1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
|
WHATS NEW IN Samba 3.0 alphaX
=============================
Changes in alpha19
- Heavy registry updates (jerry)
- Use 850 as the default DOS character set in smb.conf (tpot)
- printer fixes - removed encoding of queueid in job number (jra)
- A lot of small fixes (jra)
- virtual registry framework with initial printing hooks (jerry)
- Don't crash on setfileinfo on printer fsp(jra)
- fixed line buffer mode in XFILE(jra)
- update samba.schema from 2.2 (jerry,idra)
- Fix problem with oplock breaks and win2k -
noticed by Lev Iserovich <lev@ciprico.com> (jra)
- Give different error message when PDC is down -
thanks to Mark Kaplan from Quantum (abartlet)
- Add wrapper for dup2() (abartlet)
- Update smbgroupedit to document -d - thanks to metze (abartlet)
- Support weird behaviour used by win9x pass-through auth (abartlet,tpot)
- Support for duplicating stderr in log files (abartlet)
- Move startup time initialisation to server.c (abartlet)
- *A lot* of fixes and cleanups (abartlet)
- Fix up compiler warnings (abartlet)
- Few small fixes (tpot)
- Renamed new_cli_netlogon_* -> cli_netlogon_* (tpot)
- Fixed segfault in net time when host is unavailable (tridge)
- Ensure to be root when opening printer backend tdb (jra)
- Merges from APPLIANCE_HEAD (tpot,jerry)
- configure updates (tridge)
- particularly getgrouplist() (tridge)
- Make sure to be root when accessing pdb (abartlet)
- Better PAM error message (abartlet)
- Support for pdbedit to query account policy values (abartlet)
- Fix few typos (mimir, abartlet)
- Allow one to create trusting domain account using smbpasswd (mimir,abartlet)
- 'Net rpc trustdom list' (mimir, abartlet)
- Fix fallback to anonymous connection (mimir, abartlet)
- Add debugging info to secrets.c (mimir, abartlet)
- Fix for pdb_ldap and OpenLDAP 2.1
- Added support in swat to determine whether winbind is running (idra)
- Add 'hide unwritable' option (idra)
- Correct pickup of [homes] share after subsequent session setups (abartlet)
- Update rebind code in pdb_ldap (abartlet)
- Add some info levels to RPC srvsvc code -
thanks to Nigel Williams" <nigel@veritas.com> (abartlet)
- Small doc fixes (tridge)
- good security patch from Timothy.Sell@unisys.com (tridge)
- fix minor nits in nmbd from adtam@cup.hp.com (tridge)
- make sure async dns nmbd child dies (tridge)
- interim fix for nmbd not registering DOMAIN#1b (tridge)
- fix for smbtar filename matching (tridge)
- Better quote handling in smb.conf (abartlet)
- Support browsers setting multiple languages in swat (idra)
- Changed str_list_make to be able to use a different separator string (idra)
- Remove use of strtof because of portability issues (idra)
- Common popt definition for -d option (tpot)
- Samsync support to insert account info into the pdb (tpot)
- Don't hide unwritable dirs when 'hide unwritable' is enabled -
suggested by Alexander Oswald <oswald@is.haw-hamburg.de> (idra)
- Fix for handling sparse files in smbd (tridge)
- Merges from 2_2 (jerry)
- Add cvslog.pl file
- Minor printer fixes (jerry)
- Fix SID lookup code to never do recursive winbind (abartlet)
- Fix SID lookup code to never use algoritmic rid for fixed mappings (abartlet)
- Cascaded VFS (Alexander Bokovoy, idra)
- Optimisations when in ADS mode (tridge)
- Try netbios-less connections when in ADS mode (tridge)
- Minor ADS tweaks (tridge)
- Fix plaintext passwords with win2k (tridge)
- 'net ads info' reports IP of LDAP server (tridge)
- Add LSA RPC 0x2E, lsa_query_info2 (jmcd)
- Add 'smb ports = ' option (tridge)
- Various small fixes (tridge)
- Add 'disable netbios = yes/no' (tridge)
- Passdb security checks (abartlet)
- Large winbind updates (abartlet)
- Moved rpc client routines from libsmb to rpc_client (tpot)
- Few nmbd fixes (jmcd)
- Fix swat to handle new debug level (idra)
- Fix name length in namequeries (tridge)
- Netbios-less setup ADS fixes (tridge)
- Add SAMR 0x3e, which is samr_connect4 (jmcd)
- Add consts to passdb (abartlet)
- Don't client binaries depend on libs they don't use -
patch from Steve Langasek <vorlon@netexpress.net> (abartlet)
- Printing change notification (merged from HEAD_APPLIANCE) (jerry)
- fix delete printer driver (from HEAD_APPLIANCE) (jerry)
- Added pdb_xml and pdb_mysql (jelmer)
- Update pdb_test (jelmer)
- Fix security issues with %m (abartlet)
- Add client side support for samr connect4 (0x3e) (jmcd)
- Add lsa 0x2e (queryinfo2) client side (jmcd)
- Support for service joins from win2k AND use SPNEGO (jmcd)
- pdbedit -i and -e fix, add -b (idra)
- textdocs converted to sgml (jelmer, jerry)
- Merge netbios namecache code from APPLIANCE_HEAD (tpot)
- Fix segs in new NTLMSSP code (abartlet)
- Always make guest rid 501 (abartlet)
Changes in alpha18
- huge number of changes! really too many to list ... (and its 1am
here, and I'm too tired)
See the cvs tree at http://build.samba.org/
Changes in alpha17
- OpenLinux packaging updates (jht)
- Locking updates - fix zero timeout (tridge, jra)
- Default ACL support (jra, based on code from Olaf Frczyk <olaf@cbk.poznan.pl>)
- printing updates - spoolss stuff (tpot)
- 'make install' directory creation fixes (abartlet)
- Lots of fixes for SID handling, local v domain sids etc
- better mangle debugging (abartlet)
- fixes to allow 'net' to return more than 1000 users from ADS (jmcd)
- winbind support to come very shortly
- lock some more tdbs to allow concurrent access for backups
- 'net' help cleanups (jmcd)
- 'net join' automatic transport detection
Changes in alpha16
- LDAP schema updates (jerry)
- initial ADS LDAP printer advertising (jmcd)
- spoolss and printing updates (tpot, jerry)
(the is the major update in this alpha, and work continues)
- Winbindd connection cache improvements (abartlet)
- spnego segfault fixes (abartlet)
- net ads segfault fixes ( Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
- header cleanups (tpot)
- Serialise domain auth requests - win2k bug (tridge)
- fix winbind talloced memory leak (dleducq@arkoon.net, tridge)
- call unmangle in don_unmangle (abartlet)
- UTF8 Charset functions - for ADS LDAP calls (Hasch@t-online.de)
- Fix security tab for mapped drives on unicode clients (tridge)
- Better configure tests for snprintf and immidiate structures (abartlet)
- allow 'passdb backend = plugin : /path/to/plugin.so : plguin args'
(loads a passdb module) (Jelmer Vernooij <jelmer@nl.linux.org>)
- change the way we store our domain join info - you will need to
rejoin the domain (tridge)
- xcopy /o fixes (tridge)
- fix the 'convert_string' level 0 debugs.
- Patch for Domain users not showing up from "Ivan Zhakov" <vunny@mail.ru>
- tdb backup support
- The beginning of trusted and trusting domain support - net commands
(Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>)
- nmbd signal processing fixes (jra)
- lseek-on-pipe support (jra)
- Allow Samba to trust NT4 Domains (abartlet)
- LDAPsam updates (abartlet):
- Now runtime selectable (when configured)
- ldap user suffix and ldap group suffix support.
- non unix account support
- select with 'passdb backend = ldapsam' or 'passdb backend =
ldapsam_nua'
- start to allow NT4 domains to trust Samba, netlogon fixes (abartlet)
- make default unix charset UTF8 (tridge)
- Fix SIGSEGV on error message when trying to add a user to smbpasswd
file without a unix account (jmcd)
- better detection of dead ADS connections, so we have some chance of
reconnecting (tridge)
- removed bogus prepend_domain() call which was screwing up getpwuid()
with the new default domain code
- Domain/workstation SID fixes.
- patch from Alexey Kotovich <a.kotovich@sam-solutions.net> that adds
the security decsriptor code for ADS workstation accounts.
(allow self password change, self remove)
(after much review and disscussion with abartlet and tridge)
Changes in alpha15
- Improvements in pam_winbind/winbindd_pam.c: (abartlet)
- Much better error reporting
- Password changing is now stackable
- now returns multiple PAM errors based on the NTSTATUS
that winbind got.
- returns an error string the client can use in their own logs.
- Print form updates (tpot)
- added 'wbinfo --sequence' to show sequence numbers of
all domains (tridge)
- better winbind memory mangement (tridge)
- make signal processing work correctly in winbindd
Michael Steffens <michael_steffens@hp.com>
- Inital ADS printer publishing work. (jmcd)
- Debian packaging
- large debian packaging checking from Eloy. (merge by jerry)
- Make smbgroupedit a little easier on the user (select groups
by name rather than by sid) (abartlet)
- rework parts of smbtorture (tridge)
Changes in alpha14
- 'Winbind Default Domain' support:
This allows winbind to supply usernames without a 'DOMAIN\'
prefix. Particularly handy for shell and e-mail servers,
as well as Unix workstations in NT domains.
- Associated cleanups in winbindd and smbd.
(Alexander Bokovoy <a.bokovoy@sam-solutions.net> and
abartlet)
- Winbind protocol changes for better Squid intergration
(current version is 3) (abartlet)
- pam_winbind password changing
(Samuel Ziegler <sam@xpedion.com>, tpot)
- runtime selectable pluggable passdb interface.
(abartlet)
- 'non unix account' support (abartlet)
(This allows machines and even users not to exist
in /etc/passwd)
- Inital implementation of the WINS replication deamon
(jfm)
- Changes for better winbind PDC/BDC failover support
(tpot)
- Various Winbind/ADS mode stabilty and flexablity fixes
(tridge)
- Mangle names like .bashrc properly (trige)
- CIFS UNIX extensions (client and server) (jra)
- Universal group support outside smbd (via a cache)
(Alexander Bokovoy <a.bokovoy@sam-solutions.net>)
- Write cache fixes (jra)
Changes in alpha13
- updates to try to get more out-of-the-box compiles
(mostly kerberos and ldap stuff) (various)
- 'net rpc shutdown' remote shutdown of servers
(abartlet, original code from idra)
- authentication subsystem rework, including move to
new RPC client code (abartlet)
- winbind changes:
- use new client code (abartlet)
- change winbind_auth_pam_crap interface for squid's
benifit. (abartlet)
- new interface versioning functionality (abartlet)
- cope better when inteface does change (tpot)
- better winbind trusted domain code (tpot)
- doc updates (jerry)
- new NTSTAUS -> DOS error map (abartlet)
- large user list (> 1500) enumeration (jra)
- dmalloc support (mbp)
- spoolss changes (tpot)
- talloc accounting (mbp)
- rename fixes (jra)
- smbmount trivial fixup (abartlet)
- start of new unix extenions to CIFS (jra)
Changes in alpha12
- doc updates (jerry)
- store domain sid on ADS join (tridge)
- allow a winbind username on ADS connection (tridge)
Changes in alpha11
- fixed fallback to "ads server" option (tridge)
- fix ACL failure on HP HFS (jra)
- net ads password and net ads chostpass commands (Remus Koos)
- fixed valid char array generation (tridge)
- fixed QFS_INFO for win98 long filenames (tridge)
- added net lookup command (tridge)
- fixed map to guest with spnego (tridge)
- fixed irix warnings (tridge)
Changes in alpha10
- hide unreadable fix using acl fns (jra)
- lsa_open_policy cleanup (jfm)
- mangled directories fix (jra)
- fix error return on bad pipe (jra)
- fix homes share with no home dir (tpot)
- fixed handling of dead or empty domains in winbindd (tridge)
- added talloc torture program (mbp)
- talloc debug code (mbp)
- added trusted domains to winbindd/ADS (tridge)
- fix trusted domains in auth code (tridge)
- new gss error handling code (a.bokovoy@sam-solutions.net & tridge)
- support mixed ADS/NT4 domains (tridge)
Changes in alpha9
- nicer net error messages (tpot)
- trust account patches (mimir)
- solaris link option update (davecb)
- added lsa_query_secobj() server fn (jfm)
- spoolss changeid fix (jerry)
- domain auth error fix (jmcd)
- HPUX acl code (jra)
- set filetime on close fix (jra)
- allow select of org unit in ads join (tridge)
Changes in alpha8
- fixed compile of wb_client.c (tridge)
- fixed net time to use localtime (tridge)
- net help cleanups (jmcd)
- debug level fix (tpot)
- utmp string length fixes (monyo)
Changes in alpha7
- added "net ads info" to probe basic into on your ads server without
any authentication
- improved some error handling
Changes in alpha6
- added "net time zone" command (tridge)
- pam_smbpass updates (a.bokovoy@sam-solutions.net)
- irix updates (herb)
- net rpc join handles existing machine acct (tridge)
Changes in alpha5
- added "net time" command (tridge)
- allow client tools to specify a hostname of form HOST#xx (tridge)
- added wbinfo --set-auth-user (tpot)
- added lsaquerysecobj to rpcclient (tpot)
Changes in alpha4
- fixed nexus/win9x user list (jfm)
- fixed large user/group lists in winbindd (tridge)
- fixed gssapi headers in redhat (jmcd)
- fixed rap error code handling (jra)
- more usermanager rpc calls (jfm)
- re-added RAP calls at top level to net command (tridge)
Changes in alpha3
- fixed a silly tdb bug in alpha2 that affected internal databases
Changes in alpha2
- we no longer use cyrus-sasl for LDAP SASL/gssapi. This makes our ADS
code much more robust.
- winbindd cache code rewritten to be much more efficient. It also
copes much better with server outages.
- jfm implemented full group mapping and smb.conf option 'domain admin
group' is now gone. Consult the GROUP-MAPPING-HOWTO.txt to know how
to gain back administrator rights.
- docs update started
- numerous small bugfixes
Changes in alpha1
- winbindd now uses LDAP and works correctly with an ADS server in
native mode
- XFS quotas code on Linux
- group mapping code from JFM
- "net rpc join" command replaces smbpasswd -j
- fixed winbind initgroups
--------------
This is a pre-release of Samba 3.0 alpha0. This is NOT a stable
release. Use at your own risk.
The purpose of this alpha release is to get wider testing of the major
new pieces of code in the current Samba 3.0 development tree. We are
planning on ceasing development on the 2.2.x release of Samba very
shortly and after that we will be concentrating on Samba 3.0. To
reduce the time before the final Samba 3.0 release we need as many
poeple as possible to start testing these alpha releases, and
hopefully giving us some high quality feedback on what needs fixing.
Note that Samba 3.0 is not anywhere near feature complete yet. There
is a lot more coding we have planned, but unless we get what we have
done already more widely tested we will have a hard time doing a
stable release in a reasonable time frame.
This release is also missing major pieces of documentation, and there
are many parts of the docs that have not been updated to reflect the
new options and features in 3.0.
Major new features:
-------------------
- Active Directory support. This release is able to join a ADS realm
as a member server and authenticate users using
LDAP/kerberos. Please read ADS-HOWTO.txt in the release for a very
rough guide on how to set this up.
- Unicode support. Samba will now negotiate unicode on the wire and
interally there is now a much better infrastructure for multi-byte
and unicode character sets. You may need the "dos charset", "unix
charset" and "display charset" options. The unicode support is not
yet documented.
- New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable. Not documented
yet.
- new filename mangling system. The filename mangling system has been
completely rewritten. An internal database now stores mangling maps
persistantly. This needs lots of testing.
- new "net" command. A new "net" command has been added. It is
somewhat similar to the "net" command in windows. Eventually we plan
to replace a bunch of other utilities (such as smbpasswd) with
subcommands in "net", at the moment only a few things are
implemented.
- Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
- better w2k printing support. The support for printing from win2000
clients has improved greatly.
Plus lots of other changes!
Note that many new features are not documented. Don't let this stop
you from using Samba 3.0. It is particularly important that the basic
file/print serving abilities of Samba 3.0 are widely tested to ensure
that we have not broken any of the basic functionality. As we do more
alpha releases we will start to document the new features.
Reporting bugs & Development Discussion
---------------------------------------
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.openprojects.net
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.
|