WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented

author Andrew Bartlett <abartlet@samba.org>

Thu, 20 Jul 2023 03:01:43 +0000 (15:01 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 21 Jul 2023 01:25:37 +0000 (01:25 +0000)
author Andrew Bartlett <abartlet@samba.org>
Thu, 20 Jul 2023 03:01:43 +0000 (15:01 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 21 Jul 2023 01:25:37 +0000 (01:25 +0000)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 5aa325f6e5f6810ec3b2a613c7d2b4531c37161f..4ff92b8078a3693e74a5b1e19dbe31beff4ea916 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -64,6 +64,14 @@ Kerberos Claims, Authentication Silos and NTLM authentication policies
  An initial, partial implementation of Active Directory Functional
  Level 2012, 2012R2 and 2016 is available in this release.
  
+In particular Samba will issue Active Directory "Claims" in the PAC,
+for member servers that support these, and honour in-directory
+configuration for Authentication Policies and Authentication Silos.
+
+The primary limitation is that while Samba can read and write claims
+in the directory, and populate the PAC, Samba does not yet use them
+for access control decisions.
+
  While we continue to develop these features, existing domains can
  test the feature by selecting the functional level in provision or
  raising the DC functional level by setting
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 20 Jul 2023 03:01:43 +0000 (15:01 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 21 Jul 2023 01:25:37 +0000 (01:25 +0000)