Release Announcements
=====================
-This is the first preview release of Samba 4.4. This is *not*
+This is the first preview release of Samba 4.9. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
-Samba 4.4 will be the next version of the Samba suite.
+Samba 4.9 will be the next version of the Samba suite.
UPGRADING
=========
-Nothing special.
-NEW FEATURES
-============
-
-WINS nsswitch module
+NEW FEATURES/CHANGES
====================
-The WINS nsswitch module has been rewritten to address memory issues and to
-simplify the code. The module now uses libwbclient to do WINS queries. This
-means that winbind needs to be running in order to resolve WINS names using
-the nss_wins module. This does not affect smbd.
-######################################################################
-Changes
-#######
+net ads setspn
+---------------
+
+There is a new 'net ads setspn' sub command for managing Windows SPN(s)
+on the AD. This command aims to give the basic functionaility that is
+provided on windows by 'setspn.exe' e.g. ability to add, delete and list
+Windows SPN(s) stored in a Windows AD Computer object.
+
+The format of the command is:
+
+net ads setspn list [machine]
+net ads setspn [add | delete ] SPN [machine]
+
+'machine' is the name of the computer account on the AD that is to be managed.
+If 'machine' is not specified the name of the 'client' running the command
+is used instead.
+
+The format of a Windows SPN is
+ 'serviceclass/host:port/servicename' (servicename and port are optional)
+
+serviceclass/host is generally sufficient to specify a host based service.
+
+net ads keytab changes
+----------------------
+net ads keytab add no longer attempts to convert the passed serviceclass
+(e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
+computer object. By default just the keytab file is modified.
+
+A new keytab subcommand 'add_update_ads' has been added to preserve the
+legacy behaviour. However the new 'net ads setspn add' subcommand should
+really be used instead.
+
+net ads keytab create no longer tries to generate SPN(s) from existing
+entries in a keytab file. If it is required to add Windows SPN(s) then
+'net ads setspn add' should be used instead.
+
+Local authorization plugin for MIT Kerberos
+-------------------------------------------
+
+This plugin controls the relationship between Kerberos principals and AD
+accounts through winbind. The module receives the Kerberos principal and the
+local account name as inputs and can then check if they match. This can resolve
+issues with canonicalized names returned by Kerberos within AD. If the user
+tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
+Kerberos would return ALICE as the username. Kerberos would not be able to map
+'alice' to 'ALICE' in this case and auth would fail. With this plugin account
+names can be correctly mapped. This only applies to GSSAPI authentication,
+not for the geting the initial ticket granting ticket.
+
+REMOVED FEATURES
+================
+
+
smb.conf changes
-----------------
+================
+
+As the most popular Samba install platforms (Linux and FreeBSD) both
+support extended attributes by default, the parameters "map readonly",
+"store dos attributes" and "ea support" have had their defaults changed
+to allow better Windows fileserver compatibility in a default install.
- Parameter Name Description Default
- -------------- ----------- -------
+ Parameter Name Description Default
+ -------------- ----------- -------
+ map readonly Default changed no
+ store dos attributes Default changed yes
+ ea support Default changed yes
+
+VFS interface changes
+=====================
+
+The VFS ABI interface version has changed to 39. Function changes
+are:
+
+SMB_VFS_FSYNC: Removed: Only async versions are used.
+SMB_VFS_READ: Removed: Only PREAD or async versions are used.
+SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used.
+SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used.
+SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used.
+
+Any external VFS modules will need to be updated to match these
+changes in order to work with 4.9.x.
KNOWN ISSUES
============
-Currently none.
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs
+
#######################################
Reporting bugs & Development Discussion
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
-be filed under the Samba 4.3 product in the project's Bugzilla
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).