1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
What's new in Samba 4 alpha6
============================
Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
Samba4 alpha6 follows on from the alpha release series we have been
publishing since September 2007
WARNINGS
========
Samba4 alpha6 is not a final Samba release. That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.
For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller, and it is
in this role where it has seen deployment into production.
Samba4 is subjected to an awesome battery of tests on an
automated basis, we have found Samba4 to be very stable in it's
behaviour. We have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage, because there may be the features on
which you may rely that are not present, or the mapping of
your configuration and user database may not be complete.
If you are upgrading, or looking to develop, test or deploy Samba4, you should
backup all configuration and data.
NEW FEATURES
============
Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.
Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.
The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations. This includes file
annotation information (in streams) and NT ACLs in particular. The
VFS is backed with an extensive automated test suite.
A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.
The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends. One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.
CHANGES SINCE Alpha5
=====================
In the time since Samba4 Alpha5 was released in June 2008, Samba has
continued to evolve, but you may particularly notice these areas
(in no particular order):
The source code for various libraries that are used by both Samba 3 and
Samba 4 are now shared between the two rather than duplicated
(and being slightly diverged).
The tevent library has been split out and is now usable on its own.
Several crash bugs and memory leaks in the registry library have been fixed.
The Python modules have been extended and are no longer generated using SWIG.
Stream renames are now supported.
The provision script now has an interactive mode.
The (broken) copy of CTDB has been removed.
More work towards supporting an OpenLDAP backend.
Initial work on using the Microsoft LDAP schema.
The storage of schemas in LDB is now much more efficient.
Support for extended DNs in LDB has been added.
Incoming trusts are now supported.
Compatibility of the registry server with several Windows versions has been
improved.
Improvements to LSA.idl for better functionality in the usrmgr.exe.
Improved handling of non-standard characters in passwords.
The embedded JavaScript library has been removed in favor of Python.
The WMI implementation has been re-added, but does not completely work yet.
xpress compression is now supported in the NDR layer.
The main binary is now named "samba" rather than "smbd".
A simple script for setting the expiration of a user was added.
It is now possible to use the system-installed Heimdal using the
experimental --enable-external-heimdal option to configure.
The LDB library is now completely asynchronous internally.
Various unknowns and correctness issues in the drsblobs and drsuapi RPC
interface implementations have been fixed.
It is now possible to connect to an LDAP backend using SASL credentials.
Multi-fragment NTtrans request support has been added.
The DCE/RPC server can now listen on a separate pipe to allow DCE/RPC
connections forwarded from Samba 3. The user credentials are provided
by the client.
A large number of bugs in the SMB2 implementation have been fixed.
Auxiliary classes in LDAP schema conversion are now collapsed.
These are just some of the highlights of the work done in the past few
months. More details can be found in our GIT history.
CHANGES
=======
Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.
KNOWN ISSUES
============
- Domain member support is in it's infancy, and is not comparable to
the support found in Samba3.
- There is no printing support in the current release.
- There is no NetBIOS browsing support in the current release
- The Samba4 port of the CTDB clustering support is not yet complete
- Clock Synchronisation is critical. Many 'wrong password' errors are
actually due to Kerberos objecting to a clock skew between client
and server. (The NTP work in the previous alpha is partly to assist
with this problem).
- Samba4 alpha6 is currently only portable to recent Linux
distributions. Work to return support for other Unix varients is
expected during the next alpha cycle
- Samba4 alpha6 is incompatible with GnuTLS 2.0, found in Fedora 9 and
recent Ubuntu releases. GnuTLS use may be disabled using the
--disable-gnutls argument to ./configure. (otherwise 'make test' and
LDAPS operations will hang).
RUNNING Samba4
==============
A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.
DEVELOPMENT and FEEDBACK
========================
Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.
The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.
Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).
|