blob: b5c6d8c9c0d3c14b93b4dc8eeec7b2da44e34837 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
=================================
Release Notes for Samba 3.3.0pre2
September 30, 2008
=================================
This is the second preview release of Samba 3.3.0. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Major enhancements in Samba 3.3.0 include:
Configuration/installation:
o Splitting of library directory into library directory and separate
modules directory.
File Serving:
o Extended Cluster support.
Winbind:
o Simplyfied idmap configuration.
o New idmap backend "adex".
o Added new parameter "winbind reconnect delay".
o Added support for user and group aliasing.
Administrative tools:
o The destination "all" of smbcontrol does now affect all running
daemons including nmbd and winbindd.
o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
o The 'net' utility can now use kerberos for joining and authentication.
Libraries:
o NetApi library implements various new calls for User- and Group
Account Management.
Configure changes
=================
The configure option "--with-libdir" has been removed. The library
directory can still be specified by using the existing "--libdir" option.
A new option "--with-modulesdir" has been added to allow the specification
of a separate directory for the shared modules.
Winbind idmap backend changes
=============================
The idmap configuration has changed with version 3.3 to something that
allows a smoother upgrade path from pre-3.0.25 configurations that use
"idmap backend". The reason for this change is that to many, also to Samba
developers, the 3.0.25 style configuration with "idmap config" turned out
to be very complex. Version 3.3 no longer deprecates the "idmap backend"
parameter, instead with "idmap backend" the default idmap backend is
specified.
Accordingly, the "idmap config <domain> : default = yes" setting is no
longer being looked at.
The alloc backend defaults to the default backend, which should be able to
allocate IDs. In the default distribution the tdb and ldap backends can
allocate, the ad and rid backends can not. The idmap alloc range is now
being set with the "old" parameters "idmap uid" and "idmap gid".
The "idmap domains" parameter has been removed.
winbind reconnect delay
=======================
This is a new parameter which specifies the number of seconds the Winbind
daemon will wait between attempts to contact a Domain controller for a domain
that is determined to be down or not contactable.
idmap_adex
==========
The adex idmap/nss_info plugin is an adapation of the Likewise
Enterprise plugin with support for OU based cells removed
(since the Windows pieces to manage the cells are not available).
This plugin supports
* The RFC2307 schema for users and groups.
* Connections to trusted domains
* Global catalog searches
* Cross forest trusts
* User and group aliases
Prerequiste: Add the following attributes to the Partial Attribute
Set in global catalog:
* uidNumber
* uid
* gidNumber
A basic config using the current trunk code would look like:
[global]
idmap backend = adex
idmap uid = 10000 - 29999
idmap gid = 10000 - 29999
winbind nss info = adex
winbind normalize names = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
######################################################################
Changes
#######
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
cups connection timeout New 30
idmap domains Removed
init logon delayed hosts New ""
init logon delay New 100
winbind reconnect delay New 30
Changes since 3.3.0pre1:
------------------------
o Michael Adam <obnox@samba.org>
* BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff.
* BUG 5507: Fix several issues in the RHEL SPEC file.
o Jeremy Allison <jra@samba.org>
* BUG 5729: Explicitly allow "-valid".
* BUG 5737: Fix winbindd crash in an unusual failure mode.
* BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
* BUG 5762: Fix opening of mangled directory name (resulted
'is a stream name').
* BUG 5783: Fix FindFirst where search pattern == mangled filename.
* BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
disposition.
* Fix crashes when looking up a non-existant uid.
* Fix getting/setting of NT ACLs on a file.
* Add st_birthtime and friends for accurate create times on *BSD
and MacOSX).
* Fix the wcache_invalidate_samlogon calls.
* Clarify usage of "force create mode".
* Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid
mappings.
* Write times code update.
* Add experimental version of VFS module acl_xattr.
o Gerald W. Carter <jerry@samba.org>
* Fix segfault when calling nss_get_info() with a NULL ads structure.
* Add support for name aliasing in Winbind.
* Add the idmap/nss-info provider from Likewise Open.
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
* Add new idmap backend "adex" to support RFC2307 enabled AD forests.
o Steven Danneman <steven.danneman@isilon.com>
* Fix build warnings.
* Cleanup of DC enumeration in get_dcs().
o Günther Deschner <gd@samba.org>
* BUG 5710: Fix changing of machine account passwords.
* BUG 5784: Fix pam_winbind build issue on Solaris.
* Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
* Fix double installation of cifs.upcall.
o James Ding <ding_cc@hotmail.com>
* BUG 5736: Fix Winbind crash bug with trusted domains.
o Ephi Dror <Ephi.Dror@datadomain.com>
* Correct the netsamlogon_clear_cached_user function.
o Jeff Layton <jlayton@redhat.com>
* Fix build warnings in cifs.upcall.
o Volker Lendecke <vl@sernet.de>
* BUG 5707: Do proper error handling if the socket is closed.
* BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined.
* Fix Coverity IDs 587 and 589.
* Increase the default positive idmap cache time to a week.
* Fix calculation of useable_space for trans2 and nttrans replies.
* Add mapping of generic bits when setting an NFSv4 ACL.
o Stefan Metzmacher <metze@samba.org>
* Some write time fixes.
o Karolin Seeger <kseeger@samba.org>
* Add new parameter "cups connection timeout".
o Simo Sorce <idra@samba.org>
* Fix enumeration of nested group memberships in Winbind.
This affected only setups using "security = ads".
o Timur <timur@FreeBSD.org>
* Fix cut and paste error in quota code.
* Fix display of POSIX ACLs.
* Fix aio on FreeBSD.
o Andrew Tridgell <tridge@samba.org>
* Fix permissions of group_mapping.ldb (CVE-2008-3789).
* Avoid a race condition in glibc between AIO and setresuid().
* Add missing become root for AIO operations.
* Fix an errno handling bug that could lead to an infinite loop.
* Fix logic of tsmsm_sendfile().
* Fix handling of arbitrary new PAC types.
o Qiao Yang <geoyang@ironport.com>
* Fix a memleak.
Commit Highlights:
------------------
o Michael Adam <obnox@samba.org>
* BUG 5609: Remove configure option "--with-libdir" and add
"--with-modulesdir".
* Extend "net rpc vampire keytab" to support differential replication
and storing of kerberos keys.
* Rework internal logic of registry tdb code.
* Freeze autogenerated prototype headers (good bye "make proto").
o Jeremy Allison <jra@samba.org>
* Add new "winbind reconnect delay" parameter.
* Make the change to smbcontrol for "all" to mean broadcast,
and "smbd" to mean the main smb daemon.
o Gerald W. Carter <jerry@samba.org>
* Add support for name aliasing in Winbind.
* Add the idmap/nss-info provider from Likewise Open.
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
* Add new idmap backend "adex" to support RFC2307 enabled AD forests.
o Guenther Deschner <gd@samba.org>
* BUG 5710: Fix changing of machine account passwords.
* Add "net rpc vampire keytab" and "net rpc vampire ldif".
o Volker Lendecke <vl@samba.org>
* Rework of the Winbind idmap backend.
* Fix calculation of useable_space for trans2 and nttrans replies.
* Add mapping of generic bits when setting an NFSv4 ACL.
######################################################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.3 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
|
