diff options
Diffstat (limited to 'WHATSNEW.txt')
| -rw-r--r-- | WHATSNEW.txt | 277 |
1 files changed, 269 insertions, 8 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bff189c2db..ab78957cca 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,5 +1,263 @@ - WHATS NEW IN Samba 2.0.0 beta1 - ============================== + WHATS NEW IN Samba 2.0.4b + ========================= + +This is the latest stable release of Samba. This is the +version that all production Samba servers should be running +for all current bug-fixes. + +New/Changed parameters in 2.0.4 +------------------------------- + +There are 5 new parameters and one modified parameter in +the smb.conf file. + +allow trusted domains +restrict anonymous +mangle locks +oplock break wait time +oplock contention limit + +The new parameters are : + +allow trusted domains +--------------------- + +This option is used in "security=domain" settings and allows +the Samba admin to restrict access to users within the domain +the the Samba server is in. + +restrict anonymous +------------------ + +This parameter allows the Samba admin to cause Samba to +refuse access to anonymous users. Use of this parameter +is only recommened for homogenous NT client environments. + +mangle locks +------------ + +This parameter was added to get around a bug in Windows NT +when dealing with Samba running on 32-bit systems (such +as Linux x86). This bug causes NT to send 64 bit locking +requests to 32-bit systems even though Samba correctly +tells the NT client not to do so. This option causes Samba +to map the lock requests from 64 bits to 32 bits on these +systems. + +oplock break wait time +---------------------- + +This tuning parameter, added to help with clients that don't +respond to oplock break requests, causes Samba to deley for +this number of milliseconds before sending an oplock break +request to a client that caused the break to be sent. The +default is 10ms. This is an advanced tuning parameter and +should not be changed lightly. + +oplock contention limit +----------------------- + +This tuning parameter causes Samba not to grant oplocks +when an smbd daemon notices that there have been this +many concurrent requests for an oplock on a file. This +prevents the "baton passing" oplock problem where many +clients accessing one file pass the oplock between themselves +like a baton. The default is 2. This is an advanced tuning +parameter and should not be changed lightly. + +The modified parameter is : + +nt acl support +-------------- + +This is a global parameter that defaulted to False in +the previous release (2.0.3) and now defaults to True +as the RPC code has been added to Samba to allow it to +map UNIX permissions to NT ACLs. + +All of these new parameters and changes are documented in the +smb.conf man pages and html pages. + +Updated and New documentation +----------------------------- + +A new document describing the manipulation of UNIX permissions +via the Windows NT security dialogs and their interaction with +Samba 2.0.4 is provided as : + +docs/textdocs/NT_Security.txt +docs/htmldocs/NT_Security.html + +Changes in 2.0.4b +----------------- + +A bug with MS-Word 97 saving files with zero UNIX permissions +was fixed. Even though a workaround is available (set force +create mode = 644 on the share) Word is such an important +application that a point fix was neccessary. + +Changes in 2.0.4a +----------------- + +The text and html versions of NT_Security were missing from +the shipping tarball. Also a compile bug for platforms that +don't have usleep was fixed. + +Bugfixes added since 2.0.3 +-------------------------- + +1). Fix for 8 character password problem when using HPUX and +plaintext passwords. +2). --with-pam option added to ./configure. +3). Client fixes for memory leak and display of 64 bit values. +4). Fixes for -E and -s option with smbclient. +5). smbclient now allows -L //server or -L \\server +6). smbtar fix for display of 64 bit values. +7). Endian independence added to DCE/RPC code. +8). DCE/RPC marshalling/unmarshalling code re-written to provide +overflow reporting and sign and seal support. +9). Bind NAK reply packet added to DCE/RPC code, used to correctly +refuse bind requests (prevents NT system event log messages). +10). Mapping of UNIX permissions into NT ACL's for get and set +added. +11). DCE/RPC enumeration of numbers of shares made dynamic. +Samba now has no limit on the number of exported shares seen. +12). Fix to speed up random number seed generation on /dev/urandom +being unavailable. +13). Several memory fixes added by running Purify on the code. +14). Read from client error messages improved. +15). Fixed endianness used in UNICODE strings. +16). Cope with ERRORmoredata in an RPC pipe client call. +17). Check for malformed responses in nmbd register name. +18). NT Encrypted password changing from the NT password dialog box +now fully implmented. +19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit +Samba platform. +20). Allow file to be pseudo-openend in order to read security only. +21). Improve filename mangling to reduce chance of collisions. +22). Added code to prevent granting of oplocks when a file is under +contention. +23). Added tunable wait time before sending an oplock break request +to a client if the client caused the break request. Helps with clients +not responding to oplock breaks. +24). Always respond negatively to queued local oplock break messages +before shutdown. This can prevent "freezes" on an oplock error. +25). Allow admin to restrict logons to correct domain when in domain +level security. +26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org) +to prevent parameter substitution problems with anonymous connections. +27). Fix SMBseek where seeking to a negative number sets the offset +to zero. +28). Fixed problem with mode getting corrupted in trans2 request +(setting to zero means please ignore it). +29). Correctly become the authenticated user on an authenticated +DCE/RPC pipe request. +30). Correctly reset debug level in nmbd if someone set it on the +command line. +31). Added more checking into testparm +32). NetBench simulator added to smbtorture by Andrew. +33). Fixed NIS+ option compile (was broken in 2.0.3). +34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt +(ejb@ql.org) + +Bugfixes added since 2.0.2 +-------------------------- + +1). --with-ssl configure now include ssl include directory. Fix +from Richard Sharpe. +2). Patch for configure for glibc2.1 support (large files etc.). +3). Several bugfixes for smbclient tar mode from Bob Boehmer +(boehmer@worldnet.att.net) to fix smbclient aborting problems +when restoring tar files. +4). Some automount fixes for smbmount. +5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as +root. As no-one has given us root access to such a server this +cannot be tested fully, but should work. +6). Crash bug fix in debug code where *real* uid rather than +*effective* uid was being checked before attempting to rotate +log files. This fix should help a *lot* of people who were +reporting smbd aborting in the middle of a copy operation. +7). SIGALRM bugfix to ensure infinate file locks time out. +8). New code to implement NT ACL reporting for cacls.exe program. +9). UDP loopback socket rebind fix for Solaris. +10). Ensure all UNICODE strings are correctly in little-endian +format. +11). smbpasswd file locking fix. +12). Fixes for strncpy problems with glibc2.1. +13). Ensure smbd correctly reports major and minor version number +and server type when queried via NT rpc calls. +14). Bugfix for short mangled names not being pulled off the +mangled stack correctly. +15). Fix for mapping of rwx bits being incorrectly overwritten +when doing ATTRIB.EXE +16). Fix for returning multiple PDU packets in NT rpc code. Should +allow multiple shares to be returned correctly). +17). Improved mapping of NT open access requests into UNIX open +modes. +18). Fix for copying files from an NTFS volume that contain +multiple data forks. Added 'magic' error code NT needs. +19). Fixed crash bug when primary NT authentication server +is down, rolls over to secondaries correctly now. +20). Fixed timeout processing to be timer based. Now will +always occur even if smbd is under load. +21). Fixed signed/unsigned problem in quotas code. +22). Fixed bug where setting the password of a completely fresh +user would end up setting the account disabled flag. +23). Improved user logon messages to help admins having +trouble with user authentication. + +Bugfixes added since 2.0.1 +-------------------------- + +Note that due to a critical signal handling bug in 2.0.1, +this release has been removed and replaced immediately with +2.0.2. The Samba Team would like to apologise for any problem +this may have caused. + +1). Fixed smbd looping on SIGCLD problem. This was + caused by a missing break statement in a critical + piece of code. + +Bugfixes added since 2.0.0 +-------------------------- + +1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6 +2). Autoconf changes to help HPUX configure correctly. +3). Autoconf changes to allow lock directory to be set. +4). Client fix to allow port to be set. +5). clitar fix to send debug messages to stderr. +6). smbmount race condition fix. +7). Fix for bug where trying to browse large numbers of shares + generated an error from an NT client. +8). Wrapper for setgroups for SunOS 4.x +9). Fix for directory deleting failing from multiuser NT. +10). Fix for crash bug if bitmap was full. +11). Fix for Linux genrand where /dev/random could cause + clients to timeout on connect if the entropy pool was + empty. +12). The default PASSWD_CHAT may now be overridden in local.h +13). HPUX printing fixes for default programs. +14). Reverted (erroneous) code in MACHINE.SID generation that + was setting the sid to 0x21 - should be *decimal* 21. +15). Fix for printing to remote machine under SVR4. +16). Fix for chgpasswd wait being interrupted with EINTR. +17). Fix for disk free routine. NT and Win98 now correctly + show greater than 2GB disks. +18). Fix for crash bug in stat cache statistics printing. +19). Fix for filenames ending in .~xx. +20). Fix for access check code wait being interrupted with EINTR. +21). Fix for password changes from "invalid password" to a valid + one setting the account disabled bit. +22). Fix for smbd crash bug in SMBreadraw cache prime code. +23). Fix for overly zealous lock range overflow reporting. +24). Fix for large disk disk free reporting (NT SMB code). +25). Fix for NT failing to truncate files correctly. +26). Fix for smbd crash bug with SMBcancel calls. +27). Additional -T flag to nmblookup to do reverse DNS on addresses. +28). SWAT fix to start/stop smbd/nmbd correctly. + +Major changes in Samba 2.0 +-------------------------- This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file and print server for Windows systems. @@ -12,9 +270,6 @@ for configuring Samba has been added. In addition, Samba has been re-written to help portability to other POSIX-based systems, based on the GNU autoconf tool. -Major changes in Samba 2.0 --------------------------- - There are many major changes in Samba for version 2.0. Here are some of them: @@ -107,6 +362,10 @@ In addition, Samba now defaults to case sensitivity options that match a Windows NT server precisely, that is, case insensitive but case preserving. +The default format of the smbpasswd file has also been +changed for this release, although the new tools will read +and write the old format, for backwards compatibility. + ===================================================================== NOTE - Primary Domain Controller Functionality @@ -120,9 +379,11 @@ Domain Controller than serving Windows NT logon requests. A useful version of a Primary Domain Controller contains many remote procedure calls to do things like enumerate users, groups, and security information, only some of which Samba currently -implements. For this reason we have chosen not to advertise -and actively support Primary Domain Controller functionality -with this release. +implements. In addition, there are outstanding (known) bugs with +using Samba as a PDC in this release that the Samba Team are actively +working on. For this reason we have chosen not to advertise and +actively support Primary Domain Controller functionality with this +release. This work is being done in the CVS (developer) versions of Samba, development of which continues at a fast pace. If you are |