Release Announcements
=====================
-This is the first preview release of Samba 4.8. This is *not*
+This is the first preview release of Samba 4.12. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
-Samba 4.8 will be the next version of the Samba suite.
+Samba 4.12 will be the next version of the Samba suite.
UPGRADING
NEW FEATURES/CHANGES
====================
-Using x86_64 Accelerated AES Crypto Instructions
-================================================
+Python 3.5 Required
+-------------------
-Samba on x86_64 can now be configured to use the Intel accelerated AES
-instruction set, which has the potential to make SMB3 signing and
-encryption much faster on client and server. To enable this, configure
-Samba using the new option --accel-aes=intelaesni.
+Samba's minimum runtime requirement for python was raised to Python
+3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python
+3.5 both to access new features and because this is the oldest version
+we test with in our CI infrastructure.
-This is a temporary solution that is being included to allow users
-to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
-but the longer-term solution will be to move Samba to a fully supported
-external crypto library.
+(Build time support for the file server with Python 2.6 has not
+changed)
-The third_party/aesni-intel code will be removed from Samba as soon as
-external crypto library performance reaches parity.
+GnuTLS 3.4.7 required
+---------------------
-The default is to build without setting --accel-aes, which uses the
-existing Samba software AES implementation.
+Samba is making efforts to remove in-tree cryptographic functionality,
+and to instead rely on externally maintained libraries. To this end,
+Samba has chosen GnuTLS as our standard cryptographic provider.
-smb.conf changes
-================
+Samba now requires GnuTLS 3.4.7 to be installed (including development
+headers at build time) for all configurations, not just the Samba AD
+DC.
+
+Using GnuTLS for SMB3 encryption you will notice huge performance and copy
+speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
+show a 3x speed improvement for writing and a 2.5x speed improvement for reads!
+
+NOTE WELL: The use of GnuTLS means that Samba will honour the
+system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
+standard) and so will not operate in many still common situations if
+this system-wide parameter is in effect, as many of our protocols rely
+on outdated cryptography.
- Parameter Name Description Default
- -------------- ----------- -------
+A future Samba version will mitigate this to some extent where good
+cryptography effectively wraps bad cryptography, but for now that above
+applies.
-NT4-style replication based net commands removed
-================================================
-The following commands and sub-commands have been removed from the
-"net" utility:
+REMOVED FEATURES
+================
+
+BIND9_FLATFILE deprecated
+-------------------------
-net rpc samdump
-net rpc vampire ldif
+The BIND9_FLATFILE DNS backend is deprecated in this release and will
+be removed in the future. This was only practically useful on a single
+domain controller or under expert care and supervision.
-Also, replicating from a real NT4 domain with "net rpc vampire" and
-"net rpc vampire keytab" has been removed.
+This release removes the "rndc command" smb.conf parameter, which
+supported this configuration by writing out a list of DCs permitted to
+make changes to the DNS Zone and nudging the 'named' server if a new
+DC was added to the domain. Administrators using BIND9_FLATFILE will
+need to maintain this manually from now on.
-The NT4-based commands were accidentially broken in 2013, and nobody
-noticed the breakage. So instead of fixing them including tests (which
-would have meant writing a server for the protocols, which we don't
-have) we decided to remove them.
+smb.conf changes
+================
-For the same reason, the "samsync", "samdeltas" and "database_redo"
-commands have been removed from rpcclient.
+ Parameter Name Description Default
+ -------------- ----------- -------
-"net rpc vampire keytab" from Active Directory domains continues to be
-supported.
+ nfs4:acedup Changed default merge
+ rndc command Removed
KNOWN ISSUES
============
-https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.8#Release_blocking_bugs
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.12#Release_blocking_bugs
#######################################
git.samba.org / metze / samba / wip.git / blobdiff