summaryrefslogtreecommitdiffstats
path: root/source4
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-09-30 17:11:39 +0200
committerJelmer Vernooij <jelmer@samba.org>2008-09-30 17:11:39 +0200
commit40a6a28170881e567d130c10bec700441423d1e8 (patch)
tree4425f04dd63307cae38d39b75bf3a566a2df9029 /source4
parente0af9601e1535b847e3c82e334d6a9de2ff3580d (diff)
downloadsamba-40a6a28170881e567d130c10bec700441423d1e8.tar.gz
samba-40a6a28170881e567d130c10bec700441423d1e8.tar.xz
samba-40a6a28170881e567d130c10bec700441423d1e8.zip
Move Samba4-specific files into source4/
Diffstat (limited to 'source4')
-rw-r--r--source4/BUGS24
-rw-r--r--source4/NEWS508
-rw-r--r--source4/TODO278
3 files changed, 810 insertions, 0 deletions
diff --git a/source4/BUGS b/source4/BUGS
new file mode 100644
index 00000000000..1a9790ddd9f
--- /dev/null
+++ b/source4/BUGS
@@ -0,0 +1,24 @@
+Samba4 alpha4 is not a final Samba release. That is more a reference
+to Samba4's lack of the features we expect you will need than a
+statement of code quality, but clearly it hasn't seen a broad
+deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
+Samba4, you would find many things work, but that other key features
+you may have relied on simply are not there yet.
+
+For example, while Samba 3.0 is an excellent member of a Active
+Directory domain, Samba4 is happier as a domain controller, and it is
+in this role where it has seen deployment into production.
+
+Samba4 is subjected to an awesome battery of tests on an
+automated basis, we have found Samba4 to be very stable in it's
+behaviour. We have to recommend against upgrading production servers
+from Samba 3 to Samba 4 at this stage, because there may be the features on
+which you may rely that are not present, or the mapping of
+your configuration and user database may not be complete.
+
+If you are upgrading, or looking to develop, test or deploy Samba4, you should
+backup all configuration and data.
+
+We welcome your testing, please file bug reports at
+https://bugzilla.samba.org/, product: Samba4. Please include as much
+information as possible, such as GIT revision number and backtraces.
diff --git a/source4/NEWS b/source4/NEWS
new file mode 100644
index 00000000000..8a63719a0ed
--- /dev/null
+++ b/source4/NEWS
@@ -0,0 +1,508 @@
+This file aims to document the major changes since the latest released version
+of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
+and uses a different internal format for most data. Since this
+file is an initial draft, please update missing items.
+
+One of the main goals of Samba 4 was Active Directory Domain Controller
+support. This means Samba now implements several protocols that are required
+by AD such as Kerberos and DNS.
+
+An (experimental) upgrade script that performs a one-way upgrade
+from Samba 3 is available in source/setup/upgrade.
+
+Removal of nmbd and introduction of process models
+==================================================
+smbd now implements several network protocols other than just CIFS and
+DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
+various 'process models' that specify how concurrent connections are
+handled (when to fork, use threads, etc).
+
+Introduction of LDB
+===================
+Samba now stores most of its persistent data in a LDAP-like database
+called LDB (see ldb(7) for more info).
+
+Removed SWAT
+==================
+Unlike previous versions, Samba4 does not provide a web interface at this time.
+
+Built-in KDC
+============
+Samba4 ships with an integrated KDC (Kerberos Key Distribution
+Center). Backed directly onto our main internal database, and
+integrated with custom code to handle the PAC, Samba4's KDC is an
+integral part of our support for AD logon protocols.
+
+Built-in LDAP Server
+====================
+Like the situation with the KDC, Samba4 ships with it's own LDAP
+server, included to provide simple, built-in LDAP services in an AD
+(rather than distinctly standards) matching manner. The database is
+LDB, and it shares that in common with the rest of Samba.
+
+Changed configuration options
+=============================
+Several configuration options have been removed in Samba4 while others have
+been introduced. This section contains a summary of changes to smb.conf and
+where these settings moved. Configuration options that have disappeared may be
+re-added later when the functionality that uses them gets reimplemented in
+Samba 4.
+
+The 'security' parameter has been split up. It is now only used to choose
+between the 'user' and 'share' security levels (the latter is not supported
+in Samba 4 yet). The other values of this option and the 'domain master' and
+'domain logons' parameters have been merged into a 'server role' parameter
+that can be either 'domain controller', 'member server' or 'standalone'. Note that
+member server support does not work yet.
+
+The following parameters have been removed:
+- passdb backend: accounts are now stored in a LDB-based SAM database,
+ see 'sam database' below.
+- update encrypted
+- public
+- guest ok
+- client schannel
+- server schannel
+- allow trusted domains
+- hosts equiv
+- map to guest
+- smb passwd file
+- algorithmic rid base
+- root directory
+- root dir
+- root
+- guest account
+- enable privileges
+- pam password change
+- passwd program
+- passwd chat debug
+- passwd chat timeout
+- check password script
+- username map
+- username level
+- unix password sync
+- restrict anonymous
+- username
+- user
+- users
+- invalid users
+- valid users
+- admin users
+- read list
+- write list
+- printer admin
+- force user
+- force group
+- group
+- write ok
+- writeable
+- writable
+- acl check permissions
+- acl group control
+- acl map full control
+- create mask
+- create mode
+- force create mode
+- security mask
+- force security mode
+- directory mask
+- directory mode
+- force directory mode
+- directory security mask
+- force directory security mode
+- force unknown acl user
+- inherit permissions
+- inherit acls
+- inherit owner
+- guest only
+- only guest
+- only user
+- allow hosts
+- deny hosts
+- preload modules
+- use kerberos keytab
+- syslog
+- syslog only
+- max log size
+- debug timestamp
+- timestamp logs
+- debug hires timestamp
+- debug pid
+- debug uid
+- allocation roundup size
+- aio read size
+- aio write size
+- aio write behind
+- large readwrite
+- protocol
+- read bmpx
+- reset on zero vc
+- acl compatibility
+- defer sharing violations
+- ea support
+- nt acl support
+- nt pipe support
+- profile acls
+- map acl inherit
+- afs share
+- max ttl
+- client use spnego
+- enable asu support
+- svcctl list
+- block size
+- change notify timeout
+- deadtime
+- getwd cache
+- keepalive
+- kernel change notify
+- lpq cache time
+- max smbd processes
+- max disk size
+- max open files
+- min print space
+- strict allocate
+- sync always
+- use mmap
+- use sendfile
+- hostname lookups
+- write cache size
+- name cache timeout
+- max reported print jobs
+- load printers
+- printcap cache time
+- printcap name
+- printcap
+- printing
+- cups options
+- cups server
+- iprint server
+- print command
+- disable spoolss
+- enable spoolss
+- lpq command
+- lprm command
+- lppause command
+- lpresume command
+- queuepause command
+- queueresume command
+- enumports command
+- addprinter command
+- deleteprinter command
+- show add printer wizard
+- os2 driver map
+- use client driver
+- default devmode
+- force printername
+- mangling method
+- mangle prefix
+- default case
+- case sensitive
+- casesignames
+- preserve case
+- short preserve case
+- mangling char
+- hide dot files
+- hide special files
+- hide unreadable
+- hide unwriteable files
+- delete veto files
+- veto files
+- hide files
+- veto oplock files
+- map readonly
+- mangled names
+- mangled map
+- max stat cache size
+- stat cache
+- store dos attributes
+- machine password timeout
+- add user script
+- rename user script
+- delete user script
+- add group script
+- delete group script
+- add user to group script
+- delete user from group script
+- set primary group script
+- add machine script
+- shutdown script
+- abort shutdown script
+- username map script
+- logon script
+- logon path
+- logon drive
+- logon home
+- domain logons
+- os level
+- lm announce
+- lm interval
+- domain master
+- browse list
+- enhanced browsing
+- wins proxy
+- wins hook
+- wins partners
+- blocking locks
+- fake oplocks
+- kernel oplocks
+- locking
+- lock spin count
+- lock spin time
+- level2 oplocks
+- oplock break wait time
+- oplock contention limit
+- posix locking
+- share modes
+- ldap server
+- ldap port
+- ldap admin dn
+- ldap delete dn
+- ldap group suffix
+- ldap idmap suffix
+- ldap machine suffix
+- ldap passwd sync
+- ldap password sync
+- ldap replication sleep
+- ldap suffix
+- ldap ssl
+- ldap timeout
+- ldap page size
+- ldap user suffix
+- add share command
+- change share command
+- delete share command
+- eventlog list
+- utmp directory
+- wtmp directory
+- utmp
+- default service
+- default
+- message command
+- dfree cache time
+- dfree command
+- get quota command
+- set quota command
+- remote announce
+- remote browse sync
+- homedir map
+- afs username map
+- afs token lifetime
+- log nt token command
+- time offset
+- NIS homedir
+- preexec
+- exec
+- preexec close
+- postexec
+- root preexec
+- root preexec close
+- root postexec
+- set directory
+- wide links
+- follow symlinks
+- dont descend
+- magic script
+- magic output
+- delete readonly
+- dos filemode
+- dos filetimes
+- dos filetime resolution
+- fake directory create times
+- panic action
+- vfs objects
+- vfs object
+- msdfs root
+- msdfs proxy
+- host msdfs
+- enable rid algorithm
+- passdb expand explicit
+- idmap backend
+- idmap uid
+- winbind uid
+- idmap gid
+- winbind gid
+- template homedir
+- template shell
+- winbind separator
+- winbind cache time
+- winbind enum users
+- winbind enum groups
+- winbind use default domain
+- winbind trusted domains only
+- winbind nested groups
+- winbind max idle children
+- winbind nss info
+
+The following parameters have been added:
++ rpc big endian (G)
+ Make Samba fake it is running on a bigendian machine when using DCE/RPC.
+ Useful for debugging.
+
+ Default: no
+
++ case insensitive filesystem (S)
+ Set to true if this share is located on a case-insensitive filesystem.
+ This disables looking for a filename by trying all possible combinations of
+ uppercase/lowercase characters and thus speeds up operations when a
+ file cannot be found.
+
+ Default: no
+
++ js include (G)
+ Path to JavaScript library.
+
+ Default: Set at compile-time
+
++ setup directory
+ Path to data used by provisioning script.
+
+ Default: Set at compile-time
+
++ ncalrpc dir
+ Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
+
+ Default: Set at compile-time
+
++ ntvfs handler
+ Backend to the NT VFS to use (more than one can be specified). Available
+ backends include:
+
+ - posix:
+ Maps POSIX FS semantics to NT semantics
+
+ - simple:
+ Very simple backend (original testing backend).
+
+ - unixuid:
+ Sets up user credentials based on POSIX gid/uid.
+
+ - cifs:
+ Proxies a remote CIFS FS. Mainly useful for testing.
+
+ - nbench:
+ Filter module that saves data useful to the nbench benchmark suite.
+
+ - ipc:
+ Allows using SMB for inter process communication. Only used for
+ the IPC$ share.
+
+ - print:
+ Allows printing over SMB. This is LANMAN-style printing (?), not
+ the be confused with the spoolss DCE/RPC interface used by later
+ versions of Windows.
+
+ Default: unixuid default
+
++ ntptr providor
+ FIXME
+
++ dcerpc endpoint servers
+ What DCE/RPC servers to start.
+
+ Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
+
++ server services
+ Services Samba should provide.
+
+ Default: smb rpc nbt wrepl ldap cldap web kdc
+
++ sam database
+ Location of the SAM (account database) database. This should be a
+ LDB URL.
+
+ Default: set at compile-time
+
++ spoolss database
+ Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
+
+ Default: set at compile-time
+
++ wins config database
+ WINS configuration database location. This should be a LDB URL.
+
+ Default: set at compile-time
+
++ wins database
+ WINS database location. This should be a LDB URL.
+
+ Default: set at compile-time
+
++ client use spnego principal
+ Tells the client to use the Kerberos service principal specified by the
+ server during the security protocol negotation rather than
+ looking up the principal itself (cifs/hostname).
+
+ Default: false
+
++ nbt port
+ TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
+
+ Default: 137
+
++ dgram port
+ UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
+
+ Default: 138
+
++ cldap port
+ UDP/IP port used by the CLDAP protocol.
+
+ Default: 389
+
++ krb5 port
+ IP port used by the kerberos KDC.
+
+ Default: 88
+
++ kpasswd port
+ IP port used by the kerberos password change protocol.
+
+ Default: 464
+
++ web port
+ TCP/IP port SWAT should listen on.
+
+ Default: 901
+
++ tls enabled
+ Enable TLS support for SWAT
+
+ Default: true
+
++ tls keyfile
+ Path to TLS key file (PEM format) to be used by SWAT. If no
+ path is specified, Samba will create a key.
+
+ Default: none
+
++ tls certfile
+ Path to TLS certificate file (PEM format) to be used by SWAT. If no
+ path is specified, Samba will create a certificate.
+
+ Default: none
+
++ tls cafile
+ Path to CA authority file Samba will use to sign TLS keys it generates. If
+ no path is specified, Samba will create a self-signed CA certificate.
+
+ Default: none
+
++ tls crlfile
+ Path to TLS certificate revocation lists file.
+
+ Default: none
+
++ swat directory
+ SWAT data directory.
+
+ Default: set at compile-time
+
++ large readwrite
+ Indicate the CIFS server is able to do large reads/writes.
+
+ Default: true
+
++ unicode
+ Enable/disable unicode support in the protocol.
+
+ Default: true
diff --git a/source4/TODO b/source4/TODO
new file mode 100644
index 00000000000..5efebed1b3f
--- /dev/null
+++ b/source4/TODO
@@ -0,0 +1,278 @@
+build/smb_build/TODO
+lib/registry/TODO
+lib/tdr/TODO
+pidl/TODO
+
+- seperate adminlog mechanism (as opposed to the current DEBUG log,
+ which is not really aimed at administrators but more at developers)
+ Perhaps similar to eventlog so we can also use eventlog to retrieve the data?
+
+- testsuite for the 'net' tool
+
+- and a lot of other stuff
+
+Configuration options
+=====================
+
+The following options don't exist in Samba4 yet
+or are not converted by the upgrade script
+or will be removed:
+
+- update encrypted
+- public
+- guest ok
+- client schannel
+- server schannel
+- allow trusted domains
+- hosts equiv
+- map to guest
+- algorithmic rid base
+- root directory
+- root dir
+- root
+- guest account
+- enable privileges
+- pam password change
+- passwd program
+- passwd chat debug
+- passwd chat timeout
+- check password script
+- username map
+- username level
+- unix password sync
+- restrict anonymous
+- username
+- user
+- users
+- invalid users
+- valid users
+- admin users
+- read list
+- write list
+- printer admin
+- force user
+- force group
+- group
+- write ok
+- writeable
+- writable
+- acl check permissions
+- acl group control
+- acl map full control
+- create mask
+- create mode
+- force create mode
+- security mask
+- force security mode
+- directory mask
+- directory mode
+- force directory mode
+- directory security mask
+- force directory security mode
+- force unknown acl user
+- inherit permissions
+- inherit acls
+- inherit owner
+- guest only
+- only guest
+- only user
+- allow hosts
+- deny hosts
+- preload modules
+- use kerberos keytab
+- syslog
+- syslog only
+- max log size
+- debug timestamp
+- timestamp logs
+- debug hires timestamp
+- debug pid
+- debug uid
+- allocation roundup size
+- aio read size
+- aio write size
+- aio write behind
+- large readwrite
+- protocol
+- read bmpx
+- reset on zero vc
+- acl compatibility
+- defer sharing violations
+- ea support
+- nt acl support
+- nt pipe support
+- profile acls
+- map acl inherit
+- afs share
+- max ttl
+- client use spnego
+- enable asu support
+- svcctl list
+- block size
+- change notify timeout
+- deadtime
+- getwd cache
+- keepalive
+- kernel change notify
+- lpq cache time
+- max smbd processes
+- max disk size
+- max open files
+- min print space
+- strict allocate
+- sync always
+- use mmap
+- use sendfile
+- hostname lookups
+- write cache size
+- name cache timeout
+- max reported print jobs
+- load printers
+- printcap cache time
+- printcap name
+- printcap
+- printing
+- cups options
+- cups server
+- iprint server
+- print command
+- disable spoolss
+- enable spoolss
+- lpq command
+- lprm command
+- lppause command
+- lpresume command
+- queuepause command
+- queueresume command
+- enumports command
+- addprinter command
+- deleteprinter command
+- show add printer wizard
+- os2 driver map
+- use client driver
+- default devmode
+- force printername
+- mangling method
+- mangle prefix
+- default case
+- case sensitive
+- casesignames
+- preserve case
+- short preserve case
+- mangling char
+- hide dot files
+- hide special files
+- hide unreadable
+- hide unwriteable files
+- delete veto files
+- veto files
+- hide files
+- veto oplock files
+- map readonly
+- mangled names
+- mangled map
+- max stat cache size
+- stat cache
+- store dos attributes
+- machine password timeout
+- add user script
+- rename user script
+- delete user script
+- add group script
+- delete group script
+- add user to group script
+- delete user from group script
+- set primary group script
+- add machine script
+- shutdown script
+- abort shutdown script
+- username map script
+- logon script
+- logon path
+- logon drive
+- logon home
+- domain logons
+- os level
+- lm announce
+- lm interval
+- domain master
+- browse list
+- enhanced browsing
+- wins proxy
+- blocking locks
+- fake oplocks
+- kernel oplocks
+- locking
+- lock spin count
+- lock spin time
+- oplocks
+- level2 oplocks
+- oplock break wait time
+- oplock contention limit
+- posix locking
+- share modes
+- add share command
+- change share command
+- delete share command
+- eventlog list
+- utmp directory
+- wtmp directory
+- utmp
+- default service
+- default
+- message command
+- dfree cache time
+- dfree command
+- get quota command
+- set quota command
+- remote announce
+- remote browse sync
+- homedir map
+- afs username map
+- afs token lifetime
+- log nt token command
+- time offset
+- NIS homedir
+- preexec
+- exec
+- preexec close
+- postexec
+- root preexec
+- root preexec close
+- root postexec
+- set directory
+- wide links
+- follow symlinks
+- dont descend
+- magic script
+- magic output
+- delete readonly
+- dos filemode
+- dos filetimes
+- dos filetime resolution
+- fake directory create times
+- panic action
+- vfs objects
+- vfs object
+- msdfs root
+- msdfs proxy
+- host msdfs
+- enable rid algorithm
+- passdb expand explicit
+- idmap backend
+- idmap uid
+- winbind uid
+- idmap gid
+- winbind gid
+- template homedir
+- template shell
+- winbind separator
+- winbind cache time
+- winbind enum users
+- winbind enum groups
+- winbind use default domain
+- winbind trusted domains only
+- winbind nested groups
+- winbind max idle children
+- winbind nss info
+