X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=WHATSNEW.txt;h=cf65bd04ebbcf581798bfa86419dcf9661a56a70;hb=eaebd8759b945e76b7b6d37867d811d3a541650c;hp=39f40026389e9c7a7c3f42b31bfa725a0dde31d8;hpb=710ce1c39a8885846cc0b62504419405f22f63d2;p=samba.git diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 39f40026389..cf65bd04ebb 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,12 +1,12 @@ Release Announcements ===================== -This is the first preview release of Samba 4.10. This is *not* +This is the first preview release of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Samba 4.10 will be the next version of the Samba suite. +Samba 4.11 will be the next version of the Samba suite. UPGRADING @@ -16,22 +16,212 @@ UPGRADING NEW FEATURES/CHANGES ==================== +Default samba process model +--------------------------- + +The default for the --model argument passed to the samba executable has changed +from 'standard' to 'prefork'. This means a difference in the number of samba +child processes that are created to handle client connections. The previous +default would create a separate process for every LDAP or NETLOGON client +connection. For a network with a lot of persistent client connections, this +could result in significant memory overhead. Now, with the new default of +'prefork', the LDAP, NETLOGON, and KDC services will create a fixed number of +worker processes at startup and share the client connections amongst these +workers. The number of worker processes can be configured by the 'prefork +children' setting in the smb.conf (the default is 4). + +Authentication Logging. +----------------------- + +Winbind now logs PAM_AUTH and NTLM_AUTH events, a new attribute "logonId" has +been added to the Authentication JSON log messages. This contains a random +logon id that is generated for each PAM_AUTH and NTLM_AUTH request and is passed +to SamLogon, linking the windbind and SamLogon requests. + +The serviceDescription of the messages is set to "winbind", the authDescription +is set to one of: + "PASSDB, , " + "PAM_AUTH, , " + "NTLM_AUTH, , " +where: + is the name of the command makinmg the winbind request i.e. wbinfo + is the process id of the requesting process. + +The version of the JSON Authentication messages has been changed to 1.2 from 1.1 + +LDAP referrals +-------------- + +The scheme of returned LDAP referrals now reflects the scheme of the original +request, i.e. referrals received via ldap are prefixed with "ldap://" +and those over ldaps are prefixed with "ldaps://" + +Previously all referrals were prefixed with "ldap://" + +Bind9 logging +------------- + +It is now possible to log the duration of DNS operations performed by Bind9 +This should aid future diagnosis of performance issues, and could be used to +monitor DNS performance. The logging is enabled by setting log level to +"dns:10" in smb.conf + +The logs are currently Human readable text only, i.e. no JSON formatted output. + +Log lines are of the form: + + : DNS timing: result: [] duration: () + zone: [] name: [] data: [] + + durations are in microseconds. + +Default schema updated to 2012_R2 +--------------------------------- + +Default AD schema changed from 2008_R2 to 2012_R2. 2012_R2 functional level +is not yet available. Older schemas can be used by provisioning with the +'--base-schema' argument. Existing installations can be updated with the +samba-tool command "domain schemaupgrade". + +Samba's replication code has also been improved to handle replication +with the 2012 schema (the core of this replication fix has also been +backported to 4.9.11 and will be in a 4.10.x release). + + +100,000 USER and LARGER Samba AD DOMAINS +======================================== + +Extensive efforts have been made to optimise Samba for use in +organisations (for example) targeting 100,000 users, plus 120,000 +computer objects, as well as large number of group memberships. + +Many of the specific efforts are detailed below, but the net results +is to remove barriers to significantly larger Samba deployments +compared to previous releases. + +Reindex performance improvements +-------------------------------- + +The performance of samba-tool dbcheck --reindex has been improved, +especially for large domains. + +join performance improvements +----------------------------- + +The performance of samba-tool domain join has been improved, +especially for large domains. + +LDAP Server memory improvements +------------------------------- + +The LDAP server has improved memory efficiency, ensuring that large +LDAP responses (for example a search for all objects) is not copied +multiple times into memory. + +Setting lmdb map size +--------------------- + +It is now possible to set the lmdb map size (The maximum permitted +size for the database). "samba-tool" now accepts the +"--backend-store-size" i.e. --backend-store-size=4Gb. If not +specified it defaults to 8Gb. + +This option is avaiable for the following sub commands: + * domain provision + * domain join + * domain dcpromo + * drs clone-dc-database + +LDB "batch_mode" +---------------- + +To improve performance during batch operations i.e. joins, ldb now +accepts a "batch_mode" option. However to prevent any index or +database inconsistencies if an operation fails, the entire transaction +will be aborted at commit. + +New LDB pack format +------------------- + +On first use (startup of 'samba' or the first transaction write) +Samba's sam.ldb will be updated to a new more efficient pack format. +This will take a few moments. + +New LDB <= and >= index mode to improve replication performance +--------------------------------------------------------------- + +As well as a new pack format, Samba's sam.ldb uses a new index format +allowing Samba to efficiently select objects changed since the last +replication cycle. This in turn improves performance during +replication of large domains. + +Improvements to ldb search performance +-------------------------------------- + +Search performance on large LDB databases has been improved by +reducing memory allocations made on each object. + +Improvements to subtree rename performance +------------------------------------------ + +Improvements have been made to Samba's handling of subtree renames, +for example of containers and organisational units, however large +renames are still not recommended. + + REMOVED FEATURES ================ +Web server +---------- + +As a leftover from work related to the Samba Web Administration Tool (SWAT), +Samba still supported a Python WSGI web server (which could still be turned on +from the 'server services' smb.conf parameter). This service was unused and has +now been removed from Samba. + + +samba-tool join subdommain +-------------------------- + +The subdommain role has been removed from the join command. This option did +not work and has no tests. + + +Python2 support +--------------- + +Samba 4.11 will not have any runtime support for Python 2. + +If you are building Samba using the '--disable-python' option +(i.e. you're excluding all the run-time Python support), then this +will continue to work on a system that supports either python2 or +python3. + +To build Samba with python2 you *must* set the 'PYTHON' environment +variable for both the 'configure' and 'make' steps, i.e. + 'PYTHON=python2 ./configure' + 'PYTHON=python2 make' +This will override the python3 default. + +Except for this specific build-time use of python2, Samba now requires +Python 3.4 as a minimum. smb.conf changes ================ - Parameter Name Description Default - -------------- ----------- ------- + Parameter Name Description Default + -------------- ----------- ------- + + web port Removed + fruit:zero_file_id Changed default False KNOWN ISSUES ============ -https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.10#Release_blocking_bugs +https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.11#Release_blocking_bugs #######################################