diff options
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/BUGS | 24 | ||||
| -rw-r--r-- | source4/NEWS | 508 | ||||
| -rw-r--r-- | source4/TODO | 278 |
3 files changed, 810 insertions, 0 deletions
diff --git a/source4/BUGS b/source4/BUGS new file mode 100644 index 0000000000..1a9790ddd9 --- /dev/null +++ b/source4/BUGS @@ -0,0 +1,24 @@ +Samba4 alpha4 is not a final Samba release. That is more a reference +to Samba4's lack of the features we expect you will need than a +statement of code quality, but clearly it hasn't seen a broad +deployment yet. If you were to upgrade Samba3 (or indeed Windows) to +Samba4, you would find many things work, but that other key features +you may have relied on simply are not there yet. + +For example, while Samba 3.0 is an excellent member of a Active +Directory domain, Samba4 is happier as a domain controller, and it is +in this role where it has seen deployment into production. + +Samba4 is subjected to an awesome battery of tests on an +automated basis, we have found Samba4 to be very stable in it's +behaviour. We have to recommend against upgrading production servers +from Samba 3 to Samba 4 at this stage, because there may be the features on +which you may rely that are not present, or the mapping of +your configuration and user database may not be complete. + +If you are upgrading, or looking to develop, test or deploy Samba4, you should +backup all configuration and data. + +We welcome your testing, please file bug reports at +https://bugzilla.samba.org/, product: Samba4. Please include as much +information as possible, such as GIT revision number and backtraces. diff --git a/source4/NEWS b/source4/NEWS new file mode 100644 index 0000000000..8a63719a0e --- /dev/null +++ b/source4/NEWS @@ -0,0 +1,508 @@ +This file aims to document the major changes since the latest released version +of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems +and uses a different internal format for most data. Since this +file is an initial draft, please update missing items. + +One of the main goals of Samba 4 was Active Directory Domain Controller +support. This means Samba now implements several protocols that are required +by AD such as Kerberos and DNS. + +An (experimental) upgrade script that performs a one-way upgrade +from Samba 3 is available in source/setup/upgrade. + +Removal of nmbd and introduction of process models +================================================== +smbd now implements several network protocols other than just CIFS and +DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports +various 'process models' that specify how concurrent connections are +handled (when to fork, use threads, etc). + +Introduction of LDB +=================== +Samba now stores most of its persistent data in a LDAP-like database +called LDB (see ldb(7) for more info). + +Removed SWAT +================== +Unlike previous versions, Samba4 does not provide a web interface at this time. + +Built-in KDC +============ +Samba4 ships with an integrated KDC (Kerberos Key Distribution +Center). Backed directly onto our main internal database, and +integrated with custom code to handle the PAC, Samba4's KDC is an +integral part of our support for AD logon protocols. + +Built-in LDAP Server +==================== +Like the situation with the KDC, Samba4 ships with it's own LDAP +server, included to provide simple, built-in LDAP services in an AD +(rather than distinctly standards) matching manner. The database is +LDB, and it shares that in common with the rest of Samba. + +Changed configuration options +============================= +Several configuration options have been removed in Samba4 while others have +been introduced. This section contains a summary of changes to smb.conf and +where these settings moved. Configuration options that have disappeared may be +re-added later when the functionality that uses them gets reimplemented in +Samba 4. + +The 'security' parameter has been split up. It is now only used to choose +between the 'user' and 'share' security levels (the latter is not supported +in Samba 4 yet). The other values of this option and the 'domain master' and +'domain logons' parameters have been merged into a 'server role' parameter +that can be either 'domain controller', 'member server' or 'standalone'. Note that +member server support does not work yet. + +The following parameters have been removed: +- passdb backend: accounts are now stored in a LDB-based SAM database, + see 'sam database' below. +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- smb passwd file +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- wins hook +- wins partners +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- ldap server +- ldap port +- ldap admin dn +- ldap delete dn +- ldap group suffix +- ldap idmap suffix +- ldap machine suffix +- ldap passwd sync +- ldap password sync +- ldap replication sleep +- ldap suffix +- ldap ssl +- ldap timeout +- ldap page size +- ldap user suffix +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + +The following parameters have been added: ++ rpc big endian (G) + Make Samba fake it is running on a bigendian machine when using DCE/RPC. + Useful for debugging. + + Default: no + ++ case insensitive filesystem (S) + Set to true if this share is located on a case-insensitive filesystem. + This disables looking for a filename by trying all possible combinations of + uppercase/lowercase characters and thus speeds up operations when a + file cannot be found. + + Default: no + ++ js include (G) + Path to JavaScript library. + + Default: Set at compile-time + ++ setup directory + Path to data used by provisioning script. + + Default: Set at compile-time + ++ ncalrpc dir + Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport. + + Default: Set at compile-time + ++ ntvfs handler + Backend to the NT VFS to use (more than one can be specified). Available + backends include: + + - posix: + Maps POSIX FS semantics to NT semantics + + - simple: + Very simple backend (original testing backend). + + - unixuid: + Sets up user credentials based on POSIX gid/uid. + + - cifs: + Proxies a remote CIFS FS. Mainly useful for testing. + + - nbench: + Filter module that saves data useful to the nbench benchmark suite. + + - ipc: + Allows using SMB for inter process communication. Only used for + the IPC$ share. + + - print: + Allows printing over SMB. This is LANMAN-style printing (?), not + the be confused with the spoolss DCE/RPC interface used by later + versions of Windows. + + Default: unixuid default + ++ ntptr providor + FIXME + ++ dcerpc endpoint servers + What DCE/RPC servers to start. + + Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup + ++ server services + Services Samba should provide. + + Default: smb rpc nbt wrepl ldap cldap web kdc + ++ sam database + Location of the SAM (account database) database. This should be a + LDB URL. + + Default: set at compile-time + ++ spoolss database + Spoolss (printer) DCE/RPC server database. This should be a LDB URL. + + Default: set at compile-time + ++ wins config database + WINS configuration database location. This should be a LDB URL. + + Default: set at compile-time + ++ wins database + WINS database location. This should be a LDB URL. + + Default: set at compile-time + ++ client use spnego principal + Tells the client to use the Kerberos service principal specified by the + server during the security protocol negotation rather than + looking up the principal itself (cifs/hostname). + + Default: false + ++ nbt port + TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 137 + ++ dgram port + UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 138 + ++ cldap port + UDP/IP port used by the CLDAP protocol. + + Default: 389 + ++ krb5 port + IP port used by the kerberos KDC. + + Default: 88 + ++ kpasswd port + IP port used by the kerberos password change protocol. + + Default: 464 + ++ web port + TCP/IP port SWAT should listen on. + + Default: 901 + ++ tls enabled + Enable TLS support for SWAT + + Default: true + ++ tls keyfile + Path to TLS key file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a key. + + Default: none + ++ tls certfile + Path to TLS certificate file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a certificate. + + Default: none + ++ tls cafile + Path to CA authority file Samba will use to sign TLS keys it generates. If + no path is specified, Samba will create a self-signed CA certificate. + + Default: none + ++ tls crlfile + Path to TLS certificate revocation lists file. + + Default: none + ++ swat directory + SWAT data directory. + + Default: set at compile-time + ++ large readwrite + Indicate the CIFS server is able to do large reads/writes. + + Default: true + ++ unicode + Enable/disable unicode support in the protocol. + + Default: true diff --git a/source4/TODO b/source4/TODO new file mode 100644 index 0000000000..5efebed1b3 --- /dev/null +++ b/source4/TODO @@ -0,0 +1,278 @@ +build/smb_build/TODO +lib/registry/TODO +lib/tdr/TODO +pidl/TODO + +- seperate adminlog mechanism (as opposed to the current DEBUG log, + which is not really aimed at administrators but more at developers) + Perhaps similar to eventlog so we can also use eventlog to retrieve the data? + +- testsuite for the 'net' tool + +- and a lot of other stuff + +Configuration options +===================== + +The following options don't exist in Samba4 yet +or are not converted by the upgrade script +or will be removed: + +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- oplocks +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + |