mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
eaebd8759b
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jul 4 11:25:07 UTC 2019 on sn-devel-184
246 lines
8.1 KiB
Plaintext
246 lines
8.1 KiB
Plaintext
Release Announcements
|
|
=====================
|
|
|
|
This is the first preview release of Samba 4.11. This is *not*
|
|
intended for production environments and is designed for testing
|
|
purposes only. Please report any defects via the Samba bug reporting
|
|
system at https://bugzilla.samba.org/.
|
|
|
|
Samba 4.11 will be the next version of the Samba suite.
|
|
|
|
|
|
UPGRADING
|
|
=========
|
|
|
|
|
|
NEW FEATURES/CHANGES
|
|
====================
|
|
|
|
Default samba process model
|
|
---------------------------
|
|
|
|
The default for the --model argument passed to the samba executable has changed
|
|
from 'standard' to 'prefork'. This means a difference in the number of samba
|
|
child processes that are created to handle client connections. The previous
|
|
default would create a separate process for every LDAP or NETLOGON client
|
|
connection. For a network with a lot of persistent client connections, this
|
|
could result in significant memory overhead. Now, with the new default of
|
|
'prefork', the LDAP, NETLOGON, and KDC services will create a fixed number of
|
|
worker processes at startup and share the client connections amongst these
|
|
workers. The number of worker processes can be configured by the 'prefork
|
|
children' setting in the smb.conf (the default is 4).
|
|
|
|
Authentication Logging.
|
|
-----------------------
|
|
|
|
Winbind now logs PAM_AUTH and NTLM_AUTH events, a new attribute "logonId" has
|
|
been added to the Authentication JSON log messages. This contains a random
|
|
logon id that is generated for each PAM_AUTH and NTLM_AUTH request and is passed
|
|
to SamLogon, linking the windbind and SamLogon requests.
|
|
|
|
The serviceDescription of the messages is set to "winbind", the authDescription
|
|
is set to one of:
|
|
"PASSDB, <command>, <pid>"
|
|
"PAM_AUTH, <command>, <pid>"
|
|
"NTLM_AUTH, <command>, <pid>"
|
|
where:
|
|
<command> is the name of the command makinmg the winbind request i.e. wbinfo
|
|
<pid> is the process id of the requesting process.
|
|
|
|
The version of the JSON Authentication messages has been changed to 1.2 from 1.1
|
|
|
|
LDAP referrals
|
|
--------------
|
|
|
|
The scheme of returned LDAP referrals now reflects the scheme of the original
|
|
request, i.e. referrals received via ldap are prefixed with "ldap://"
|
|
and those over ldaps are prefixed with "ldaps://"
|
|
|
|
Previously all referrals were prefixed with "ldap://"
|
|
|
|
Bind9 logging
|
|
-------------
|
|
|
|
It is now possible to log the duration of DNS operations performed by Bind9
|
|
This should aid future diagnosis of performance issues, and could be used to
|
|
monitor DNS performance. The logging is enabled by setting log level to
|
|
"dns:10" in smb.conf
|
|
|
|
The logs are currently Human readable text only, i.e. no JSON formatted output.
|
|
|
|
Log lines are of the form:
|
|
|
|
<function>: DNS timing: result: [<result>] duration: (<duration>)
|
|
zone: [<zone>] name: [<name>] data: [<data>]
|
|
|
|
durations are in microseconds.
|
|
|
|
Default schema updated to 2012_R2
|
|
---------------------------------
|
|
|
|
Default AD schema changed from 2008_R2 to 2012_R2. 2012_R2 functional level
|
|
is not yet available. Older schemas can be used by provisioning with the
|
|
'--base-schema' argument. Existing installations can be updated with the
|
|
samba-tool command "domain schemaupgrade".
|
|
|
|
Samba's replication code has also been improved to handle replication
|
|
with the 2012 schema (the core of this replication fix has also been
|
|
backported to 4.9.11 and will be in a 4.10.x release).
|
|
|
|
|
|
100,000 USER and LARGER Samba AD DOMAINS
|
|
========================================
|
|
|
|
Extensive efforts have been made to optimise Samba for use in
|
|
organisations (for example) targeting 100,000 users, plus 120,000
|
|
computer objects, as well as large number of group memberships.
|
|
|
|
Many of the specific efforts are detailed below, but the net results
|
|
is to remove barriers to significantly larger Samba deployments
|
|
compared to previous releases.
|
|
|
|
Reindex performance improvements
|
|
--------------------------------
|
|
|
|
The performance of samba-tool dbcheck --reindex has been improved,
|
|
especially for large domains.
|
|
|
|
join performance improvements
|
|
-----------------------------
|
|
|
|
The performance of samba-tool domain join has been improved,
|
|
especially for large domains.
|
|
|
|
LDAP Server memory improvements
|
|
-------------------------------
|
|
|
|
The LDAP server has improved memory efficiency, ensuring that large
|
|
LDAP responses (for example a search for all objects) is not copied
|
|
multiple times into memory.
|
|
|
|
Setting lmdb map size
|
|
---------------------
|
|
|
|
It is now possible to set the lmdb map size (The maximum permitted
|
|
size for the database). "samba-tool" now accepts the
|
|
"--backend-store-size" i.e. --backend-store-size=4Gb. If not
|
|
specified it defaults to 8Gb.
|
|
|
|
This option is avaiable for the following sub commands:
|
|
* domain provision
|
|
* domain join
|
|
* domain dcpromo
|
|
* drs clone-dc-database
|
|
|
|
LDB "batch_mode"
|
|
----------------
|
|
|
|
To improve performance during batch operations i.e. joins, ldb now
|
|
accepts a "batch_mode" option. However to prevent any index or
|
|
database inconsistencies if an operation fails, the entire transaction
|
|
will be aborted at commit.
|
|
|
|
New LDB pack format
|
|
-------------------
|
|
|
|
On first use (startup of 'samba' or the first transaction write)
|
|
Samba's sam.ldb will be updated to a new more efficient pack format.
|
|
This will take a few moments.
|
|
|
|
New LDB <= and >= index mode to improve replication performance
|
|
---------------------------------------------------------------
|
|
|
|
As well as a new pack format, Samba's sam.ldb uses a new index format
|
|
allowing Samba to efficiently select objects changed since the last
|
|
replication cycle. This in turn improves performance during
|
|
replication of large domains.
|
|
|
|
Improvements to ldb search performance
|
|
--------------------------------------
|
|
|
|
Search performance on large LDB databases has been improved by
|
|
reducing memory allocations made on each object.
|
|
|
|
Improvements to subtree rename performance
|
|
------------------------------------------
|
|
|
|
Improvements have been made to Samba's handling of subtree renames,
|
|
for example of containers and organisational units, however large
|
|
renames are still not recommended.
|
|
|
|
|
|
|
|
REMOVED FEATURES
|
|
================
|
|
|
|
Web server
|
|
----------
|
|
|
|
As a leftover from work related to the Samba Web Administration Tool (SWAT),
|
|
Samba still supported a Python WSGI web server (which could still be turned on
|
|
from the 'server services' smb.conf parameter). This service was unused and has
|
|
now been removed from Samba.
|
|
|
|
|
|
samba-tool join subdommain
|
|
--------------------------
|
|
|
|
The subdommain role has been removed from the join command. This option did
|
|
not work and has no tests.
|
|
|
|
|
|
Python2 support
|
|
---------------
|
|
|
|
Samba 4.11 will not have any runtime support for Python 2.
|
|
|
|
If you are building Samba using the '--disable-python' option
|
|
(i.e. you're excluding all the run-time Python support), then this
|
|
will continue to work on a system that supports either python2 or
|
|
python3.
|
|
|
|
To build Samba with python2 you *must* set the 'PYTHON' environment
|
|
variable for both the 'configure' and 'make' steps, i.e.
|
|
'PYTHON=python2 ./configure'
|
|
'PYTHON=python2 make'
|
|
This will override the python3 default.
|
|
|
|
Except for this specific build-time use of python2, Samba now requires
|
|
Python 3.4 as a minimum.
|
|
|
|
smb.conf changes
|
|
================
|
|
|
|
Parameter Name Description Default
|
|
-------------- ----------- -------
|
|
|
|
web port Removed
|
|
fruit:zero_file_id Changed default False
|
|
|
|
|
|
KNOWN ISSUES
|
|
============
|
|
|
|
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.11#Release_blocking_bugs
|
|
|
|
|
|
#######################################
|
|
Reporting bugs & Development Discussion
|
|
#######################################
|
|
|
|
Please discuss this release on the samba-technical mailing list or by
|
|
joining the #samba-technical IRC channel on irc.freenode.net.
|
|
|
|
If you do report problems then please try to send high quality
|
|
feedback. If you don't provide vital information to help us track down
|
|
the problem then you will probably be ignored. All bug reports should
|
|
be filed under the Samba 4.1 and newer product in the project's Bugzilla
|
|
database (https://bugzilla.samba.org/).
|
|
|
|
|
|
======================================================================
|
|
== Our Code, Our Bugs, Our Responsibility.
|
|
== The Samba Team
|
|
======================================================================
|
|
|