mirror of
https://github.com/samba-team/samba.git
synced 2025-01-27 14:04:05 +03:00
68e5fa5087
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Sep 22 07:05:26 CEST 2014 on sn-devel-104
185 lines
6.4 KiB
Plaintext
185 lines
6.4 KiB
Plaintext
Release Announcements
|
|
=====================
|
|
|
|
This is the first release candidate of Samba 4.2. This is *not*
|
|
intended for production environments and is designed for testing
|
|
purposes only. Please report any defects via the Samba bug reporting
|
|
system at https://bugzilla.samba.org/.
|
|
|
|
Samba 4.2 will be the next version of the Samba suite.
|
|
|
|
|
|
UPGRADING
|
|
=========
|
|
|
|
Read the "Winbindd/Netlogon improvements" section (below) carefully!
|
|
|
|
|
|
NEW FEATURES
|
|
============
|
|
|
|
Transparent File Compression
|
|
============================
|
|
|
|
Samba 4.2.0 adds support for the manipulation of file and folder
|
|
compression flags on the Btrfs filesystem.
|
|
With the Btrfs Samba VFS module enabled, SMB2+ compression flags can
|
|
be set remotely from the Windows Explorer File->Properties->Advanced
|
|
dialog. Files flagged for compression are transparently compressed
|
|
and uncompressed when accessed or modified.
|
|
|
|
Previous File Versions with Snapper
|
|
===================================
|
|
|
|
The newly added Snapper VFS module exposes snapshots managed by
|
|
Snapper for use by Samba. This provides the ability for remote
|
|
clients to access shadow-copies via Windows Explorer using the
|
|
"previous versions" dialog.
|
|
|
|
Winbindd/Netlogon improvements
|
|
==============================
|
|
|
|
The whole concept of maintaining the netlogon secure channel
|
|
to (other) domain controllers is rewritten in order to maintain
|
|
global state in a netlogon_creds_cli.tdb. This is the proper fix
|
|
for a large number of bugs:
|
|
|
|
https://bugzilla.samba.org/show_bug.cgi?id=6563
|
|
https://bugzilla.samba.org/show_bug.cgi?id=7944
|
|
https://bugzilla.samba.org/show_bug.cgi?id=7945
|
|
https://bugzilla.samba.org/show_bug.cgi?id=7568
|
|
https://bugzilla.samba.org/show_bug.cgi?id=8599
|
|
|
|
In addition a strong session key is required by default now,
|
|
which means that communication to older servers or clients
|
|
might be rejected by default.
|
|
|
|
For the client side we the following new options:
|
|
"require strong key" (yes by default), "reject md5 servers" (no by default).
|
|
E.g. for Samba 3.0.37 you need "require strong key = no" and
|
|
for NT4 DCs you need "require strong key = no" and "client NTLMv2 auth = no",
|
|
|
|
On the server side (as domain controller) we have the following new options:
|
|
"allow nt4 crypto" (no by default), "reject md5 client" (no by default).
|
|
E.g. in order to allow Samba < 3.0.27 or NT4 members to work
|
|
you need "allow nt4 crypto = yes"
|
|
|
|
winbindd does not list group memberships for display purposes
|
|
(e.g. getent group <domain\<group>) anymore by default.
|
|
The new default is "winbind expand groups = 0" now,
|
|
the reason for this is the same as for "winbind enum users = no"
|
|
and "winbind enum groups = no". Providing this information is not always
|
|
reliably possible, e.g. if there're trusted domains.
|
|
|
|
Please consult the smb.conf manpage for more details on these new options.
|
|
|
|
Larger IO sizes for SMB2/3 by default
|
|
=====================================
|
|
|
|
The default values for "smb2 max read", "smb2 max write" and "smb2 max trans"
|
|
have been changed to 8388608 (8MiB) in order to match the default of
|
|
Windows 2012R2.
|
|
|
|
Improved DCERPC man in the middle detection
|
|
===========================================
|
|
|
|
The DCERPC header signing has been implemented
|
|
in addition to the dcerpc_sec_verification_trailer
|
|
protection.
|
|
|
|
Overhauled "net idmap" command
|
|
==============================
|
|
|
|
The command line interface of the "net idmap" command has been
|
|
systematized and subcommands for reading and writing the autorid idmap
|
|
database have been added. Note that the writing commands should be
|
|
used with great care. See the net(8) manual page for details.
|
|
|
|
tdb improvements
|
|
================
|
|
|
|
The tdb library, our core mechanism to store Samba-specific data on disk and
|
|
share it between processes, has been improved to support process shared robust
|
|
mutexes on Linux. These mutexes are available on Linux and Solaris and
|
|
significantly reduce the overhead involved with tdb. To enable mutexes for
|
|
tdb, set
|
|
|
|
dbwrap_tdb_mutexes:* = yes
|
|
|
|
in the [global] section of your smb.conf.
|
|
|
|
Tdb has furthermore improved to manage its file space more efficiently. This
|
|
will lead to smaller and less fragmented databases.
|
|
|
|
Messaging improvements
|
|
======================
|
|
|
|
Our internal messaging subsystem, used for example for things like oplock
|
|
break messages between smbds or setting a process debug level dynamically, has
|
|
been rewritten to use unix domain datagram messages.
|
|
|
|
Clustering support
|
|
==================
|
|
|
|
Samba's file server clustering component CTDB is now integrated in the
|
|
Samba tree. This avoids the confusion of compatibility of Samba and CTDB
|
|
versions as existed previously.
|
|
|
|
To build the Samba file server with cluster support, use the configure
|
|
command line option --with-cluster-support. This will build clustered
|
|
file server against the in-tree ctdb. Building clustered samba with
|
|
previous versions of CTDB is no longer supported.
|
|
|
|
CTDB is built separately from the ctdb/ sub-directory. To build CTDB,
|
|
use the following steps:
|
|
|
|
$ cd ctdb
|
|
$ ./configure
|
|
$ make
|
|
# make install
|
|
|
|
|
|
######################################################################
|
|
Changes
|
|
#######
|
|
|
|
smb.conf changes
|
|
----------------
|
|
|
|
Parameter Name Description Default
|
|
-------------- ----------- -------
|
|
|
|
allow nt4 crypto New no
|
|
neutralize nt4 emulation New no
|
|
reject md5 client New no
|
|
reject md5 servers New no
|
|
require strong key New yes
|
|
smb2 max read Changed default 8388608
|
|
smb2 max write Changed default 8388608
|
|
smb2 max trans Changed default 8388608
|
|
winbind expand groups Changed default 0
|
|
|
|
KNOWN ISSUES
|
|
============
|
|
|
|
|
|
#######################################
|
|
Reporting bugs & Development Discussion
|
|
#######################################
|
|
|
|
Please discuss this release on the samba-technical mailing list or by
|
|
joining the #samba-technical IRC channel on irc.freenode.net.
|
|
|
|
If you do report problems then please try to send high quality
|
|
feedback. If you don't provide vital information to help us track down
|
|
the problem then you will probably be ignored. All bug reports should
|
|
be filed under the Samba 4.2 product in the project's Bugzilla
|
|
database (https://bugzilla.samba.org/).
|
|
|
|
|
|
======================================================================
|
|
== Our Code, Our Bugs, Our Responsibility.
|
|
== The Samba Team
|
|
======================================================================
|
|
|