up child_dispatch_table into domain, idmap and locator tables
|
|
in winbindd.
|
|
* Fix for a crash bug in pidl generated client code.
|
|
This could have happend with [in,out,unique] pointers
|
|
when the client sends a valid pointer, but the server
|
|
responds with a NULL pointer (as samba-3.0.26a does for some calls).
|
|
* Change NTSTATUS into enum ndr_err_code in librpc/ndr.
|
|
* Remove unused calls in the struct based winbindd protocol.
|
|
* Add --configfile option to wbinfo.
|
|
* Convert winbind_env_set(), winbind_on() and winbind_off() into macros.
|
|
* Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode.
|
|
* Implement wbcErrorString() and wbcAuthenticateUserEx().
|
|
* Convert auth_winbind to use wbcAuthenticateUserEx().
|
|
|
|
|
|
o James Peach <jpeach@samba.org>
|
|
* Add support for DNS Service Discovery. Based on work from
|
|
Rishi Srivatsavai <rishisv@gmail.com>.
|
|
|
|
|
|
o Andreas Schneider <anschneider@suse.de>
|
|
* Don't restart winbind if a corrupted tdb is found during
|
|
initialization.
|
|
* Fix Windows 2008 (Longhorn) join.
|
|
* Fix crashbug in winbindd.
|
|
* Add share parameter "hidden".
|
|
|
|
|
|
o Karolin Seeger <ks@sernet.de>
|
|
* Improve error messages of net subcommands.
|
|
* Add 'net rap file user'.
|
|
* Change LDAP search filter to find machine accounts which
|
|
are not located in the user suffix.
|
|
* Remove smbmount.
|
|
|
|
|
|
o David Shaw <dshaw@jabberwocky.com>
|
|
* BUG 5073: Allow "delete readonly = yes" to correctly override
|
|
deletion of a file.
|
|
|
|
|
|
o Rishi Srivatsavai <rishisv@gmail.com>
|
|
* Register the smb service with mDNS if mDNS is supported.
|
|
* Add smbclient support for basic mDNS browsing.
|
|
|
|
|
|
o Andrew Tridgell <tridge@samba.org>
|
|
* Fix padding between Winbind 32bit/64bit client library in
|
|
the request/response structures.
|
|
* Added a syncops VFS module for file systems which do not
|
|
guarantee meta-data operations are immediately committed to
|
|
disk in stable form.
|
|
|
|
|
|
o Jelmer Vernooij <jelmer@samba.org>
|
|
* Additional portability support for building shared libraries.
|
|
|
|
|
|
o Corinna Vinschen <corinna@vinschen.de>
|
|
* Get Samba version or capability information from Windows user space.
|
|
|
|
|
|
Original 3.2.0pre1 commits:
|
|
---------------------------
|
|
o Michael Adam <obnox@samba.org>
|
|
* Unified POSIX ACL detection including support for FreeBSD and
|
|
HP-UX.
|
|
* Performance improvements for Winbind's lookup functions (names,
|
|
SIDs, and group membership) when joined to an AD domain.
|
|
* Winbind cache validation support.
|
|
* Store domain trust passwords for Samba domain controller's in
|
|
the domain's passdb backend.
|
|
* Merged \winreg server code from the SAMBA_3_2 development branch.
|
|
* Fixes for libreplace.
|
|
* Implement new registry configuration backend.
|
|
|
|
|
|
o Jeremy Allison <jra@samba.org>
|
|
* Add support for file system objectIDs.
|
|
* Winbind cache validation support.
|
|
* Add in the UNIX capability for 24-bit readX.
|
|
* Improve Delete-on-Close semantics.
|
|
* Removal of static file and path name buffers in SMB file serving
|
|
code.
|
|
|
|
|
|
o Danilo Almeida <dalmeida@centeris.com>
|
|
* Move the machine account to the OU specified when running "net
|
|
ads join".
|
|
|
|
|
|
o Andrew Bartlett <abartlet@samba.org>
|
|
* Tighten authentication protocol defaults in client tools and
|
|
servers.
|
|
|
|
|
|
o Gerald (Jerry) Carter <jerry@samba.org>
|
|
* Implement support for one-way trusts and two-way cross-forest
|
|
transitive trust in winbindd.
|
|
* Fixes for Winbind's offline/disconnected logon support when
|
|
using remote idmap backends.
|
|
* Fix LookupNames and LookupSids to use the same resolution
|
|
heuristics as Windows XP.
|
|
* Fix lockups in Winbind when running nscd.
|
|
* UPN logon support in pam_winbind.
|
|
* Add support for GNU linker scripts when build shared libraries
|
|
(based on work by Julien Cristau <jcristau@debian.org> and James
|
|
Peach).
|
|
|
|
|
|
o Guenther Deschner <gd@samba.org>
|
|
* Additional support for decoding and downloading group policy
|
|
objects from Active Directory.
|
|
* Improvements to "net ads keytab" command.
|
|
* Fixes for linking against Heimdal Kerberos client libs.
|
|
* Support LDAP range retrieval searches.
|
|
* Fixes for failure to refresh user ticket caches in Winbind.
|
|
* UPN logon support in pam_winbind.
|
|
* Add KDC locator plugin for MIT kerberos 1.6 or later.
|
|
|
|
|
|
o Steve Langasek <vorlon@debian.org>
|
|
* Allow SIGTERM to cause nmbd to exit while awaiting a interface
|
|
to come up.
|
|
|
|
|
|
o Volker Lendecke <vl@samba.org>
|
|
* Merge experimental cluster support patches from the ctdb branch.
|
|
* Add tdb storage abstraction for ctdb.
|
|
* Use IDL for internal message passing system.
|
|
* Add client support for the SamLogonEx() authentication request.
|
|
* Implement RPC proxy stubs in the Samba server code to allow
|
|
replacing implementation functions one by one.
|
|
* Remove static incoming and outgoing buffers from core server SMB
|
|
packet processing code.
|
|
* Add "net sam rights" command.
|
|
|
|
|
|
o Steve French <sfrench@samba.org>
|
|
* Fixes for mount.cifs Linux utility.
|
|
|
|
|
|
o Stefan Metzmacher <metze@samba.org>
|
|
* Fixes for libreplace.
|
|
* Add support for LDAP digital signing policy.
|
|
* Experimental clustered file system support.
|
|
|
|
|
|
o Lars Mueller <lars@samba.org>
|
|
* Makefile and build fixes.
|
|
* Add pam_pwd_expire for pam_winbind (original patch from Andreas
|
|
Schneider).
|
|
|
|
|
|
o James Peach <jpeach@apple.com>
|
|
* Fixes for setgroups() and *BSD and Darwin.
|
|
* Support membership of >16 groups on Darwin.
|
|
|
|
|
|
o Jiri Sasek <Jiri.Sasek@Sun.COM>
|
|
* Added vfs_zfsacl module.
|
|
|
|
|
|
o Karolin Seeger <ks@sernet.de>
|
|
* Add deletelocalgroup and unmapunixgroup subcommand to "net sam".
|
|
* Cleanup internal passdb functions.
|
|
|
|
|
|
o Simo Sorce <idra@samba.org>
|
|
* Fixes for IDmap and Passdb backends.
|
|
|
|
|
|
o Andrew Tridgell <tridge@samba.org>
|
|
* Port ldb from the Samba 4 tree and add ldb group mapping plugin.
|
|
* Move several file serving related tdb files to use the dbwrap
|
|
API internally.
|
|
* Cleanup the GPFS VFS plugin.
|
|
* Experimental clustered file system support.
|
|
|
|
|
|
o Jelmer Vernooij <jelmer@samba.org>
|
|
* Implement NDR basic to support utilizing IDL files from Samba 4
|
|
tree for general DCE/RPC parsing stubs.
|
|
|
|
|
|
|
|
######################################################################
|
|
Reporting bugs & Development Discussion
|
|
#######################################
|
|
|
|
Please discuss this release on the samba-technical mailing list or by
|
|
joining the #samba-technical IRC channel on irc.freenode.net.
|
|
|
|
If you do report problems then please try to send high quality
|
|
feedback. If you don't provide vital information to help us track down
|
|
the problem then you will probably be ignored. All bug reports should
|
|
be filed under the Samba 3.2 product in the project's Bugzilla
|
|
database (https://bugzilla.samba.org/).
|
|
|
|
|
|
======================================================================
|
|
== Our Code, Our Bugs, Our Responsibility.
|
|
== The Samba Team
|
|
======================================================================
|
|
|