1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
|
WHATS NEW IN Samba 3.0 alpha21
26th November 2002
===============================
This is a pre-release of Samba 3.0. This is NOT a stable release.
Use at your own risk.
The purpose of this alpha release is to get wider testing of the major
new pieces of code in the current Samba 3.0 development tree. We have
officially ceased development on the 2.2.x release of Samba and are
concentrating on Samba 3.0. To reduce the time before the final Samba 3.0
release we need as many people as possible to start testing these alpha
releases, and hopefully giving us some high quality feedback on what needs
fixing.
Note that Samba 3.0 is not feature complete yet. There is a more
coding we have planned, but unless we get what we have done already more
widely tested we will have a hard time doing a stable release in a
reasonable time frame.
Major new features:
-------------------
- Active Directory support. This release is able to join a ADS realm
as a member server and authenticate users using LDAP/kerberos.
- Unicode support. Samba will now negotiate UNICODE on the wire and
internally there is now a much better infrastructure for multi-byte
and UNICODE character sets.
- New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.
- new filename mangling system. The filename mangling system has been
completely rewritten. An internal database now stores mangling maps
persistently. This needs lots of testing.
- new "net" command. A new "net" command has been added. It is
somewhat similar to the "net" command in windows. Eventually we plan
to replace a bunch of other utilities (such as smbpasswd) with
subcommands in "net", at the moment only a few things are
implemented.
- Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
- better w2k printing support. The support for printing from win2000
clients has improved greatly.
Plus lots of other changes!
Reporting bugs & Development Discussion
---------------------------------------
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.openprojects.net
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.
Removed Parameters
------------------
* postscript
* printer driver
* printer driver location
* printer driver file
Added Parameters
---------------
* ldap trust ids
* acl compatibility
* mangle prefix
Modified Parameters
-------------------
* restrict anonymous
* password server
Changes in alpha21:
See cvs log for SAMBA_3_0 for complete details. There are many
smaller numerous changes that would clutter the release notes.
1) Numerous documentation updates including new Samba FAQ
2) Fixed logic error in checking wins server lists
3) Added more Solaris sendfile checks
4) Added --with-ldapsam for compatibility with 2.2.x Samba/LDAP setups
5) Add new client side support the Win2k LSARPC UUID in rpcbinds
Detect a native mode Win2k DC when in "security = domain"
6) Include Domain Local Groups in listing when a member of a native
mode Win2k domain
7) Fix ACL inheritance problem
8) Register <0x1c> name on unicast subnet
9) Removed stat() call in lp_add_home()
10) Change default of max_xmit to match W2K. Ensure NT negprot uses it
11) Merge the new ACL mapping code from Andreas Gruenbacher
12) Removed make_printerdef tool from build
13) Fix fd leak on printer queue tdb's
14) Better error/status loggin in both the pam_winbind client and
winbindd_pam
15) Fix fd leak with kernel change notify
16) Fix slowdown because of enumerating all print queues on every smbd startup
17) Fix --set-auth-user command to delete entries from the secrets file
when an empty username/password is passed on the command line
18) Added --get-auth-user to wbinfo for displaying account information
used to enumerate users and groups
19) Numerous updates for 'net rpc vampire' to migrate from an NT 4.0 Domain
20) Merge of scalable printing code from APP_HEAD
21) Numerous changes the passdb layer
22) More work on printer publishing in Active Directory
23) Enable "make modules" to build VFS libraries
24) Enable print notify messages on printer attributes from smbcontrol
25) Enable auto lookup of domain controllers when adding '*' to
"password server" parameter. Allows to have preferred list
of DC's, but not authoritative (e.g. password server = DC1 DC2 *)
===============================
Changes in older alpha releases follow:
---------------------------------------------------------------------
Changes in alpha20:
1) Rework the 'guest account gets RID 501' code again...
2) Change to use NT-based session key negotiated for Win2k SPNEGO
3) Support printer data registry keys other than the default
PrinterDriverData
4) Moved internal printerdata to REGISTRY_VALUE object
5) Corrected bug in dependentfiles list of DRIVER_INFO_3
6) fixed logic bug in blocking locks code
7) Updated registry api code to work with new printer data key
support
8) Added vfstest tool
9) round lock timeouts in lockingX upwards to multiples of 1 second
10) Fixed bugs in Printer Change Notify code
11) added a 'net ads lookup' command that does a CLDAP NetLogon
query to a win2000 server
12) Added script to find undocumented smb.conf parameters
13) Added missing parameters to smb.conf(5)
14) receive & parse main CLDAP reply from win2k server
15) removed "admin log" & "alternate permissions" parameters from smb.conf
16) added a generic print_guid utility, and get the byte order handing
17) fixed memory corruption in cli_full_connection()
18) remove unused 'max packet' and 'packet size' options
19) add support for the "value,OID" format described in MSDN for Printer
Data values
20) moves NT_TOKEN generation into our authentication code
21) Update documentation build system
22) Several fixes for IRIX compiler
23) Correctly handle "max data count" value in smb transacts
24) Fix for permissions error when adding/modifying using a Print
server handle
25) Fix pam_smbpass to always check the return value of pdb_getsampwnam()
26) Use the 'init' flag to determine if the UID is set, rather than testing
the uid for -1
27) Cope with non-unix accounts ) we just won't get the groups for those users
28) Add 'net rpc getsid' to fetch the PDC's SID into the local secrets.tdb.
Print domain SID on 'net rpc info'
29) don't use lp_passwd_file() to retrieve NIS domain name, but use location
instead
30) Various POSIX compatibility fixes
31) Show only non-default values in testparm
32) Fix longstanding bug in Win2k clients by clearing the shortname
buffer before returning ascii short name.
33) Add example backtrace script
34) Added NETLOGON NetServerAuthenticate3 include and parser file
35) fix for difference in strsep and strtok semantics in nmbd
36) Ensure we don't change to a user that we can't get an NT_TOKEN for
37) Put back in BDC support in set_server_role()
38) added a 'net rpc samdump' command for dumping the whole sam via
samsync operations (as a BDC)
39) don't use spnego in the client unless enabled in smb.conf
40) Added some new delta types discovered by Ronnie from ethereal
41) Cope with negative cache dns entries better
42) do not expose special files, only files, directories and links
43) attempts to simplify Samba's external lib dependencies
44) support non-root-mode systems without getgrouplist()
45) Some fixes for SMB signing
46) Pass the object name down to the enum_printers client rpc
47) add the netatalk VFS module
48) Ensure we have at least smb_size bytes before processing a packet
49) Allow us to "lock" printer tdb entries in memory to stop them being
re-used as cache
50) fix 2 byte alignment/offset bug that prevented Win2k/XP clients
from receiving all the printer data in EnumPrinterDataEx()
51) Add option to compile new sam system can be enabled with the
configure option --with-sam
52) Added SGML/DocBook version of developer oriented docs to build process
53) Return correct FILE_SUPERSEDED response
54) Added example sam module (skeleton)
55) Add plugin support for the sam system (based on passdb code)
56) show builtin groups in samdump
57) Adding samtest utility used to test sam backends
58) fix connecting to a BDC when the PDC is down but in WINS and no bcast
can be used to find a BDC
58) convert the LDAP/SASL code to use GSS-SPNEGO if possible
59) added cli_net_auth_3 client code
60) merge of phant0m key fix from APP_HEAD
61) allow rpcclient's samlogon command to use cli_net_3()
62) Added attribute specific OPEN tests
63) Fix bug with stat mode open being done on read-only open with
truncate
64) Add lots of const casts to function parameters
65) Implemented some more client side spoolss functions
66) usrmgr expects UNICODE as ProductType
67) Change JOB_INFO_CTR to return a pointer to an array rather than array of
pointers in client code
68) Various NTLMSSP fixes
69) fixed crash bug in cli_connection code
70) DeletePrinterDriver[Ex]() fixes from APP_HEAD
71) remove some inet_aton() calls for portability
72) Set default ACB attributes on 'unixsam' accounts
73) Add bcast_msg_flags to connection struct
74) aggregate change notify events in the smbd sender and when transmitting
75) Added better error code on out of space in printer spool directory
76) Removed total jobs check ) not applicable any more
77) fixed bug in share enumeration RPC code
78) extend the ADS_STATUS system to include NTSTATUS
79) commit trusted domain patch n+3
80) remove block VFS module
81) restrict readline headers to readline.c
82) merge of various recycle bin VFS patches
83) Winbind client-side cleanups
84) change parametric option name to vfs_recycle_bin it is more
sane and do not pollute standard options namespace too much
85) added --enable-python configure option for building the samba-python
unit tests
86) correct trans2 bugs in client for enumerating files/directories
87) Re-add OS/2 EA error codes
88) Added patch for required attributes in directory listings to reply code
89) Fix browse synchronization bug by noticing that W2K DMB's return empty
NetServerEnum2 on port 445, but not on port 139
90) Fix semantics of AbortPrinter() spoolss call in server code
91) Ensure we've failed a lock with a lock denied message before automatically
pushing it onto the blocking queue
92) Added experimental sendfile code
93) Initialize user_rid value in WINBIND_USERINFO structure returned by
the rpc version of query_user()
94) added gencache implementation
95) Merge the cli_shutdown change from 2_2
96) Fixes for DeletePrinterDriverEx()
97) Fixed alignment error in spoolss code
98) Changed Major/Minor version info reported to Server Manager to 4.9
99) Applied new display mode FLAGS for SWAT
100) Update to add DEVELOPER option to more parameters
101) Added --with-ads option, defaults to yes
102) Added --with-ldap option to configure
103) Add clock skew handling to our kerberos code
104) correct race condition in password change code for out machine account
when a member of a domain
105) First implementation for 'net rpc vampire'
106) store current handle's Device Mode with print job
107) Move functionality to check whether entries for lp_workgroup() and
"BUILTIN" exist and add them if necessary from check_correct_backend_entries
into sam_context_check_default_backends
108) allow --with-krb5 to override the location of the kerberos libs on
redhat
109) unlink spool file after submitting print job when using CUPS api
110) Add framework for samtest commands
111) Add the ability to view/set the current local domain SIDs to net command
112) When creating a group you have to take care of the fact that the
underlying unix might not like the group name
113) Don't uppercase the username and domain in a session setup
114) Merge of "profile acls" code from SAMBA_2_2
115) Check for existing of security descriptor in PRINTER_INFO_2 structure
in rpc client code
116) Move to common user token debugging, and ensure we always print both the
NT_TOKEN and the unix credentials
117) If adding a user to ldap, make sure we have the 'account' structural class,
or else we can't add to OpenLDAP 2.1
118) Kill of Get_Pwnam_Modify and smb_getpwnam()
119) add a 'ldap passwd sync' option to smb.conf
120) Whenever we deal with adding machine/trusted domain accounts, always reset
the flag to what we expect
121) Fix the circular dependency that was preventing 'domain master = auto' (the
default) from working
122) move all the passdb internal interface to NTSTATUS
123) to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to
store \\server\user back) and to correctly notice 'not set' compared to 'null
string' etc.
124) get some more of our access control bits right on the SAMR pipe
125) Add -r parameter to smbgroupedit. With -r you can manually choose
a rid
Changes in alpha19
1) Virtual registry framework with printing hooks (jerry)
2) Heavy registry updates (jerry)
3) Use 850 as the default DOS character set in smb.conf (tpot)
4) printer fixes ) removed encoding of queueid in job number (jra)
5) A lot of small fixes (jra)
6) Don't crash on setfileinfo on printer fsp(jra)
7) fixed line buffer mode in XFILE(jra)
8) update samba.schema from 2.2 (jerry,idra)
9) Fix problem with oplock breaks and win2k )
noticed by Lev Iserovich <lev@ciprico.com> (jra)
10) Update smbgroupedit to document -d ) thanks to metze (abartlet)
11) Support weird behaviour used by win9x pass-through auth (abartlet,tpot)
12) Support for duplicating stderr in log files (abartlet)
13) Move startup time initialisation to server.c (abartlet)
14) *A lot* of fixes and cleanups (abartlet)
15) Fix up compiler warnings (abartlet)
16) Few small fixes (tpot)
17) Renamed new_cli_netlogon_* -> cli_netlogon_* (tpot)
18) Fixed segfault in net time when host is unavailable (tridge)
19) Ensure to be root when opening printer backend tdb (jra)
20) Merges from APPLIANCE_HEAD (tpot,jerry)
21) configure updates (tridge)
22) getgrouplist() updates (tridge)
23) Support for pdbedit to query account policy values (abartlet)
24) Allow one to create trusting domain account using smbpasswd (mimir,abartlet)
25) 'Net rpc trustdom list' (mimir, abartlet)
26) Fix fallback to anonymous connection (mimir, abartlet)
27) Fix for pdb_ldap and OpenLDAP 2.1
28) Added support in swat to determine whether winbind is running (idra)
29) Add 'hide unwritable' option (idra)
30) Correct pickup of [homes] share after subsequent session setups (abartlet)
31) Update rebind code in pdb_ldap (abartlet)
32) Add some info levels to RPC srvsvc code )
thanks to Nigel Williams" <nigel@veritas.com> (abartlet)
33) Small doc fixes (tridge)
34) good security patch from Timothy.Sell@unisys.com (tridge)
35) fix minor nits in nmbd from adtam@cup.hp.com (tridge)
36) make sure async dns nmbd child dies (tridge)
37) interim fix for nmbd not registering DOMAIN#1b (tridge)
38) fix for smbtar filename matching (tridge)
39) Better quote handling in smb.conf (abartlet)
40) Support browsers setting multiple languages in swat (idra)
41) Changed str_list_make to be able to use a different separator string (idra)
42) Samsync support to insert account info into the pdb (tpot)
43) Don't hide unwritable dirs when 'hide unwritable' is enabled )
suggested by Alexander Oswald <oswald@is.haw-hamburg.de> (idra)
44) Fix for handling sparse files in smbd (tridge)
45) Merges from 2_2 (jerry)
46) Minor printer fixes (jerry)
47) Add some checks to SID lookup code (abartlet)
48) Cascaded VFS (Alexander Bokovoy, idra)
49) Some netbios-less connections support in ADS mode (tridge)
50) ADS tweaks (tridge)
51) Fix plaintext passwords with win2k (tridge)
52) 'net ads info' reports IP of LDAP server (tridge)
53) Add some more RPC functions (jmcd)
54) Add 'smb ports = ' option (tridge)
55) Various small fixes (tridge)
56) Passdb security checks (abartlet)
57) Large winbind updates (abartlet)
58) Moved rpc client routines from libsmb to rpc_client (tpot)
59) Few nmbd fixes (jmcd)
60) Fix swat to handle new debug level code (idra)
61) Fix name length bug in namequeries (tridge)
62) Don't have client binaries depend on libs they don't use )
patch from Steve Langasek <vorlon@netexpress.net> (abartlet)
63) Printing change notification (merged from HEAD_APPLIANCE) (jerry)
64) fix delete printer driver (from HEAD_APPLIANCE) (jerry)
65) Added pdb_xml and pdb_mysql (jelmer)
66) Update pdb_test (jelmer)
67) Fix security issues with %m (abartlet)
68) Support for service joins from win2k AND use SPNEGO (jmcd)
69) pdbedit -i and -e fix, add -b (idra)
70) textdocs converted to sgml (jelmer, jerry)
71) Merge netbios namecache code from APPLIANCE_HEAD (tpot)
72) Fix segs in new NTLMSSP code (abartlet)
73) Always make guest rid 501 (abartlet)
|