1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
What's new in Samba 4 alpha1
============================
Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
Samba 4 is currently not yet in a state where it is usable in
production environments. Note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work.
Samba4 alpha1 is the culmination of 4.5 years of development under our
belt since Tridge first proposed a new Virtual File System (VFS) layer
for Samba3 (a project which eventually lead to our Active Directory
efforts), and 1.5 years since we first released a Technology Preview,
we wish to allow users, managers and developers to see how we have
progressed, and to invite feedback and support.
WARNINGS
========
Samba4 alpha1 is not a final Samba release. That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.
For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller: (This is
where we have done most of the research and development).
While Samba4 is subjected to an awesome battery of tests on an
automated basis, and we have found Samba4 to be very stable in it's
behaviour, we have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage. If you are upgrading an
experimental server, or looking to develop and test Samba, you should
backup all configuration and data.
NEW FEATURES
============
Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.
Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.
The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations. This includes file
annotation information (in streams) and NT ACLs in particular. The
VFS is backed with an extensive automated test suite.
A new scripting interface has been added to Samba 4, allowing
JavaScript programs to interface to Samba's internals.
The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends. One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.
CHANGES SINCE TP5
=================
In the time since TP5 was released in June 2007, Samba has
continued to evolve, but you may particularly notice these areas:
Group Policy Support: Basic group policies may be defined, and are
enforced by Windows clients
MMC Support: The Active Directory Users and Computers console now
works, supporting most operations.
Winbind: Kai Blin has been working hard on his Google Summer of
Code project, creating a winbind implementation for Samba4.
Heimdal update: A Heimdal 1.0 snapshot is now included as the
internal Kerberos library in Samba4.
In the past few weeks, many small but significant bugs have been
fixed, particularly thanks to Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
These are just some of the highlights of the work done in the past few
months. More details can be found in our SVN history.
CHANGES
=======
Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.
KNOWN ISSUES
============
- Domain member support is in it's infancy, and is not comparable to
the support found in Samba3.
- There is no printing support in the current release.
- Support for managing groups is currently poor (as the
memberOf/member linked attributes are not kept in sync).
- Renaming and deleting subtrees (containers) in the the LDB tree will
have unexpected results.
- The Samba4 port of the CTDB clustering support is not yet complete
- Clock Synchronisation is critical. Many 'wrong password' errors are
actually due to Kerberos objecting to a clock skew between client
and server.
RUNNING Samba4
==============
A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.
DEVELOPMENT and FEEDBACK
========================
Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.
The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.
Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).
|
