-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================
I'm thinking with sand here!
-- JFK in "Bubba Ho-Tep"
=============================================================Release
Announcements
====================
This is the first production release of the Samba 3.0.25 code
base and is the version that servers should be run for for all
current bug fixes.
The 3.0.25 release is an upgrade release over the 3.0.23/3.0.24
series which means that a substantial amount of development has
occurred and many new features have been added since the last
Samba production release. We would like to thank everyone in
the Samba community that help to test the preview snapshots and
release candidates. We believe that the this production release
is in much better shape due to your help.
Major features included in the 3.0.25 code base include:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running side
by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
Off-line Logons and AD Site Support
==================================
Winbind's capability to support offline logons has been greatly
improved with the 3.0.25 release including support for locating
domain controllers asynchronously using Active Directory Site
information.
New IdMap Interface for Winbindd
===============================
The 3.0.25 release of Samba includes a rewritten IdMap interface
for winbindd which replaces the "idmap backend" parameter. Please
refer to the "idmap domains" description in the smb.conf(5) man
page for more details.
Dynamic DNS Updates
==================
The "net ads join" command is now able to register the host's DNS
A
records with Windows 2000 SP4 and 2003 DNS servers. This
feature must be enabled at compile time using the --with-dnsupdate
when running the ./configure script. There is also a related "net ads
dns" command for refreshing a host's records which could be launched
from a dhcp client script when a new IP address is obtained.
Support for Additional ACL Modules
=================================
Samba's POSIX ACL support has been moved inside of the VFS layer
which means it is now possible to support multiple ACL implementations
on the same server including NFSv4 and GPFS ACLs.
VFS ReadAhead Plugin
===================
Windows Vista introduces pipe-lined read support for improved
performance when transferring files. The new vfs_readahead plugin
allows Linux file servers to utilize additional Kernel buffers
for caching files in order to avoid Disk I/O wait time when serving
Vista clients. If you experience poor read performance between
Linux servers and Vista clients, please test the vfs_readahead
module by adding the following lines to the share definition
in smb.conf:
[file_share]
vfs objects = readahead
Note that this plugin will result in additional RAM requirements
due to the increased amount of kernel buffer caches used by smbd.
Please refer to vfs_readahead(8) for more information.
Windows Vista, Office 2007, and Offline Files
============================================
Research surrounding offline files, Windows Vista, and Microsoft
Office 2007 has revealed a incompatibility between these
applications and the "map acl inherit = no" setting in smb.conf.
Users requiring support client side caching (csc) and offline
files are encouraged to enable the "map acl inherit" for any
affected share definitions in the server's configuration.
Future versions of Samba will enable this setting by default.
Please refer to the smb.conf(5) man page for more details on
"map acl inherit".
smb.conf Parameter Changes
=========================
Please refer to the smb.conf(5) man page for full details.
Parameter Name Description Default
-------------- ----------- -------
change notify timeout Removed n/a
change notify New Yes
debug prefix timestamp New No
fam change notify Removed n/a
idmap domains New ""
idmap alloc backend New ""
idmap cache time New 900
idmap negative cache time New 120
kernel change notify Per share Yes
lock spin count Removed n/a
max stat cache size Modified 1024KB
printjob username New %U
winbind normalize names New no
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/history/samba-3.0.25.html
Binary packages are available at
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGSGQ/IR7qMdg1EfYRAlQMAJ9ODLvX25RsCLpUS2vT8vpJpIUrgACeLGH/
cugdOBQOOsdRO7Kw/fbvSpY=8I01
-----END PGP SIGNATURE-----
