1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
WHATS NEW IN Samba (The Next Generation) 2.4.2
==============================================
This is an ALPHA release of Samba TNG, the UNIX based SMB/CIFS file,
print and login server for Windows systems.
This release is to enlist the help of people who are unable to use
cvs (http://samba.org/cvs.html) in a major development project to
integrate Samba into a Windows NT (tm) Domain environment - the
NT Domains for Unix project.
If you are running Windows 9x and do not forsee the need for or
need to use any Windows NT Workstations on your network in the near
future, you will not need Samba TNG or any of its functionality,
and your assistance is not being solicited in the development of
this project.
Major changes in Samba TNG
--------------------------
There are many major changes in Samba TNG. Here are some of them:
1). Windows NT (tm) Primary Domain Controller compatibility
-----------------------------------------------------------
Samba TNG can act as a Primary Domain Controller to Windows NT 3.5,
4.0 and 5.0 (in 4.0 backwards-compatible mode) Workstations. Backup
Domain Controller and Inter-Domain Trust Relationships are at an
early, but functional and very hands-on, stage.
2). Support for Windows NT (tm) Administrative tools
----------------------------------------------------
Significant in-roads have been made into providing support for at least
the following Windows NT (tm) tools and services:
- User Manager for Domains
- Server Manager for Domains
- Event Log
- Service Control Manager
- Registry Editor
- Command Scheduler
- NT-style Printing
A command-line tool named rpcclient, with a command-syntax similar to
smbclient, has over sixty five commands that provide equivalent
functionality for the same Windows NT (tm) Administrative tools,
including the ability to remotely shut down a Windows NT (tm) Server.
rpcclient has now been joined by net, samedit, regedit, ntspool,
eventlog, lsa, cmdat and svccontrol. If anyone can think of better
names for these, suggestions are welcomed.
3). Portability
---------------
Samba is now self-configuring using GNU autoconf and libtool, removing
the need for people installing Samba to have to hand-configured
Makefiles, as was needed in previous versions.
You now configure Samba by running "./configure" then "make". See
docs/textdocs/UNIX_INSTALL.txt for details.
The use of libtool dramatically reduces the size of samba binaries.
As we are using libtool in a slightly different way from usual,
you may encounter run-time or compilation errors, so please report
them to us.
4). New SAM Database Daemons
----------------------------
The SAM database daemon, samrd, is being considered "legacy", and
the aim is to replace it. To this end, some new SAM database
daemons are being developed - samrtdbd and samrnt5ldapd.
They will need to be run with their counterparts, netlogontdbd or
netlogonnt5ldapd. None of these are built as part of the standard
make, they have to be explicitly built because they are in
development: samrd and lsarpcd are compiled by default.
5). pam_ntdom and winbindd
--------------------------
The Windows Bind Daemon and the Plugin Authentication Module for NT
Domains are now part of the Samba TNG Development effort.
winbindd presents, when installed using nsswitch, a unix-like view
of a Windows NT Domain environment, allowing Unix applications and
the Unix Operating system to enumerate NT users, groups and aliases
as Unix users and groups.
pam_ntdom, when installed as part of a PAM-enabled Unix Authentication
system, allows Unix users to be authenticated against a Windows NT
Domain environment.
@begin marketing-speak
" The powerful combination of winbindd and pam_ntdom allows Unix
to be integrated seamlessly into Windows NT Domain environments,
which moves us closer to the Holy Grail of 'Single Sign-on'. "
@end marketing-speak
=====================================================================
NOTE - Some important information
---------------------------------
Samba TNG up to alpha-0.3 required that the samba server be joined.
to its own Domain. This requirement has been removed.
It is important that you read the source/README file for
instructions, and it is recommended that you join samba-ntdom@samba.org
for update information and status reports. For details, please see:
http://samba.org/listproc/samba-ntdom
=====================================================================
NOTE - Primary Domain Controller Functionality
----------------------------------------------
This version of Samba contains code that correctly implements
the undocumented Primary Domain Controller authentication
protocols. However, there is much more to being a Primary
Domain Controller than serving Windows NT logon requests.
A useful version of a Primary Domain Controller contains
many remote procedure calls to do things like enumerate users,
groups, and security information, 98% of which Samba TNG currently
implements.
This work is being done in the CVS (developer) versions of Samba,
development of which continues at a fast pace. If you are
interested in participating in or helping with this development
please join the Samba-NTDOM mailing list. Details on joining
are available at :
http://samba.org/listproc/
Details on obtaining CVS (developer) versions of Samba
are available at:
http://samba.org/cvs.html
For this version, use a tag of SAMBA_TNG
=====================================================================
NOTE - Known Bugs
-----------------
It is *not* recommended that this version of Samba be run in a
production environment, for at least the following reasons:
1) The new MSRPC architecture forks() one MSRPC daemon per incoming
service request. The msrpc daemon stays around for as long as
the remote server maintains a connection to it. An investigation
is underway to attempt to minimise the number of outstanding
connections, because a *single* NT user logon can result in up to
5 or 6 msrpc daemons waiting around, doing nothing but take up
process table space.
Connection reuse has now been added and debugged: the number of
incoming connections is reduced but still fairly large.
=====================================================================
If you have problems, or think you have found a bug please email
a full, detailed report to:
samba-technical@samba.org
As always, all bugs are our responsibility.
Regards,
The Samba Team.
|
