Release Announcements ==================== This is the second release candidate of Samba 4.18.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.18 will be the next version of the Samba suite. UPGRADING ======== NEW FEATURES/CHANGES =================== More succinct samba-tool error messages --------------------------------------- Historically samba-tool has reported user error or misconfiguration by means of a Python traceback, showing you where in its code it noticed something was wrong, but not always exactly what is amiss. Now it tries harder to identify the true cause and restrict its output to describing that. Particular cases include: ?* a username or password is incorrect ?* an ldb database filename is wrong (including in smb.conf) ?* samba-tool dns: various zones or records do not exist ?* samba-tool ntacl: certain files are missing ?* the network seems to be down ?* bad --realm or --debug arguments Accessing the old samba-tool messages ------------------------------------- This is not new, but users are reminded they can get the full Python stack trace, along with other noise, by using the argument '-d3'. This may be useful when searching the web. The intention is that when samba-tool encounters an unrecognised problem (especially a bug), it will still output a Python traceback. If you encounter a problem that has been incorrectly identified by samba-tool, please report it on https://bugzilla.samba.org. Colour output with samba-tool --color ------------------------------------- For some time a few samba-tool commands have had a --color=yes|no|auto option, which determines whether the command outputs ANSI colour codes. Now all samba-tool commands support this option, which now also accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no', and 'tty' and 'if-tty' for 'auto' (this more closely matches convention). With --color=auto, or when --color is omitted, colour codes are only used when output is directed to a terminal. Most commands have very little colour in any case. For those that already used it, the defaults have changed slightly. ?* samba-tool drs showrepl: default is now 'auto', not 'no' ?* samba-tool visualize: the interactions between --color-scheme, ?? --color, and --output have changed slightly. When --color-scheme is ?? set it overrides --color for the purpose of the output diagram, but ?? not for other output like error messages. New samba-tool dsacl subcommand for deleting ACES ------------------------------------------------- The samba-tool dsacl tool can now delete entries in directory access control lists. The interface for 'samba-tool dsacl delete' is similar to that of 'samba-tool dsacl set', with the difference being that the ACEs described by the --sddl argument are deleted rather than added. No colour with NO_COLOR environment variable -------------------------------------------- With both samba-tool --color=auto (see above) and some other places where we use ANSI colour codes, the NO_COLOR environment variable will disable colour output. See https://no-color.org/ for a description of this variable. `samba-tool --color=always` will use colour regardless of NO_COLOR. New wbinfo option --change-secret-at ------------------------------------ The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER> which forces the trust account password to be changed at a specified domain controller. If the specified domain controller cannot be contacted the password change fails rather than trying other DCs. New option to change the NT ACL default location ------------------------------------------------ Usually the NT ACLs are stored in the security.NTACL extended attribute (xattr) of files and directories. The new "acl_xattr:security_acl_name" option allows to redefine the default location. The default "security.NTACL" is a protected location, which means the content of the security.NTACL attribute is not accessible from normal users outside of Samba. When this option is set to use a user-defined value, e.g. user.NTACL then any user can potentially access and overwrite this information. The module prevents access to this xattr over SMB, but the xattr may still be accessed by other means (eg local access, SSH, NFS). This option must only be used when this consequence is clearly understood and when specific precautions are taken to avoid compromising the ACL content. Azure Active Directory / Office365 synchronisation improvements -------------------------------------------------------------- Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment. REMOVED FEATURES =============== smb.conf changes =============== ? Parameter Name????????????????????????? Description???? Default ? --------------????????????????????????? -----------???? ------- ? acl_xattr:security_acl_name???????????? New security.NTACL CHANGES SINCE 4.18.0rc1 ====================== o? Andrew Bartlett <abartlet at samba.org> ?? * BUG 10635: Office365 azure Password Sync not working. o? Stefan Metzmacher <metze at samba.org> ?? * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. o? Noel Power <noel.power at suse.com> ?? * BUG 15293: With clustering enabled samba-bgqd can core dump due to use ???? after free. KNOWN ISSUES =========== https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical:matrix.org matrix room, or #samba-technical IRC channel on irc.libera.chat If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored.? All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620).? The source code can be downloaded from: ??????? https://download.samba.org/pub/samba/rc/ The release notes are available online at: https://download.samba.org/pub/samba/rc/samba-4.18.0rc2.WHATSNEW.txt Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) ??????????????????????? --Enjoy ??????????????????????? The Samba Team
Simon FONTENEAU
2023-Feb-02 11:24 UTC
[Samba] [Announce] Samba 4.18.0rc2 Available for Download
Hello Is it possible to have more details on "Azure Active Directory / Office365 synchronisation improvements " ? I started working on something here : https://github.com/sfonteneau/AzureADConnect_Samba4 (WIP) To activate a pure python synchronization without windows server. Couldn't that be necessary anymore? Simon Fonteneau Le 01/02/2023 ? 18:50, Jule Anger via samba a ?crit?:> Release Announcements > ====================> > This is the second release candidate of Samba 4.18.? This is *not* > intended for production environments and is designed for testing > purposes only.? Please report any defects via the Samba bug reporting > system at https://bugzilla.samba.org/. > > Samba 4.18 will be the next version of the Samba suite. > > > UPGRADING > ========> > > NEW FEATURES/CHANGES > ===================> > More succinct samba-tool error messages > --------------------------------------- > > Historically samba-tool has reported user error or misconfiguration by > means of a Python traceback, showing you where in its code it noticed > something was wrong, but not always exactly what is amiss. Now it > tries harder to identify the true cause and restrict its output to > describing that. Particular cases include: > > ?* a username or password is incorrect > ?* an ldb database filename is wrong (including in smb.conf) > ?* samba-tool dns: various zones or records do not exist > ?* samba-tool ntacl: certain files are missing > ?* the network seems to be down > ?* bad --realm or --debug arguments > > Accessing the old samba-tool messages > ------------------------------------- > > This is not new, but users are reminded they can get the full Python > stack trace, along with other noise, by using the argument '-d3'. > This may be useful when searching the web. > > The intention is that when samba-tool encounters an unrecognised > problem (especially a bug), it will still output a Python traceback. > If you encounter a problem that has been incorrectly identified by > samba-tool, please report it on https://bugzilla.samba.org. > > Colour output with samba-tool --color > ------------------------------------- > > For some time a few samba-tool commands have had a --color=yes|no|auto > option, which determines whether the command outputs ANSI colour > codes. Now all samba-tool commands support this option, which now also > accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no', > and 'tty' and 'if-tty' for 'auto' (this more closely matches > convention). With --color=auto, or when --color is omitted, colour > codes are only used when output is directed to a terminal. > > Most commands have very little colour in any case. For those that > already used it, the defaults have changed slightly. > > ?* samba-tool drs showrepl: default is now 'auto', not 'no' > > ?* samba-tool visualize: the interactions between --color-scheme, > ?? --color, and --output have changed slightly. When --color-scheme is > ?? set it overrides --color for the purpose of the output diagram, but > ?? not for other output like error messages. > > New samba-tool dsacl subcommand for deleting ACES > ------------------------------------------------- > > The samba-tool dsacl tool can now delete entries in directory access > control lists. The interface for 'samba-tool dsacl delete' is similar > to that of 'samba-tool dsacl set', with the difference being that the > ACEs described by the --sddl argument are deleted rather than added. > > No colour with NO_COLOR environment variable > -------------------------------------------- > > With both samba-tool --color=auto (see above) and some other places > where we use ANSI colour codes, the NO_COLOR environment variable will > disable colour output. See https://no-color.org/ for a description of > this variable. `samba-tool --color=always` will use colour regardless > of NO_COLOR. > > New wbinfo option --change-secret-at > ------------------------------------ > > The wbinfo command has a new option, --change-secret-at=<DOMAIN > CONTROLLER> > which forces the trust account password to be changed at a specified > domain > controller. If the specified domain controller cannot be contacted the > password change fails rather than trying other DCs. > > New option to change the NT ACL default location > ------------------------------------------------ > > Usually the NT ACLs are stored in the security.NTACL extended > attribute (xattr) of files and directories. The new > "acl_xattr:security_acl_name" option allows to redefine the default > location. The default "security.NTACL" is a protected location, which > means the content of the security.NTACL attribute is not accessible > from normal users outside of Samba. When this option is set to use a > user-defined value, e.g. user.NTACL then any user can potentially > access and overwrite this information. The module prevents access to > this xattr over SMB, but the xattr may still be accessed by other > means (eg local access, SSH, NFS). This option must only be used when > this consequence is clearly understood and when specific precautions > are taken to avoid compromising the ACL content. > > Azure Active Directory / Office365 synchronisation improvements > -------------------------------------------------------------- > > Use of the Azure AD Connect cloud sync tool is now supported for > password hash synchronisation, allowing Samba AD Domains to synchronise > passwords with this popular cloud environment. > > REMOVED FEATURES > ===============> > > smb.conf changes > ===============> > ? Parameter Name????????????????????????? Description???? Default > ? --------------????????????????????????? -----------???? ------- > ? acl_xattr:security_acl_name???????????? New security.NTACL > > > CHANGES SINCE 4.18.0rc1 > ======================> > o? Andrew Bartlett <abartlet at samba.org> > ?? * BUG 10635: Office365 azure Password Sync not working. > > o? Stefan Metzmacher <metze at samba.org> > ?? * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. > > o? Noel Power <noel.power at suse.com> > ?? * BUG 15293: With clustering enabled samba-bgqd can core dump due > to use > ???? after free. > > > KNOWN ISSUES > ===========> > https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs > > > > ####################################### > Reporting bugs & Development Discussion > ####################################### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical:matrix.org matrix room, or > #samba-technical IRC channel on irc.libera.chat > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored.? All bug reports should > be filed under the Samba 4.1 and newer product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > =====================================================================> == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > =====================================================================> > > ===============> Download Details > ===============> > The uncompressed tarballs and patch files have been signed > using GnuPG (ID AA99442FB680B620).? The source code can be downloaded > from: > > ??????? https://download.samba.org/pub/samba/rc/ > > The release notes are available online at: > > https://download.samba.org/pub/samba/rc/samba-4.18.0rc2.WHATSNEW.txt > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > ??????????????????????? --Enjoy > ??????????????????????? The Samba Team >
Michael Tokarev
2023-Feb-03 12:08 UTC
[Samba] [Announce] Samba 4.18.0rc2 Available for Download
FWIW, test packages of samba 4.18.0rc2 for debian and ubuntu are available at the usual location, http://www.corpit.ru/mjt/packages/samba/ , and also in debian experimental, - on the same day the original announce has been posted. /mjt