X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=WHATSNEW.txt;h=3fac3606a8cd8209db6dc20ad89c7f4d93241567;hb=77a551d613059fd2df0fbfbd86f206c2b59e91a7;hp=726fb1cd9719ba55e72af9819551b2d9bcf36da9;hpb=f78c5e2c72be912f2f05a07f98a8e1e3619539c7;p=mat%2Fsamba.git diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 726fb1cd97..3fac3606a8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,44 +1,40 @@ -What's new in Samba 4 alpha5 -============================ +What's new in Samba 4 alpha17 +============================= -Samba 4 is the ambitious next version of the Samba suite that is being -developed in parallel to the stable 3.0 series. The main emphasis in -this branch is support for the Active Directory logon protocols used -by Windows 2000 and above. - -Samba4 alpha5 follows on from the alpha release series we have been -publishing since September 2007 +Samba 4.0 will be the next version of the Samba suite and incorporates +all the technology found in both the Samba4 alpha series and the +stable 3.x series. The primary additional features over Samba 3.6 are +support for the Active Directory logon protocols used by Windows 2000 +and above. WARNINGS ======== -Samba4 alpha5 is not a final Samba release. That is more a reference -to Samba4's lack of the features we expect you will need than a -statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. +Samba4 alpha17 is not a final Samba release, however we are now making +good progress towards a Samba 4.0 release, of which this is a preview. +Be aware the this release contains both the technology of Samba 3.6 +(that you can reasonably expect to upgrade existing Samba 3.x releases +to) and the AD domain controller work previously known as 'samba4'. -For example, while Samba 3.0 is an excellent member of a Active -Directory domain, Samba4 is happier as a domain controller, and it is -in this role where it has seen deployment into production. +While binaries for the stable file server are provided in this +release, for a stable, supported file server, Samba3 domain or AD +domain member installation, please run a Samba 3.x release, as we are +still bedding down the new single build system. -Samba4 is subjected to an awesome battery of tests on an -automated basis, we have found Samba4 to be very stable in it's -behaviour. We have to recommend against upgrading production servers -from Samba 3 to Samba 4 at this stage, because there may be the features on -which you may rely that are not present, or the mapping of -your configuration and user database may not be complete. +Samba4 is subjected to an awesome battery of tests on an automated +basis, we have found Samba 4.0 to be very stable in it's behavior. +However, we still recommend against upgrading production servers from +Samba 3.x release to Samba 4.0 alpha at this stage. -If you are upgrading, or looking to develop, test or deploy Samba4, you should -backup all configuration and data. +If you are upgrading, or looking to develop, test or deploy Samba 4.0 +alpha releases, you should backup all configuration and data. NEW FEATURES ============ -Samba4 supports the server-side of the Active Directory logon environment -used by Windows 2000 and later, so we can do full domain join -and domain logon operations with these clients. +Samba 4.0 alpha supports the server-side of the Active Directory logon +environment used by Windows 2000 and later, so we can do full domain +join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the @@ -46,101 +42,140 @@ Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. -The new VFS features in Samba 4 adapts the filesystem on the server to -match the Windows client semantics, allowing Samba 4 to better match -windows behaviour and application expectations. This includes file -annotation information (in streams) and NT ACLs in particular. The -VFS is backed with an extensive automated test suite. +Samba 4.0 alpha ships with two distinct file servers. The file server +from the Samba 3.x series is 'smbd', and works with the binaries users +would expect from that series (nmbd, winbindd, smbpasswd). + +Samba 4.0 also ships with a new file server, which is tuned to match +the requirements of an AD domain controller. Users should not use the +file server in the 'samba' binary for non-DC related tasks. -A new scripting interface has been added to Samba 4, allowing -Python programs to interface to Samba's internals. +A new scripting interface has been added to Samba 4, allowing Python +programs to interface to Samba's internals, and many tools and +internal workings of the DC code is now implemented in python. -The Samba 4 architecture is based around an LDAP-like database that -can use a range of modular backends. One of the backends supports -standards compliant LDAP servers (including OpenLDAP), and we are -working on modules to map between AD-like behaviours and this backend. -We are aiming for Samba 4 to be powerful frontend to large -directories. -CHANGES SINCE Alpha4 +CHANGES SINCE alpha16 ===================== -In the time since Samba4 Alpha4 was released in June 2008, Samba has -continued to evolve, but you may particularly notice these areas: +For a list of changes since alpha 15, please see the git log. + +$ git clone git://git.samba.org/samba.git +$ cd samba.git +$ git log release-4-0-0alpha16..release-4-0-0alpha17 + +Some major user-visible changes include: + +samba-tool dbcheck +------------------ + +We now have an fsck-like tool for Samba's internal sam.ldb database. +Run samba-tool dbcheck after installation to check your database for +self-consistency. Any database created with a previous Samba4 alpha +will have a very large number of consistency errors, which this tool +can fix. - LDAP backend support restored (issues preventing the use of the LDAP - backend in alpha4 have been addressed). +See also the -H option to point dbcheck at a different database to the +default, and the --fix and --yes options to make changes and to not +prompt about those changes. - SMB2 Support: The SMB2 server, while still disabled, has improved, - and now supports SMB2 signing. +After upgrading Samba, it is suggested that you do the following: - OpenChange support: Updates have been made since alpha4 to better - support OpenChange's use of Samba4's libraries. + - stop samba + - take a backup copy of your sam.ldb and sam.ldb.d/* database files + - run samba-tool dbcheck --cross-ncs --fix + - use 'all' to say yes to fixing each type of error found + - after it has finished, run dbcheck again to ensure it reports no + errors - Faster ldb loading: A fix to avoid calling 'init_module' (which was - not defined by Samba modules, but was by the C library) will fix - some of the slowness in authentication. +There will be a lot of errors fixed, particularly related to +bad/missing GUID values. This is due to a bug in previous releases +that left many objects with bad GUID values. These can all be fixed +using dbcheck with steps above. - SWAT Remains Disabled: Due to a lack of developer time and without a - long-term web developer to maintain it, the SWAT web UI remains been - disabled (and would need to be rewritten in python in any case). - GNU Make: To try and simplfy our build system, we rely on GNU Make - to avoid autogenerating a massive single makefile. +New default paths +----------------- +The configure options for paths have changed again, and the +--enable-fhs option has been reinstated. Packagers should attempt to +first package Samba using: -These are just some of the highlights of the work done in the past few -months. More details can be found in our GIT history. +./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var +and only after examining the location Samba uses with these options +should further changes be made. Existing packaging scripts are not +expected to work unmodified, instead the Samba Team's aim is to +simplify such scripts for the long term. -CHANGES -======= +samba-tool domain samba3upgrade +------------------------------- -Those familiar with Samba 3 can find a list of user-visible changes -since that release series in the NEWS file. +The new samba-tool domain samba3upgrade command is a supported upgrade route from Samba +3.x domain controllers to Samba 4.0 AD domain controllers. This +provides a one-time migration of all users, domain members, passwords, +groups, group members and account polcies. + +This tool is still under development and may fail when presented with +an inconsistant Samba3 database (such as many LDAP configurations). +We hope to improve the error handling and recovery in these +situations, so please provide feedback using the samba-technical +mailing list. KNOWN ISSUES ============ -- Domain member support is in it's infancy, and is not comparable to - the support found in Samba3. +- Installation on systems without a system iconv (and developer + headers at compile time) is known to cause errors when dealing with + non-ASCII characters. + +- In some situations, group members may not be upgraded by the + samba-tool domain upgrade_from_s3 script + +- The samba-tool domain join script will not join Windows 2000 domains. -- There is no printing support in the current release. +- Domain member support in the 'samba' binary is in it's infancy, and + is not comparable to the support found in winbindd. As such, do not + use the 'samba' binary (provided for the AD server) on a member + server. -- There is no NetBIOS browsing support in the current release +- There is no printing support in the 'samba' binary (use smbd instead) -- The Samba4 port of the CTDB clustering support is not yet complete +- There is no NetBIOS browsing support (network neighbourhood) in the + 'samba' binary (use nmbd and smbd instead) - Clock Synchronisation is critical. Many 'wrong password' errors are actually due to Kerberos objecting to a clock skew between client - and server. (The NTP work in the previous alpha is partly to assist + and server. (The NTP work in the previous alphas are partly to assist with this problem). -- Samba4 alpha5 is currently only portable to recent Linux - distributions. Work to return support for other Unix varients is - expected during the next alpha cycle +- The DRS replication code may fail. Please contact the team if you + experience issues with DRS replication, as we have fixed many issues + here in response to feedback from our production users. + +RUNNING Samba 4.0 as an AD DC +============================= + +A short guide to setting up Samba 4 as an AD DC can be found on the wiki: -- Samba4 alpha5 is incompatible with GnuTLS 2.0, found in Fedora 9 and - recent Ubuntu releases. GnuTLS use may be disabled using the - --disable-gnutls argument to ./configure. (otherwise 'make test' and - LDAPS operations will hang). + http://wiki.samba.org/index.php/Samba4/HOWTO -RUNNING Samba4 -============== +####################################### +Reporting bugs & Development Discussion +####################################### -A short guide to setting up Samba 4 can be found in the howto.txt file -in root of the tarball. +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. -DEVELOPMENT and FEEDBACK -======================== -Bugs can be filed at https://bugzilla.samba.org/ but please be aware -that many features are simply not expected to work at this stage. +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). -The Samba Wiki at http://wiki.samba.org should detail some of these -development plans. -Development and general discussion about Samba 4 happens mainly on -the #samba-technical IRC channel (on irc.freenode.net) and -the samba-technical mailing list (see http://lists.samba.org/ for -details). +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +======================================================================