The version of the JSON Authentication messages has been changed to 1.2 from 1.1
-Reindex performance improvements
---------------------------------
-
-The performance of samba-tool dbcheck --reindex has been improved, especially
-for large domains.
-
LDAP referrals
--------------
durations are in microseconds.
+Default schema updated to 2012_R2
+---------------------------------
+
+Default AD schema changed from 2008_R2 to 2012_R2. 2012_R2 functional level
+is not yet available. Older schemas can be used by provisioning with the
+'--base-schema' argument. Existing installations can be updated with the
+samba-tool command "domain schemaupgrade".
+
+Samba's replication code has also been improved to handle replication
+with the 2012 schema (the core of this replication fix has also been
+backported to 4.9.11 and will be in a 4.10.x release).
+
+GnuTLS 3.2 required
+-------------------
+
+Samba is making efforts to remove in-tree cryptographic functionality,
+and to instead rely on externally maintained libraries. To this end,
+Samba has chosen GnuTLS as our standard cryptographic provider.
+
+Samba now requires GnuTLS 3.2 to be installed (including development
+headers at build time) for all configurations, not just the Samba AD
+DC.
+
+NOTE WELL: The use of GnuTLS means that Samba will honour the
+system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
+standard) and so will not operate in many still common situations if
+this system-wide parameter is in effect, as many of our protocols rely
+on outdated cryptography.
+
+A future Samba version will mitigate this to some extent where good
+cryptography effectively wraps bad cryptography, but for now that above
+applies.
+
+samba-tool improvements
+-----------------------
+
+A new "samba-tool contact" command has been added to allow the
+command-line manipulation of contacts, as used for address book
+lookups in LDAP.
+
+The "samba-tool [user|group|computer|group|contact] edit" command has been
+improved to operate more pleasantly on international character sets.
+
+100,000 USER and LARGER Samba AD DOMAINS
+========================================
+
+Extensive efforts have been made to optimise Samba for use in
+organisations (for example) targeting 100,000 users, plus 120,000
+computer objects, as well as large number of group memberships.
+
+Many of the specific efforts are detailed below, but the net results
+is to remove barriers to significantly larger Samba deployments
+compared to previous releases.
+
+Reindex performance improvements
+--------------------------------
+
+The performance of samba-tool dbcheck --reindex has been improved,
+especially for large domains.
+
+join performance improvements
+-----------------------------
+
+The performance of samba-tool domain join has been improved,
+especially for large domains.
+
+LDAP Server memory improvements
+-------------------------------
+
+The LDAP server has improved memory efficiency, ensuring that large
+LDAP responses (for example a search for all objects) is not copied
+multiple times into memory.
+
+Setting lmdb map size
+---------------------
+
+It is now possible to set the lmdb map size (The maximum permitted
+size for the database). "samba-tool" now accepts the
+"--backend-store-size" i.e. --backend-store-size=4Gb. If not
+specified it defaults to 8Gb.
+This option is avaiable for the following sub commands:
+ * domain provision
+ * domain join
+ * domain dcpromo
+ * drs clone-dc-database
+LDB "batch_mode"
+----------------
+
+To improve performance during batch operations i.e. joins, ldb now
+accepts a "batch_mode" option. However to prevent any index or
+database inconsistencies if an operation fails, the entire transaction
+will be aborted at commit.
+
+New LDB pack format
+-------------------
+
+On first use (startup of 'samba' or the first transaction write)
+Samba's sam.ldb will be updated to a new more efficient pack format.
+This will take a few moments.
+
+New LDB <= and >= index mode to improve replication performance
+---------------------------------------------------------------
+
+As well as a new pack format, Samba's sam.ldb uses a new index format
+allowing Samba to efficiently select objects changed since the last
+replication cycle. This in turn improves performance during
+replication of large domains.
+
+Improvements to ldb search performance
+--------------------------------------
+
+Search performance on large LDB databases has been improved by
+reducing memory allocations made on each object.
+
+Improvements to subtree rename performance
+------------------------------------------
+
+Improvements have been made to Samba's handling of subtree renames,
+for example of containers and organisational units, however large
+renames are still not recommended.
+
+CTDB changes
+============
+
+* nfs-linux-kernel-callout now defaults to using systemd service names
+
+ The Red Hat service names continue to be the default.
+
+ Other distributions should patch this file when packaging it.
+
+* The onnode -o option has been removed
+
+* ctdbd logs when it is using more than 90% of a CPU thread
+
+ ctdbd is single threaded, so can become saturated if it uses the
+ full capacity of a CPU thread. To help detect this situation, ctdbd
+ now logs messages when CPU utilisation exceeds 90%. Each change in
+ CPU utilisation over 90% is logged. A message is also logged when
+ CPU utilisation drops below the 90% threshold.
+
+* Script configuration variable CTDB_MONITOR_SWAP_USAGE has been removed
+
+ 05.system.script now monitors total memory (i.e. physical memory +
+ swap) utilisation using the existing CTDB_MONITOR_MEMORY_USAGE
+ script configuration variable.
REMOVED FEATURES
now been removed from Samba.
+samba-tool join subdommain
+--------------------------
+
+The subdommain role has been removed from the join command. This option did
+not work and has no tests.
+
+
+Python2 support
+---------------
+
+Samba 4.11 will not have any runtime support for Python 2.
+
+If you are building Samba using the '--disable-python' option
+(i.e. you're excluding all the run-time Python support), then this
+will continue to work on a system that supports either python2 or
+python3.
+
+To build Samba with python2 you *must* set the 'PYTHON' environment
+variable for both the 'configure' and 'make' steps, i.e.
+ 'PYTHON=python2 ./configure'
+ 'PYTHON=python2 make'
+This will override the python3 default.
+
+Except for this specific build-time use of python2, Samba now requires
+Python 3.4 as a minimum.
+
smb.conf changes
================
-------------- ----------- -------
web port Removed
+ fruit:zero_file_id Changed default False
KNOWN ISSUES