WHATS NEW IN Samba (The Next Generation) 2.4.2 ============================================== This is an ALPHA release of Samba TNG, the UNIX based SMB/CIFS file, print and login server for Windows systems. This release is to enlist the help of people who are unable to use cvs (http://samba.org/cvs.html) in a major development project to integrate Samba into a Windows NT (tm) Domain environment - the NT Domains for Unix project. If you are running Windows 9x and do not forsee the need for or need to use any Windows NT Workstations on your network in the near future, you will not need Samba TNG or any of its functionality, and your assistance is not being solicited in the development of this project. Major changes in Samba TNG -------------------------- There are many major changes in Samba TNG. Here are some of them: 1). Windows NT (tm) Primary Domain Controller compatibility ----------------------------------------------------------- Samba TNG can act as a Primary Domain Controller to Windows NT 3.5, 4.0 and 5.0 (in 4.0 backwards-compatible mode) Workstations. Backup Domain Controller and Inter-Domain Trust Relationships are at an early, but functional and very hands-on, stage. 2). Support for Windows NT (tm) Administrative tools ---------------------------------------------------- Significant in-roads have been made into providing support for at least the following Windows NT (tm) tools and services: - User Manager for Domains - Server Manager for Domains - Event Log - Service Control Manager - Registry Editor - Command Scheduler - NT-style Printing A command-line tool named rpcclient, with a command-syntax similar to smbclient, has over sixty five commands that provide equivalent functionality for the same Windows NT (tm) Administrative tools, including the ability to remotely shut down a Windows NT (tm) Server. rpcclient has now been joined by net, samedit, regedit, ntspool, eventlog, lsa, cmdat and svccontrol. If anyone can think of better names for these, suggestions are welcomed. 3). Portability --------------- Samba is now self-configuring using GNU autoconf and libtool, removing the need for people installing Samba to have to hand-configured Makefiles, as was needed in previous versions. You now configure Samba by running "./configure" then "make". See docs/textdocs/UNIX_INSTALL.txt for details. The use of libtool dramatically reduces the size of samba binaries. As we are using libtool in a slightly different way from usual, you may encounter run-time or compilation errors, so please report them to us. 4). New SAM Database Daemons ---------------------------- The SAM database daemon, samrd, is being considered "legacy", and the aim is to replace it. To this end, some new SAM database daemons are being developed - samrtdbd and samrnt5ldapd. They will need to be run with their counterparts, netlogontdbd or netlogonnt5ldapd. None of these are built as part of the standard make, they have to be explicitly built because they are in development: samrd and lsarpcd are compiled by default. 5). pam_ntdom and winbindd -------------------------- The Windows Bind Daemon and the Plugin Authentication Module for NT Domains are now part of the Samba TNG Development effort. winbindd presents, when installed using nsswitch, a unix-like view of a Windows NT Domain environment, allowing Unix applications and the Unix Operating system to enumerate NT users, groups and aliases as Unix users and groups. pam_ntdom, when installed as part of a PAM-enabled Unix Authentication system, allows Unix users to be authenticated against a Windows NT Domain environment. @begin marketing-speak " The powerful combination of winbindd and pam_ntdom allows Unix to be integrated seamlessly into Windows NT Domain environments, which moves us closer to the Holy Grail of 'Single Sign-on'. " @end marketing-speak ===================================================================== NOTE - Some important information --------------------------------- Samba TNG up to alpha-0.3 required that the samba server be joined. to its own Domain. This requirement has been removed. It is important that you read the source/README file for instructions, and it is recommended that you join samba-ntdom@samba.org for update information and status reports. For details, please see: http://samba.org/listproc/samba-ntdom ===================================================================== NOTE - Primary Domain Controller Functionality ---------------------------------------------- This version of Samba contains code that correctly implements the undocumented Primary Domain Controller authentication protocols. However, there is much more to being a Primary Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, 98% of which Samba TNG currently implements. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are interested in participating in or helping with this development please join the Samba-NTDOM mailing list. Details on joining are available at : http://samba.org/listproc/ Details on obtaining CVS (developer) versions of Samba are available at: http://samba.org/cvs.html For this version, use a tag of SAMBA_TNG ===================================================================== NOTE - Known Bugs ----------------- It is *not* recommended that this version of Samba be run in a production environment, for at least the following reasons: 1) The new MSRPC architecture forks() one MSRPC daemon per incoming service request. The msrpc daemon stays around for as long as the remote server maintains a connection to it. An investigation is underway to attempt to minimise the number of outstanding connections, because a *single* NT user logon can result in up to 5 or 6 msrpc daemons waiting around, doing nothing but take up process table space. Connection reuse has now been added and debugged: the number of incoming connections is reduced but still fairly large. ===================================================================== If you have problems, or think you have found a bug please email a full, detailed report to: samba-technical@samba.org As always, all bugs are our responsibility. Regards, The Samba Team.