Major new features:
-------------------
-1) Active Directory support. This release is able to join a ADS realm
- as a member server and authenticate users using LDAP/kerberos.
+1) Active Directory support. Samba 3.0 is now able to
+ to join a ADS realm as a member server and authenticate
+ users using LDAP/Kerberos.
2) Unicode support. Samba will now negotiate UNICODE on the wire and
internally there is now a much better infrastructure for multi-byte
completely rewritten. An internal database now stores mangling maps
persistently. This needs lots of testing.
-5) New "net" command. A new "net" command has been added. It is
- somewhat similar to the "net" command in windows. Eventually we
- plan to replace a bunch of other utilities (such as smbpasswd)
- with subcommands in "net", at the moment only a few things are
- implemented.
+5) A new "net" command has been added. It is somewhat similar to
+ the "net" command in windows. Eventually we plan to replace
+ numerous other utilities (such as smbpasswd) with subcommands
+ in "net".
6) Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
7) Better Windows 2000/XP/2003 printing support including publishing
- printer attributes in active directory
+ printer attributes in active directory.
-8) New loadable RPC modules
+8) New loadable RPC modules.
-9) New dual-daemon winbindd support (-B) for better performance
+9) New dual-daemon winbindd support (-B) for better performance.
10) Support for migrating from a Windows NT 4.0 domain to a Samba
- domain and maintaining user, group and domain SIDs
+ domain and maintaining user, group and domain SIDs.
11) Support for establishing trust relationships with Windows NT 4.0
- domain controllers
+ domain controllers.
12) Initial support for a distributed Winbind architecture using
- an LDAP directory for storing SID to uid/gid mappings
+ an LDAP directory for storing SID to uid/gid mappings.
13) Major updates to the Samba documentation tree.
1) Rework our smb signing code again, this factors out some of
the common MAC calculation code, and now supports multiple
- outstanding packets (bug #40)
+ outstanding packets (bug #40).
2) Enforce 'client plaintext auth', 'client lanman auth' and 'client
- ntlmv2 auth'
-3) Correct timestamp problem on 64-bit machines (bug #140)
+ ntlmv2 auth'.
+3) Correct timestamp problem on 64-bit machines (bug #140).
4) Add extra debugging statements to winbindd for tracking down
- failures
-5) Fix bug when aliased 'winbind uid/gid' parameters are used
- ('winbind uid/gid' are now replaced with 'idmap uid/gid')
+ failures.
+5) Fix bug when aliased 'winbind uid/gid' parameters are used.
+ ('winbind uid/gid' are now replaced with 'idmap uid/gid').
6) Added an auth flag that indicates if we should be allowed
- to fall back to NTLMSSP for SASL if krb5 fails
+ to fall back to NTLMSSP for SASL if krb5 fails.
7) Fixed the bug that forced us not to use the winbindd cache when
- we have a primary ADS domain and a secondary (trusted) NT4 domain.
-8) Use lp_realm() to find the default realm for 'net ads password'
-9) Removed editreg from standard build until it is portable.
-10) Fix domain membership for servers not running winbindd
+ we have a primary ADS domain and a secondary (trusted) NT4
+ domain.
+8) Use lp_realm() to find the default realm for 'net ads password'.
+9) Removed editreg from standard build until it is portable..
+10) Fix domain membership for servers not running winbindd.
11) Correct race condition in determining the high water mark
- in the idmap backend (bug #181)
+ in the idmap backend (bug #181).
12) Set the user's primary unix group from usrmgr.exe (partial
- fix for bug #45)
-13) Show comments when doing 'net group -l' (bug #3)
+ fix for bug #45).
+13) Show comments when doing 'net group -l' (bug #3).
14) Add trivial extension to 'net' to dump current local idmap
- and restore mappings as well
+ and restore mappings as well.
15) Modify 'net rpc vampire' to add new and existing users to
both the idmap and the SAM. This code needs further testing.
-16) Fix crash bug in ADS searches
-17) Build libnss_wins.so as part of nsswitch target (bug #160)
+16) Fix crash bug in ADS searches.
+17) Build libnss_wins.so as part of nsswitch target (bug #160).
18) Make net rpc vampire return an error if the sam sync RPC
- returns an error
+ returns an error.
19) Fail to join an NT 4 domain as a BDC if a workstation account
- using our name exists
+ using our name exists.
20) Fix various memory leaks in server and client code
21) Remove the short option to --set-auth-user for wbinfo (-A) to
- prevent confusion with the -a option (bug #158)
-22) Added new 'map acl inherit' parameter
-23) Removed unused 'privileges' code from group mapping database
-24) Don't segfault on empty passdb backend list (bug #136)
-25) Fixed acl sorting algorithm for Windows 2000 clients
+ prevent confusion with the -a option (bug #158).
+22) Added new 'map acl inherit' parameter.
+23) Removed unused 'privileges' code from group mapping database.
+24) Don't segfault on empty passdb backend list (bug #136).
+25) Fixed acl sorting algorithm for Windows 2000 clients.
26) Replace universal group cache with netsamlogon_cache
- from APPLIANCE_HEAD branch
+ from APPLIANCE_HEAD branch.
27) Fix autoconf detection issues surrounding --with-ads=yes
- but no Krb5 header files installed (bug #152)
+ but no Krb5 header files installed (bug #152).
28) Add LDAP lookup for domain sequence number in case we are
- joined using NT4 protocols to a native mode AD domain
+ joined using NT4 protocols to a native mode AD domain.
29) Fix backend method selection for trusted NT 4 (or 2k
- mixed mode) domains
+ mixed mode) domains.
30) Fixed bug that caused us to enumerate domain local groups
- from native mode AD domains other than our own
+ from native mode AD domains other than our own.
31) Correct group enumeration for viewing in the Windows
- security tab (bug #110)
-32) Consolidate the DC location code
+ security tab (bug #110).
+32) Consolidate the DC location code.
33) Moved 'ads server' functionality into 'password server' for
- backwards compatibility
-34) Fix winbindd_idmap tdb upgrades from a 2.2 installation
+ backwards compatibility.
+34) Fix winbindd_idmap tdb upgrades from a 2.2 installation.
( if you installed beta1, be sure to
- 'mv idmap.tdb winbindd_idmap.tdb' )
+ 'mv idmap.tdb winbindd_idmap.tdb' ).
35) Fix pdb_ldap segfaults, and wrong default values for
- ldapsam_compat
+ ldapsam_compat.
36) Enable negative connection cache for winbindd's ADS backend
- functions
+ functions.
37) Enable address caching for active directory DC's so we don't
- have to hit DNS so much
+ have to hit DNS so much.
38) Fix bug in idmap code that caused mapping to randomly be
- redefined
+ redefined.
39) Add tdb locking code to prevent race condition when adding a
- new mapping to idmap
+ new mapping to idmap.
40) Fix 'map to guest = bad user' when acting as a PDC supporting
- trust relationships
+ trust relationships.
41) Prevent deadlock issues when running winbindd on a Samba PDC
to handle allocating uids & gids for trusted users and groups
-42) added LOCALE patch from Steve Langasek (bug #122)
+42) added LOCALE patch from Steve Langasek (bug #122).
43) Add the 'guest' passdb backend automatically to the end of
the 'passdb backend' list if 'guest account' has a valid
username.
45) Match Windows NT4/2k behavior when authenticating a user with
and unknown domain (default to our domain if we are a DC or
domain member; default to our local name if we are a
- standalone server)
+ standalone server).
46) Fix Get_Pwnam() to always fall back to lookup 'user' if the
'DOMAIN\user' lookup fails. This matches 2.2. behavior.
47) Fix the trustdom_cache code to update the list of trusted
domains when operating as a domain member and not using
- winbindd
+ winbindd.
48) Remove 'nisplussam' passdb backend since it has suffered for
- too long without a maintainer
+ too long without a maintainer.
########################
This section is provided to help administrators understand the details
-involved with upgrading a Samba 2.2 server to Samba 3.0
+involved with upgrading a Samba 2.2 server to Samba 3.0.
Building