Gerald (Jerry) Carter
2003-Mar-31 14:53 UTC
[Samba] Samba-3.0alpha23 available on samba.org mirrors
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We've just posted another snapshot of the SAMBA_3_0 cvs tree
for download. This is a non-production release provided for
testing only. Note that this release **does** contain the
security fixes included in the Samba 2.2.8 release.
The source code can be downloaded from :
http://download.samba.org/samba/ftp/alpha/
The uncompressed tarball and patch file have been signed
using GnuPG. The Samba public key is available at
http://download.samba.org/samba/ftp/samba-pubkey.asc
Binary packages for RedHat have been released and can be
found at
http://download.samba.org/samba/ftp/Binary_Packages/
Others will be available as they are submitted by volunteers.
A simplified version of the CVS log of updates since 3.0alpha22
can be found in the the download directory under the name
ChangeLog-3.0alpha22-alpha23. The release notes follow.
As always, all bugs are our responsibility.
--Enjoy
The Samba Team
- ----------------------------------------------------------------
WHATS NEW IN Samba 3.0 alpha23
30th March 2003
=============================
This is a pre-release of Samba 3.0. This is NOT a stable release.
Use at your own risk.
The purpose of this alpha release is to get wider testing of the
major new pieces of code in the current Samba 3.0 development tree.
We have officially ceased development on the 2.2.x release of Samba
and are concentrating on Samba 3.0. To reduce the time before the
final Samba 3.0 release we need as many people as possible to start
testing these alpha releases, and hopefully giving us some high
quality feedback on what needs fixing.
Note that Samba 3.0 is not feature complete yet. There is a more
coding we have planned, but unless we get what we have done already
more widely tested we will have a hard time doing a stable release
in a reasonable time frame.
Major new features:
- -------------------
- - Active Directory support. This release is able to join a ADS realm
as a member server and authenticate users using LDAP/kerberos.
- - Unicode support. Samba will now negotiate UNICODE on the wire and
internally there is now a much better infrastructure for multi-byte
and UNICODE character sets.
- - New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.
- - new filename mangling system. The filename mangling system has been
completely rewritten. An internal database now stores mangling maps
persistently. This needs lots of testing.
- - new "net" command. A new "net" command has been added.
It is
somewhat similar to the "net" command in windows. Eventually we plan
to replace a bunch of other utilities (such as smbpasswd) with
subcommands in "net", at the moment only a few things are
implemented.
- - Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
- - better w2k printing support including publishing printer
attributes in active directory
- - new loadable RPC modules
- - new dual-daemon winbindd support for better performance
- - support for migrating from a Windows NT 4.0 domain
- - support for establishing trust relationships with Windows NT
4.0 domain controllers
Plus lots of other changes!
Reporting bugs & Development Discussion
- ---------------------------------------
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.
Changes in alpha23:
- -------------------
LDAP Group Mapping
------------------
pdbedit -i -e sets all SAM_ACCOUNT elements to CHANGED to
satisfy the new pdb_ldap.c handling. pdbedit -g transfers group
mappings. I made this separate from the user database, as current
installations have to live with a split backend. So, if you are
running 3_0 alphas with LDAP as a backend and upgrade to 3.0alpha23,
you must call
root# pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
All groups must be represented as posixGroup objects in
the directory and you must adapt your LDAP schema to support the
sambaGroupMapping before running this command. Refer to
examples/LDAP/samba.schema for details on the objectclass.
Parameters
----------
Modified Parameters (see smb.conf(5) for details):
* passdb backend
Added Parameters
* ldap del only sam attr
* ldap delete dn
ChangeLog
---------
See cvs log for SAMBA_3_0 for complete details. There are many
smaller numerous changes that would clutter the release notes.
0) Include security fix from Samba 2.2.8
1) Fix interop bug in tconX on port 445 with Windows 2000
2) Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or
SMB_ACL_OTHER as "preserve current value" instead of attempting
to build one ourself.
3) Rearrange set_nt_acl() such that chown is only done before
setting ACLs if there is either no change of owning user, or
change of owning user is towards the current user. Otherwise
chown is done after setting ACLs.
4) Continuing work on NTLMSSP-based SMB signing
5) When opening an existing TDB, don't require the hash_size
specified to the open call to be the same as that of the
existing tdb. The specified hash_size is only used if the
tdb needs to be (re)created.
6) Add support for "WinXP" and "Win2K3" client
architectures.
7) Fixed the unmarshalling of the queryaliasmem SAMR call
8) Windows 2000 can take much longer than the specified time to
respond to a lock - so to make the torture tests valid I give
it a grace time of 10 seconds instead of 2
9) Continued work on string handling paranoia
10) Merge new statcache.c from HEAD
11) Add new 'net ads dn' option
12) Sync up SessionSetup code to HEAD, including Luke Howard's
session key and auth verifier patches
13) Work on cleaning up winbindd's mutex locking
14) Add support for LDAP based Windows group mapping
15) Improve LDAP update routines
16) Fix memory leaks found by Valgrind
17) Add a 'privileged' mode to Winbindd
18) Work around platforms that have broken getgrnam() implementations
19) Merge real time signal fixes for kernel oplock code from HEAD
20) Fix CIDR hosts allow/deny notation
21) Fixup tcon&X server responses and error codes
22) Set domain for users in passdb created by "net rpc vampire"
23) More scalable printing updates
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+iFZ0IR7qMdg1EfYRAvmAAJ9p85WrRDbJz4etbUW3odRy729iEwCePiRE
LdGaV/PfvrJDEmMCqw8oD0c=etmn
-----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2003-Mar-31 14:53 UTC
Samba-3.0alpha23 available on samba.org mirrors
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We''ve just posted another snapshot of the SAMBA_3_0 cvs tree
for download. This is a non-production release provided for
testing only. Note that this release **does** contain the
security fixes included in the Samba 2.2.8 release.
The source code can be downloaded from :
http://download.samba.org/samba/ftp/alpha/
The uncompressed tarball and patch file have been signed
using GnuPG. The Samba public key is available at
http://download.samba.org/samba/ftp/samba-pubkey.asc
Binary packages for RedHat have been released and can be
found at
http://download.samba.org/samba/ftp/Binary_Packages/
Others will be available as they are submitted by volunteers.
A simplified version of the CVS log of updates since 3.0alpha22
can be found in the the download directory under the name
ChangeLog-3.0alpha22-alpha23. The release notes follow.
As always, all bugs are our responsibility.
--Enjoy
The Samba Team
- ----------------------------------------------------------------
WHATS NEW IN Samba 3.0 alpha23
30th March 2003
=============================
This is a pre-release of Samba 3.0. This is NOT a stable release.
Use at your own risk.
The purpose of this alpha release is to get wider testing of the
major new pieces of code in the current Samba 3.0 development tree.
We have officially ceased development on the 2.2.x release of Samba
and are concentrating on Samba 3.0. To reduce the time before the
final Samba 3.0 release we need as many people as possible to start
testing these alpha releases, and hopefully giving us some high
quality feedback on what needs fixing.
Note that Samba 3.0 is not feature complete yet. There is a more
coding we have planned, but unless we get what we have done already
more widely tested we will have a hard time doing a stable release
in a reasonable time frame.
Major new features:
- -------------------
- - Active Directory support. This release is able to join a ADS realm
as a member server and authenticate users using LDAP/kerberos.
- - Unicode support. Samba will now negotiate UNICODE on the wire and
internally there is now a much better infrastructure for multi-byte
and UNICODE character sets.
- - New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.
- - new filename mangling system. The filename mangling system has been
completely rewritten. An internal database now stores mangling maps
persistently. This needs lots of testing.
- - new "net" command. A new "net" command has been added.
It is
somewhat similar to the "net" command in windows. Eventually we plan
to replace a bunch of other utilities (such as smbpasswd) with
subcommands in "net", at the moment only a few things are
implemented.
- - Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
- - better w2k printing support including publishing printer
attributes in active directory
- - new loadable RPC modules
- - new dual-daemon winbindd support for better performance
- - support for migrating from a Windows NT 4.0 domain
- - support for establishing trust relationships with Windows NT
4.0 domain controllers
Plus lots of other changes!
Reporting bugs & Development Discussion
- ---------------------------------------
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don''t provide vital information to help us track down
the problem then you will probably be ignored.
Changes in alpha23:
- -------------------
LDAP Group Mapping
------------------
pdbedit -i -e sets all SAM_ACCOUNT elements to CHANGED to
satisfy the new pdb_ldap.c handling. pdbedit -g transfers group
mappings. I made this separate from the user database, as current
installations have to live with a split backend. So, if you are
running 3_0 alphas with LDAP as a backend and upgrade to 3.0alpha23,
you must call
root# pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
All groups must be represented as posixGroup objects in
the directory and you must adapt your LDAP schema to support the
sambaGroupMapping before running this command. Refer to
examples/LDAP/samba.schema for details on the objectclass.
Parameters
----------
Modified Parameters (see smb.conf(5) for details):
* passdb backend
Added Parameters
* ldap del only sam attr
* ldap delete dn
ChangeLog
---------
See cvs log for SAMBA_3_0 for complete details. There are many
smaller numerous changes that would clutter the release notes.
0) Include security fix from Samba 2.2.8
1) Fix interop bug in tconX on port 445 with Windows 2000
2) Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or
SMB_ACL_OTHER as "preserve current value" instead of attempting
to build one ourself.
3) Rearrange set_nt_acl() such that chown is only done before
setting ACLs if there is either no change of owning user, or
change of owning user is towards the current user. Otherwise
chown is done after setting ACLs.
4) Continuing work on NTLMSSP-based SMB signing
5) When opening an existing TDB, don''t require the hash_size
specified to the open call to be the same as that of the
existing tdb. The specified hash_size is only used if the
tdb needs to be (re)created.
6) Add support for "WinXP" and "Win2K3" client
architectures.
7) Fixed the unmarshalling of the queryaliasmem SAMR call
8) Windows 2000 can take much longer than the specified time to
respond to a lock - so to make the torture tests valid I give
it a grace time of 10 seconds instead of 2
9) Continued work on string handling paranoia
10) Merge new statcache.c from HEAD
11) Add new ''net ads dn'' option
12) Sync up SessionSetup code to HEAD, including Luke Howard''s
session key and auth verifier patches
13) Work on cleaning up winbindd''s mutex locking
14) Add support for LDAP based Windows group mapping
15) Improve LDAP update routines
16) Fix memory leaks found by Valgrind
17) Add a ''privileged'' mode to Winbindd
18) Work around platforms that have broken getgrnam() implementations
19) Merge real time signal fixes for kernel oplock code from HEAD
20) Fix CIDR hosts allow/deny notation
21) Fixup tcon&X server responses and error codes
22) Set domain for users in passdb created by "net rpc vampire"
23) More scalable printing updates
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+iFZ0IR7qMdg1EfYRAvmAAJ9p85WrRDbJz4etbUW3odRy729iEwCePiRE
LdGaV/PfvrJDEmMCqw8oD0c=etmn
-----END PGP SIGNATURE-----