WHATSNEW: Attach older 3.3 release notes.

Karolin
(cherry picked from commit adbba72c332b59f4ffe87cb25c5ec7f8d90148dc)

1 files changed, 1310 insertions, 0 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index bbfb3674cda..d5326632e1f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -106,3 +106,1313 @@ database (https://bugzilla.samba.org/).
 == The Samba Team
 ======================================================================
 
+
+Release notes for older releases follow:
+----------------------------------------
+
+
+                   =============================
+                   Release Notes for Samba 3.3.4
+			  April, 29  2009
+                   =============================
+
+
+This is the latest bugfix release of the Samba 3.3 series.
+
+Major enhancements in Samba 3.3.4 include:
+
+    o Fix domain logins for WinXP clients pre SP3 (bug #6263).
+    o Fix samr_OpenDomain access checks (bug #6089).
+    o Fix usrmgr.exe creating a user (bug #6243).
+
+
+######################################################################
+Changes
+#######
+
+
+Changes since 3.3.3:
+--------------------
+
+
+o   Michael Adam <obnox@samba.org>
+    * net conf: Save share name as given, not as lower case only.
+    * Prevent creation of registry keys containing the '/' character.
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 6089: Fix samr_OpenDomain access checks.
+    * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
+      "msdfs root" set to "yes".
+    * BUG 6279: Fix Winbind crash.
+    * Allow pdbedit to change a user rid/sid.
+    * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
+    * Don't access a freed structure when logging off and re-using a vuid.
+
+
+o   Günther Deschner <gd@samba.org>
+    * BUG 5329: Add "net rpc service delete/create".
+    * BUG 6238: Make sure wbcLogoffUserParams are properly initialized before
+      freed.
+    * BUG 6263: Fix domain logins for WinXP clients pre SP3.
+    * BUG 6286: Call init function for builtin idmap modules before probing for
+      them as shared modules.
+    * Try to to fix password_expired flag handling.
+    * Make sure to grey out change fields in the netdomjoin-gui when not
+      running as root.
+
+
+o   Jim McDonough <jmcd@samba.org>
+    * Don't look up local user for remote changes, even when root.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * BUG 6243: Fix usrmgr.exe creating a user.
+    * Use procid_str in debug messages for better cluster-debuggability.
+    * Use cluster-aware procid_is_me instead of comparing pids.
+    * Fix smbd crash for close_on_completion.
+    * Fix a memleak in an unlikely error path in change_notify_create().
+    * Do not use the file system GET_REAL_FILENAME for mangled names.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * Fix a crash bug if we timeout in net rpc trustdom list.
+    * Add '--request-timeout' option to net.
+
+
+o   Martin Schwenke <martin@meltin.net>
+    * In net_conf_import, start a transaction when importing a single share.
+
+
+o   Simo Sorce <ssorce@redhat.com>
+    * Fix writing of roaming profiles with "profile acls" set to "yes".
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+                   =============================
+                   Release Notes for Samba 3.3.3
+			    April, 1 2009
+                   =============================
+
+This is the latest bugfix release release of the Samba 3.3 series.
+
+Major enhancements in Samba 3.3.3 include:
+
+    o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
+      correctly (bug #6195).
+    o Fix serving of files with colons to CIFS/VFS client (bug #6196).
+    o Fix "map readonly" (bug #6186).
+
+
+######################################################################
+Changes
+#######
+
+
+Changes since 3.3.2:
+--------------------
+
+
+o   Michael Adam <obnox@samba.org>
+    * BUG 6195: Don't let smbd child processes panic.
+    * Add backend_requires_messaging() method to libsmbconf.
+    * Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf.
+    * Fall back to file backend when no valid backend was found.
+    * Fix a memleak in dbwrap_rbt.
+    * Provide transaction_start|commit|cancel fns for the registry tdb.
+    * Speed up "net conf drop".
+    * Speed up "net conf import".
+    * Add transactions to the libsmbconf API.
+    * Reduce memory usage of "net conf import".
+    * Registry cleanup.
+    * Fix handling of SAMBA_VERSION_VENDOR_PATCH.
+    * Fix build of pam_winbind.so with static linking.
+    * Tidy up some convert_string_internal error cases.
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 6186: Fix map readonly.
+    * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
+      correctly.
+    * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
+    * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs
+      to run elections.
+    * Allow DFS client paths to work when POSIX pathnames have been
+      selected.
+    * Try and fix the build farm RAW-STREAMS errors.
+    * Ensure files starting with multiple dots are hidden.
+
+
+o   Günther Deschner <gd@samba.org>
+    * BUG 6102: NetQueryDisplayInformation could return wrong information.
+    * BUG 6193: Avoid messing with sync_context in libnet_samsync_delta().
+    * Fix notify_printer_status_byname.
+    * Fix Coverity IDs 722, 762, 774, 775, 776.
+
+
+o   Björn Jacke <bj@sernet.de>
+    * Fix build on old Heimdal based systems.
+    * Fix compile warning.
+    * Use parentheses in if condition to make negation clear.
+
+
+o   Andy Kelk <andy@mopoke.co.uk>
+    * Add dirsort module.
+
+
+o   Steve Langasek <vorlon@debian.org>
+    * BUG 6147: Fix detection of the GNU ld version.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * BUG 6097: Fix smbd segfault.
+    * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
+      members.
+    * BUG 6139: Add missing whitespace in mount.cifs error message.
+    * Fix a malloc/talloc mismatch when cli_initialise() fails.
+    * Fix a valgrind error.
+    * Speed up "net conf list".
+    * Add sorted subkey cache.
+    * Use StrCaseCmp in the dirsort module.
+    * Document the dirsort module.
+    * Fix the build on HP/UX.
+    * Disable dns_sd by default.
+    * Add avahi detection to configure.
+    * Add event avahi binding.
+    * Use avahi to register _smb._tcp in smbd.
+    * Fix two memleaks in the encryption code.
+    * Fix a scary "fill_share_mode_lock failed" message.
+
+
+o   Derrell Lipman <derrell@dworkin.(none)>
+    * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set
+      errno.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * Don't use reserved words in smbconftort.
+    * Fix smb signing for fragmented trans/trans2/nttrans requests.
+
+
+o   Tim Prouty <tprouty@samba.org>
+    * Parse_packet can return NULL which is then dereferenced in
+      match_mailslot_name.
+
+
+o   Timur <timur@FreeBSD.org>
+    * Format the header check for netinet/ip.h more nicely.
+    * Fix detection of netinet/ip.h on FreeBSD.
+
+
+o   Alexander Zagrebin <alexz@visp.ru>
+    * Missing break in conversion function prevents tdb password database
+      update.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+                   =============================
+                   Release Notes for Samba 3.3.2
+			   March, 12 2009
+                   =============================
+
+This is the latest bugfix release release of the Samba 3.3 series.
+
+Major enhancements in Samba 3.3.2 include:
+
+     * Fix "force group" (bug #6155).
+     * Fix saving of files on Samba share using MS Office 2007 (bug #6160).
+     * Fix guest authentication in setups with "security = share" and
+      "guest ok = yes" when Winbind is running.
+     * Fix corruptions of source path in tar mode of smbclient (bug #6161).
+
+
+######################################################################
+Changes
+#######
+
+
+Changes since 3.3.1:
+--------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 6082: Fix renaming and deleting of directories using Windows clients.
+    * BUG 6154: Make ZFS honor admin users.
+    * BUG 6155: Fix "force group".
+    * BUG 6160: Fix saving of files on Samba share using MS Office 2007.
+    * BUG 6161: Fix corruptions of source path in tar mode of smbclient.
+    * Fix some NetBSD warnings.
+    * Fix bug in processing of open modes in POSIX open.
+    * Fix use of streams modules with CIFSFS client.
+    * Ensure ACL modules work with POSIX paths.
+    * Use fsp->posix_open in preference if we have it.
+    * Fix more POSIX path lstat calls.
+
+
+o   Andrew Tridgell <tridge@samba.org>
+    * Fix a bug in message handling for the change notify code.
+
+
+o   Steven Danneman <steven.danneman@isilon.com>
+    * Fix guest authentication in setups with "security = share" and "guest ok =
+      yes" when Winbind is running.
+
+
+o   Steve French <smfrench@gmail.com>
+    * BUG 4640: Fix guest mounts in mount.cifs.
+    * Fix displaying the version string properly when no other parameters passed
+      in in mount.cifs.
+
+
+o   Björn Jacke <bj@sernet.de>
+    * Prefer gssapi header files from subdirectory.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * BUG 6124: Fix the build on IRIX.
+    * BUG 6176: winbindd -n should disable the winbind idmap cache.
+    * Add a vfs_preopen module to hide fs latencies.
+    * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
+    * Fix a valgrind error / segfault in dns_register_smbd().
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * Fix build on SLES8.
+    * Decremented by 1 for ntcancel requests.
+
+
+o   Tim Prouty <tprouty@samba.org>
+    * Fix creation of core files.
+
+
+o   Dan Sledz <dan.sledz@isilon.com>
+    * Fix first mapping of uids/gids in Winbind.
+
+
+o   Bo Yang <boyang@novell.com>
+    * Initialize the id_map status in idmap_ldap to avoid surprise.
+    * Fix initialization of idmap status.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+                   =============================
+                   Release Notes for Samba 3.3.1
+			  February, 24 2009
+                   =============================
+
+This is the latest bugfix release release of the Samba 3.3 series.
+
+Major enhancements in Samba 3.3.1 include:
+
+     * Fix net ads join when "ldap ssl = start tls" (bug #6073).
+     * Fix renaming/deleting of files using Windows clients (bug #6082).
+     * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090).
+     * Fix remotely adding a share via the Windows MMC.
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+    Parameter Name                      Description     Default
+    --------------                      -----------     -------
+    ldap ssl ads			New		No
+
+
+Changes since 3.3.0:
+--------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 6082: Fix renaming/deleting of files using Windows clients.
+    * BUG 6069: Fix build with too many arguments.
+    * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink.
+    * BUG 6099: Try to fix domain join of Win7 Beta.
+    * BUG 6117: Fix core dump of pdbedit -a.
+    * BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL
+      filesystem.
+    * Fix Coverity IDs 115, 116, 117, 602.
+    * Fix warning (bad handler prototype).
+    * Unify the detection of the timespec code in configure.in, and the
+      application of it in time.c.
+    * Correctly use chroot().
+    * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered"
+      read from the rpc packet in spoolss is under that size.
+    * Backport the semantics of when to delete alternate data streams on a file
+      truncate.
+    * Fix printf warnings.
+    * Fix warnings on Solaris.
+
+
+o   Michael Adam <obnox@samba.org>
+    * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
+    * BUG 6073: Prevent ads_connect() from using SSL unless explicitly
+      requested.
+    * Fix 'getent passwd' to allocate new uids.
+    * Fix 'getent group' to allocate new gids.
+    * Remove check for sharename being a username in 'net conf
+      addshare'.
+
+
+o   Guenther Deschner <gd@samba.org>
+    * Fix Coverity ID 848.
+    * Remove unused ENUM_HND from 'net'.
+    * Fix getform command asprintf return code in rpcclient.
+    * Fix memleak in get_remote_printer_publishing_data().
+    * Remove duplicate prototypes for generated rpc server functions.
+
+
+o   Holger Hetterich <hhetter@novell.com>
+    * Enable total anonymization in vfs_smb_traffic_analyzer.
+
+
+o   Bjoern Jacke <bj@sernet.de>
+    * Fix build with external dns_sd libraries.
+    * Fix configure check "sub-second timestamps without struct timespec".
+    * Add configure check for AIX style sub-second resolution support.
+    * Add configure check for Tru64 sub-second timestamp resolution.
+    * Add Tru64 sub-second resolution timestamp support.
+    * Enable IPv6 support for NetBSD and FreeBSD.
+    * Use correct BSD evironment variable.
+
+
+o   Guenter Kukkukk <linux@kukkukk.com>
+    * Don't try and delete a default ACL from a file.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * BUG 5798: CFLAGS info lost in configure.
+    * Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880.
+    * Fix remotely adding a share via the Windows MMC.
+    * Avoid valgrind errors.
+    * Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
+    * Fix resume handle for _samr_EnumDomainGroups.
+    * Fix a buffer handling bug when adding lots of registry keys.
+    * Fix a O(n^2) algorithm in regdb_fetch_keys().
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * Initialize rc to 0 in main in mount.cifs.
+
+
+o   Derrell Lipman <derrell.lipman@unwireduniverse.com>
+    * BUG 6069: Add a fstatvfs function for libsmbclient.
+    * Eliminate compiler warnings.
+
+
+o   Glenn Machin <gmachin@sandia.gov>
+    * Don't miss an absolute pathname as a kerberos keytab path.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * BUG 6100: Implement _netr_LogonGetCapabilities() with
+      NT_STATUS_NOT_IMPLEMENTED.
+    * Make Samba work with older ctdb versions.
+    * Add S-1-22-X-Y sids to the local token.
+
+
+o   Lars Mueller <lars@samba.org>
+    * Conditional install of the cifs.upcall man page.
+    * Adjust regex to match variable names including underscores.
+
+
+o   Shirish Pargaonkar <shirishpargaonkar@gmail.com>
+    * BUG 4370: Clean-up entries in /etc/mtab after unmount.
+    * Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+
+
+o   Ted Percival <ted.percival@quest.com>
+    * Fix a crash during name resolution.
+
+
+o   Tim Prouty <tprouty@samba.org>
+    * Fix "assignment discards qualifiers from pointer target type"
+      warnings.
+    * Fix SMB_VFS_RECVFILE/SENDFILE macros.
+
+
+o   Karolin Seeger <kseeger@samba.org>
+    * Change "ldap ssl:ads" parameter to "ldap ssl ads".
+    * Add manpages for vfs_acl_xattr and vfs_acl_tdb.
+
+
+o   Dan Sledz <dsledz@isilon.com>
+    * Fix double free caused by incorrect talloc_steal usage.
+
+
+o   Simo Sorce <idra@samba.org>
+    * Build ldbrename.
+
+
+o   Aravind Srinivasan <aravind.srinivasan@isilon.com>
+    * Make nmbd check all available interfaces for WINS before failing.
+
+
+o   Miguel Suarez <Miguel.Suarez@stratus.com>
+    * Fix compilation of vfs_default on systems that do not support utimes().
+
+
+o   Yasuma Takeda <yasuma@osstech.co.jp>
+    * BUG 5920: Fix the calculation of the memcpy length.
+    * BUG 6098: Fix ads_find_dc() in setups with "security = domain".
+
+
+o   Bo Yang <boyang@novell.com>
+    * Make libsmbclient work with DFS.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+                   =============================
+                   Release Notes for Samba 3.3.0
+			  January, 27 2009
+                   =============================
+
+This is the first stable release of Samba 3.3.0.
+
+Major enhancements in Samba 3.3.0 include:
+
+ General changes:
+ o The passdb tdbsam version has been raised.
+
+ Configuration/installation:
+ o Splitting of library directory into library directory and separate
+   modules directory.
+ o The default value of "ldap ssl" has been changed to "start tls".
+
+ File Serving:
+ o Extended Cluster support.
+ o New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb"
+   to store NTFS ACLs on Samba file servers.
+
+ Winbind:
+ o Simplified idmap configuration.
+ o New idmap backends "adex" and "hash".
+ o Added new parameter "winbind reconnect delay".
+ o Added support for user and group aliasing.
+ o Added support for multiple domains to idmap_ad.
+
+ Administrative tools:
+ o The destination "all" of smbcontrol does now affect all running
+   daemons including nmbd and winbindd.
+ o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
+ o The 'net' utility can now use kerberos for joining and authentication.
+ o The 'wbinfo' utility can now add, modify and remove identity mapping entries.
+
+ Libraries:
+ o NetApi library implements various new calls for User- and Group
+   Account Management.
+ o libsmbclient does now determine case sensitivity based on file system
+   attributes.
+
+
+General changes
+===============
+
+The passdb tdbsam version has been raised as among other things the RID counter
+has been moved from the winbindd_idmap.tdb to the passdb.tdb file to make
+"passdb backend = tdbsam" working in clustered environments.
+
+Please note that an updated passdb.tdb file is _not_ compatible with Samba
+versions before 3.3.0! Please backup your passdb.tdb file if
+you use "passdb backend = tdbsam". That can be achieved by running
+
+'tdbbackup /etc/samba/passdb.tdb'
+
+before the update.
+
+
+Configure changes
+=================
+
+The configure option "--with-libdir" has been removed. The library
+directory can still be specified by using the existing "--libdir" option.
+A new option "--with-modulesdir" has been added to allow the specification
+of a separate directory for the shared modules.
+
+
+Configuration changes
+=====================
+
+The default value of "ldap ssl" has been changed to "start tls". This means,
+Samba will use the LDAPv3 StartTLS extended operation (RFC2830) for
+communicating with directory servers by default. If your directory servers
+do not support this extended operation, you will have to set
+"ldap ssl = no". Otherwise, Samba could not contact the directory servers
+anymore!
+
+
+Winbind idmap backend changes
+=============================
+
+The idmap configuration has changed with version 3.3 to something that
+allows a smoother upgrade path from pre-3.0.25 configurations that use
+"idmap backend". The reason for this change is that to many, also to Samba
+developers, the 3.0.25 style configuration with "idmap config" turned out
+to be very complex. Version 3.3 no longer deprecates the "idmap backend"
+parameter, instead with "idmap backend" the default idmap backend is
+specified.
+
+Accordingly, the "idmap config <domain> : default = yes" setting is no
+longer being looked at.
+
+The alloc backend defaults to the default backend, which should be able to
+allocate IDs. In the default distribution the tdb and ldap backends can
+allocate, the ad and rid backends can not. The idmap alloc range is now
+being set with the "old" parameters "idmap uid" and "idmap gid".
+
+The "idmap domains" parameter has been removed.
+
+
+winbind reconnect delay
+=======================
+
+This is a new parameter which specifies the number of seconds the Winbind
+daemon will wait between attempts to contact a Domain controller for a domain
+that is determined to be down or not contactable.
+
+
+Winbind's Name Aliasing
+=======================
+
+Name aliasing in Winbind is a feature that allows an administrator to
+map a fully qualified user or group name from a Windows domain to a
+convenient short name for Unix access.  This is similar to the username
+map functionality supported by smbd but is primary intended for
+clients and servers making use of Winbind's PAM and NSS libraries.
+
+For example, the user "DOMAIN\fred" has been mapped to the Unix name
+"freddie".
+
+   $ getent passwd "DOMAIN\fred"
+   freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
+
+   $ getent passwd freddie
+   freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
+
+The name aliasing support is provided by individual nss_info plugins.
+For example, the new "adex" plugin reads the uid attribute from Active
+Directory to make a short login name to the fully qualified name.
+While the new "hash" module utilizes a local file to map "short_name
+= QUALIFIED\name".  Both user and group name mapping is supported.
+Please refer to the "winbind nss info" option in smb.conf(5) and
+to individual plugin man pages for further details.
+
+
+idmap_hash
+==========
+
+The idmap_hash plugin provides similar support as the idmap_rid
+module.  However, uids and gids are generated from the full domain
+SID using a hashing algorithm that maps the lower 19 bits from the user
+or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from
+the domain SID to bits 20 - 30 in the Unix id.  The result is a 31 bit
+uid or gid that is consistent across machines and provides support for
+trusted domains.
+
+Please refer to the idmap_hash(8) man page for more details.
+
+
+idmap_adex
+==========
+
+The adex idmap/nss_info plugin is an adaptation of the Likewise
+Enterprise plugin with support for OU based cells removed
+(since the Windows pieces to manage the cells are not available).
+
+This plugin supports
+
+      * The RFC2307 schema for users and groups.
+      * Connections to trusted domains
+      * Global catalog searches
+      * Cross forest trusts
+      * User and group aliases
+
+Prerequisite: Add the following attributes to the Partial Attribute
+Set in global catalog:
+
+      * uidNumber
+      * uid
+      * gidNumber
+
+A basic config using the current trunk code would look like:
+
+[global]
+	idmap backend = adex
+	idmap uid = 10000 - 29999
+	idmap gid = 10000 - 29999
+	winbind nss info = adex
+
+	winbind normalize names = yes
+	winbind refresh tickets = yes
+	template homedir = /home/%D/%U
+	template shell = /bin/bash
+
+Please refer to the idmap_adex(8) man page for more details.
+
+
+Libraries
+=========
+
+libsmbclient will now treat file names case-sensitive by default if the filesystem
+we are connecting to supports case sensitivity. This change of behavior is
+considered a bug fix, as it was previously possible to accidentally overwrite a
+file that had the same case-insensitive name but a different case-sensitive name
+as a previously-existing file, while creating a new file.
+
+If it is not possible to detect if the filesystem supports case sensitivity,
+the user-specified option value will be used.
+
+
+######################################################################
+Changes
+#######
+
+smb.conf changes
+----------------
+
+    Parameter Name                      Description     Default
+    --------------                      -----------     -------
+    cups connection timeout		New		30
+    idmap config DOM:range		Removed
+    idmap domains			Removed
+    init logon delayed hosts		New		""
+    init logon delay			New		100
+    ldap ssl				Changed Default	start tls
+    share modes				Deprecated
+    winbind reconnect delay		New		30
+
+
+Changes since 3.3.0rc2:
+-----------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 4308: Fix corrupting of file ACLs during Excel save operations.
+    * BUG 5979: Fix level 2 oplocks being granted improperly.
+    * BUG 5980: Race condition when granting level2 oplocks can cause break
+      notify to be missed.
+    * BUG 5986: Editing a stream is broken (rename problems).
+    * BUG 5990: Strict allocate should be checked before ftruncate.
+    * BUG 6009: Setting "min receivefile size = 1" breaks writes.
+    * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
+    * BUG 6017: Fix magic scripts.
+    * BUG 6019: Fix file corruption in Clustered SMB/NFS environment managed via
+      CTDB.
+    * BUG 6021: smbclient du command does not recuse properly.
+    * BUG 6024: Deprecate the "share modes" parameter.
+    * BUG 6030: Add missing <th> header in Status page.
+    * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
+    * BUG 6040: Calling Samba print server with an aliased DNS-name fails.
+    * Fix gcc 4.3.2 warnings.
+    * Fix more asprintf errors and error code paths.
+    * Attempt to fix crash seen with new CUPS async printcap loading code.
+    * Add winbindd_reinit_after_fork(), cleaning out all possible events
+      in a forked child.
+    * Make winbindd_cm.c use winbindd_reinit_after_fork().
+    * Fix race condition in alarm lock processing.
+    * Fixes crash bug in SWAT.
+
+
+o   Michael Adam <obnox@samba.org>
+    * Fix build of pam_winbind.so on older Linux systems.
+    * Packaging RHEL-CTDB: Fix build of [u]mount.cifs.
+    * Prevent access to root filesystem when connecting with empty service name.
+    * Fix distclean target and add realdistclean target in the docs build.
+    * Add manpage for idmap_tdb2.
+    * Clarify idmap manpages.
+
+
+o   Kai Blin <kai@samba.org>
+    * BUG 5953: Fix smbclient crashes.
+
+
+o   Gerald (Jerry) Carter <jerry@samba.org>
+    * Fix "allow trusted domain" so it disables trusted domains.
+    * Return immediately on a failed GC connection in ads_connect.
+
+
+o   SATOH Fumiyasu <fumiyas@osstech.jp>
+    * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
+    * Fix SIGBUS on non-x86 CPUs in libsmbclient.
+    * Fix a compile-time warning.
+
+
+o   Holger Hetterich <hhetter@novell.com>
+    * Add a simple tdb integrity check to tdbtool.
+
+
+o   Björn Jacke <bj@sernet.de>
+    * Correct the description of the "ldap timeout" parameter.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * BUG 5913: Fix build error with at least GCC 4.2.2.
+    * BUG 5933: Fix incrementing/decrementing of num_validated_vuids.
+    * BUG 5953: Make cli_send_smb_direct_writeX use writev.
+    * BUG 5965: Fix creation of the first share using SWAT.
+    * BUG 5969: Optimize smbclient put command.
+    * BUG 6012: Add "get_real_filename" to full_audit.
+    * BUG 6014: Fix segfault when calling mget without arguments.
+    * Fix a spinning smbd when printing.
+    * Fix a memory leak in cups_pull_comment_location.
+    * Fix a valgrind error.
+    * Fix a "ignoring function call result" warning.
+    * Fix some C++ warnings.
+    * Fix an ancient uninitialized variable read.
+    * Fix a bad memleak in vfs_full_audit.
+
+
+o   Derrell Lipman <derrell.lipman@unwireduniverse.com>
+    * BUG 6022: Make smbc_urlencode and smbc_urldecode in libsmbclient.
+    * Determine case sensitivity based on file system attributes.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * net_status: Use dbwrap to open sessionid.tdb.
+    * Fix dbwrap_store_uint32() to match dbwrap_store_int32().
+    * Make marshalling struct samu from and to a buffer more generic.
+    * Store the next rid counter in passdb.tdb instead of winbind_idmap.tdb.
+    * Register the client connection via CTDB_CONTROL_TCP_ADD.
+    * Don't need to call messaging_reinit() twice.
+    * Raise TDBSAM_VERSION.
+    * Add manpage for vfs_fileid.
+    * Rename 'fd_event' to 'winbindd_fd_event' to avoid confusion.
+    * Recreate the per domain check_online_event without relying on global
+      state.
+    * Handle the smb signing states the same in the krb5 and ntlmssp cases.
+    * Re-add 'fileid:algorithm' option to vfs_fileid.
+    * Fix CTDB IPv6 support in cluster setups.
+    * Reinit_after_fork() should reinit the event context before the
+      messaging context.
+    * Fix PCAP support in socket_wrapper.
+
+
+o   Lars Müller <lars@samba.org>
+    * Tweak with pam defines of older Linux versions.
+
+
+o   Tim Prouty <tprouty@samba.org>
+    * Fix stream marshalling to return the correct streaminfo status.
+    * Allow renames of streams via NTRENAME and fix stream error codes on
+      rename.
+    * Remove a few unnecessary checks from the streams xattr module.
+    * Remove a few unnecessary checks from the streams depot module and fix to
+      work with NTRENAME.
+
+
+o   Andreas Schneider <anschneider@suse.de>
+    * Fix a segfault if ? is there but the options are NULL.
+    * Avoid flooding of syslog with failing pam_putenv messages.
+
+
+o   Karolin Seeger <kseeger@samba.org>
+    * BUG 6000: Avoid bashism in perfcount.init.
+    * Change default value of "ldap ssl" to "start tls".
+    * Update version number in the manpages.
+    * Fix several small issues and typos in the manpages.
+    * Check if Unix account exists before asking for the password in smbpasswd.
+
+
+o   Todd Stecher <todd.stecher@gmail.com>
+    * Fix memory leaks and other fixes found by Coverity.
+
+
+o   Bo Yang <boyang@novell.com>
+    * Clean event context after child is forked.
+    * Fix broken krb5 refresh chain.
+    * Set entry->refresh_time to make ccache_regain_all_now() work correctly.
+    * Refresh sequence number as soon as possible.
+    * Don't set child->requests to NULL in parent after fork.
+    * Don't send message to any other child in child process.
+    * Fix bug in get_dc_name_via_netlogon(), null pointer reference.
+
+
+
+"Changes since" sections of 3.3 previews and release candidates follow:
+=======================================================================
+
+Changes since 3.3.0rc1:
+------------------------
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 1254: Fix "write list" in setups using "security = share".
+    * BUG 5937: Fix filenames with "*" char hiding other files.
+    * BUG 5953: Fix segfaults in smbclient.
+    * Fix usrmgr opening a user object as non-root.
+
+
+o   Michael Adam <obnox@samba.org>
+    * BUG 3661: Add support for trusted domains to idmap_ad.
+    * Fix default backend handling for ad backends.
+    * Fix potential segfault in vfs_tsmsm.
+    * Fix several RHEL CTDB packaging issues.
+
+
+o   Guenther Deschner <gd@samba.org>
+    * BUG 5957: Do not abort rename process on valid rename script.
+    * Fix various potential memleaks in samr_SetUserInfo.
+    * Fix access bits in netapi.
+
+
+o   Steve French <stevef@smf-t60p.smfdom>
+    * BUG 5934: Use USER environment in mount.cifs when no user is specified.
+    * variable
+
+
+o   SATOH Fumiyasu <fumiyas@osstech.co.jp>
+    * BUG 5688: LPQ process is orphaned if socket address parameter is invalid.
+    * Vars for signals must be volatile sig_atomic_t.
+
+
+o   Henning Henkel <henning.henkel@fh-furtwangen.de>
+    * BUG 5929: Fix build of vfs_prealloc with option --with-cluster-support and
+      GPFS.
+
+
+o   Tomasz Krasuski <kr0tki@poczta.onet.pl>
+    * BUG 5928: Fix 'testparm --version'.
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * Allow mounts to ipv6 capable servers in mount.cifs.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
+      non-encrypted packet with the crypto state set.
+    * Fix error code when smbclient puts a file over an existing directory.
+    * Pass the get_real_filename operation through the VFS.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * BUG 5749: Re-set acctflags while joining.
+    * Fix several issues concerning Alternate Data Streams.
+    * Fix valgrind bug lp_parm_const_string().
+    * Fix setting of trust passwords using 'net rpc trustdom add'.
+    * Correctly detect if the current dc is the closest one.
+
+
+o   Tim Prouty <tprouty@samba.org>
+    * Fix a delete on close divergence from windows.
+
+
+o   Dan Sledz <dsledz@isilon.com>
+    * Fix logging to syslog.
+
+
+o   Yasuma Takeda <yasuma@osstech.co.jp>
+    * BUG 5944: Fix starting of nmbd with "socket address" set to "".
+
+
+o   Bo Yang <boyang@novell.com>
+    * Fix script installmo.sh when no .po file exists.
+
+
+----------------------------------------------------
+
+Changes since 3.3.0pre2:
+------------------------
+
+o   Michael Adam <obnox@samba.org>
+    * Fix eventlog crash.
+    * Make keytab filename argument mandatory to "net rpc vampire keytab".
+    * Add domain prefix to username in lookup_groupmem().
+    * Honour "winbind use default domain" in lookup_groupmem().
+    * Sanely handle NULL domain in add_member().
+    * Don't list the domain twice when expanding internal aliases.
+    * Prevent negative GM/ cache entries due to broken connections.
+    * Use the reconnect methods instead of the rpc methods directly.
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 5080: Fix access to cups-printers with cups 1.3.4.
+    * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
+    * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
+    * BUG 5825: Fix account locking with an LDAP backend.
+    * BUG 5826: Fix truncated filenames when accessing old servers.
+    * BUG 5873: Fix ACL inheritance.
+    * BUG 5889: Fix "delete veto files = no".
+    * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
+      list".
+    * BUG 5900: Fix vfs_readonly.
+    * BUG 5903: Fix breaking of file contents in vfs_streams_xattr.
+    * BUG 5904: Fix SIGABRT while servicing getaddrinfo() request caused by
+      libnss_wins.
+    * BUG 5914: Fix redefinition of struct name_list.
+    * Correctly fix smbclient to terminate on eof from server.
+    * Fix client timeout when searching for a large number of cups printers.
+    * Unify access checks for lsa server functions.
+    * Remove the requirement for ldap call made as root.
+    * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
+    * Fix net rpc vampire, based on an *amazing* piece of debugging work by
+      "Cooper S. Blake" <the_analogkid@yahoo.com>.
+    * Fix memory leak in error path, spotted by Martin Zielinski <mz@seh.de>.
+    * Add vfs_acl_tdb.c module to do ACLs completely in userspace.
+    * Use fxattr calls whenever possible (trying to work around the strange
+      Linux kernel oplock bug).
+
+
+o   Kai Blin <kai@samba.org>
+    * BUG 5892: Fix net rap printq info documentation.
+    * Add placeholder functions to libwbclient.
+
+
+o   Gerald (Jerry) Carter <jerry@samba.org>
+    * Use the same prerequisite for DDNS update as Windows XP.
+    * Make "lwinet ads dns register" honor the "interfaces" parameter.
+
+
+o   Steven Danneman <steven.danneman@isilon.com>
+    * Add options to manage identity mapping entries to wbinfo and Winbind.
+    * Fix to allow setting of NULL DACL/SACL.
+
+
+o   Guenther Deschner <gd@samba.org>
+    * BUG 5888: Fix remote rpc service management.
+    * Ensure consistency when reporting password complexity.
+    * Fix _lsa_GetUserName.
+    * Fix access check in _samr_QuerySecurity().
+    * _samr_DeleteUser needs to wipe out the user_handle on success.
+    * NetGroupEnum_r needs to handle servers with no groups.
+    * Fix numerous netapi issues.
+    * Add support for partial and delta netlogon replication in
+      "net rpc vampire".
+    * Add automatic machine password update in Winbind for member servers.
+    * Add German internalization for pam_winbind.
+    * Add Winbind krb5 locator plugin manpage.
+    * Add new wbclient wbcLookupDomainControllerEx call.
+    * Use autogenerated DCE/RPC routines for one more call on SVCCTL
+      named pipe.
+    * Use autogenerated NBT routines from Samba4 for Mailslot/CLDAP
+      parsing.
+    * Fix Winbind password change code for Windows 2000 DCs.
+    * Fix PNP_HwProfInfo NDR parsing.
+    * Add wbclient wbcLogonUser and wbcLogoffUserEx functions.
+    * Add automatic home directory creation for pam_winbind.
+
+
+o   Mathias Dietz <MDIETZ@de.ibm.com>
+    * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
+
+
+o   Dina Fine <dina@exanet.com>
+    * BUG 5908: Fix internal change notify on share directories.
+
+
+o   Nils Goroll <nils.goroll@hamburg.de>
+    * BUG 5135: Prevent calling POSIX ACL vfs methods on zfs share.
+    * BUG 5446: Prevent calling POSIX ACL vfs methods on zfs share.
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * Have uppercase_string return success on NULL pointer in mount.cifs.
+    * Make mount.cifs return codes match the return codes for /bin/mount.
+
+
+o   Volker Lendecke <vl@samba.org>
+    * BUG 5691: Fig smbd panic on Solaris.
+    * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
+    * BUG 5860: safe_strcpy gives a nasty error message for overlong strings.
+    * Fix the offset checks in the trans routines (CVE-2008-4314).
+    * Fix a potential NULL deref in found by the IBM Checker.
+    * Fix an uninitialized variable found by the IBM Checker.
+    * Fix an unlikely memleak found by the IBM Checker.
+    * Fix some missing error handlings.
+    * Add workaround for domain joins using a netbios name which is different
+      from the hostname.
+    * Fix a valgrind error in idmap_ad_sids_to_unixids().
+    * Make memcache_add_talloc NULL out the source pointer.
+    * Fix memleak in memcache_add_talloc found by Martin Zielinski <mz@seh.de>.
+    * Fix memleak in calculate_next_machine_pwd_change.
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog.
+
+
+o   Derrell Lipman <derrell.lipman@unwireduniverse.com>
+    * BUG 5805: Don't close stdout when calling setup_logging multiple times.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * Return an error instead of crashing when no realm is given.
+
+
+o   TAKAHASHI Motonobu <monyo@samba.gr.jp>
+    * 5901: Fix default value for streams_depot location.
+
+
+o   Tim Prouty <tim.prouty@isilon.com>
+    * Fix several build warnings.
+
+
+o   Andreas Schneider <mail@cynapses.org>
+    * Delete the krb5 ccname variable from the PAM environment if set.
+    * Add a function out of pam_sm_close_session to delete the credentials.
+    * Fix circular dependency error with autoconf 2.6.3.
+
+
+o   Davide Sfriso <sfriso@virgilio.it>
+    * BUG 5906: Fix Winbind crash bug during 'getent group' on PDC.
+
+
+o   Dan Sledz <dsledz@isilon.com>
+    * Add FreeBSD configure check for backtrace_symbols.
+    * Allow SYSLOG_FACILITY to be modified with a new configure option called
+      --with-syslog-facility.
+
+
+o   Joe Smith <yasumoto7@gmail.com>
+    * Fix typo in source/utils/net_rap.c.
+
+
+o   Martin Schwenke <martin@meltin.net>
+    * Prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty.
+    * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
+      compile time rather than install time.
+
+
+o   Yasuma Takeda <yasuma@osstech.co.jp>
+    * BUG 5909: Fix MS-DFS links containing multibyte characters on Vista.
+
+
+o   Bo Yang <boyang@novell.com>
+    * Fix broken msgids in ntstatus_errors.
+    * i18n/l10n pam_winbind
+
+
+----------------------------------------------------
+
+Changes since 3.3.0pre1:
+------------------------
+
+o   Michael Adam <obnox@samba.org>
+
+    * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff.
+    * BUG 5507: Fix several issues in the RHEL SPEC file.
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 5729: Explicitly allow "-valid".
+    * BUG 5737: Fix winbindd crash in an unusual failure mode.
+    * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
+    * BUG 5762: Fix opening of mangled directory name (resulted
+      'is a stream name').
+    * BUG 5783: Fix FindFirst where search pattern == mangled filename.
+    * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
+      disposition.
+    * BUG 5797: Fix moving of readonly files.
+    * Fix crashes when looking up a non-existant uid.
+    * Fix getting/setting of NT ACLs on a file.
+    * Add st_birthtime and friends for accurate create times on *BSD
+      and MacOSX).
+    * Fix the wcache_invalidate_samlogon calls.
+    * Clarify usage of "force create mode".
+    * Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid
+      mappings.
+    * Write times code update.
+    * Add experimental version of VFS module acl_xattr.
+    * Fix rename_open_files.
+    * Make SMB traffic analyzer VFS module more efficient.
+
+
+o   Gerald W. Carter <jerry@samba.org>
+    * Fix segfault when calling nss_get_info() with a NULL ads structure.
+    * Add support for name aliasing in Winbind.
+    * Add the idmap/nss-info provider from Likewise Open.
+    * Allow an admin to define the "uid" attribute for a RFC2307
+      user object in AD to be the username alias.
+    * Add new idmap backend "adex" to support RFC2307 enabled AD forests.
+    * Add new idmap backend "hash".
+
+
+o   Steven Danneman <steven.danneman@isilon.com>
+    * Fix build warnings.
+    * Cleanup of DC enumeration in get_dcs().
+
+
+o   Guenther Deschner <gd@samba.org>
+    * BUG 5710: Fix changing of machine account passwords.
+    * BUG 5784: Fix pam_winbind build issue on Solaris.
+    * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
+    * Fix double installation of cifs.upcall.
+    * Add change-user-password command to wbinfo.
+    * Fix segfault in _srvsvc_NetShareAdd.
+
+
+o   James Ding <ding_cc@hotmail.com>
+    * BUG 5736: Fix Winbind crash bug with trusted domains.
+
+
+o   Ephi Dror <Ephi.Dror@datadomain.com>
+    * Correct the netsamlogon_clear_cached_user function.
+
+
+o   Holger Hetterich <hhetter@novell.com>
+    * Add new VFS module to analyze SMB traffic to record write and read
+      operations on the Samba server.
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * Fix build warnings in cifs.upcall.
+
+
+o   Volker Lendecke <vl@sernet.de>
+    * BUG 5707: Do proper error handling if the socket is closed.
+    * BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined.
+    * Fix Coverity IDs 587 and 589.
+    * Increase the default positive idmap cache time to a week.
+    * Fix calculation of useable_space for trans2 and nttrans replies.
+    * Add mapping of generic bits when setting an NFSv4 ACL.
+
+
+o   Stefan Metzmacher <metze@samba.org>
+    * Some write time fixes.
+
+
+o   Karolin Seeger <kseeger@samba.org>
+    * Add new parameter "cups connection timeout".
+
+
+o   Simo Sorce <idra@samba.org>
+    * Fix enumeration of nested group memberships in Winbind.
+      This affected only setups using "security = ads".
+
+
+o   Timur <timur@FreeBSD.org>
+    * Fix cut and paste error in quota code.
+    * Fix display of POSIX ACLs.
+    * Fix aio on FreeBSD.
+
+
+o   Andrew Tridgell <tridge@samba.org>
+    * Fix permissions of group_mapping.ldb (CVE-2008-3789).
+    * Avoid a race condition in glibc between AIO and setresuid().
+    * Add missing become root for AIO operations.
+    * Fix an errno handling bug that could lead to an infinite loop.
+    * Fix logic of tsmsm_sendfile().
+    * Fix handling of arbitrary new PAC types.
+    * Fix segfault on startup with trusted domains.
+    * Fix segfault on the CTDB destructor code.
+    * Fix memory leak.
+    * Re-add "winbind:ignore domains".
+
+
+o   Jelmer Vernooij <jelmer@samba.org>
+    * Fix segfault (Debian bug #431696).
+
+
+o   Qiao Yang <geoyang@ironport.com>
+    * Fix a memleak.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.3 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+