Gerald (Jerry) Carter
2006-Apr-23 11:18 UTC
[Samba] Samba 3.0.23pre1 Available for Download
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================= A revolution without dancing... is a revolution not worth having! -- V =============================================================Release Announcements ====================This is a preview release of the Samba 3.0.23 code base and is provided for testing only. This release is *not* intended for production servers. There has been a substantial amount of development since the 3.0.21 series of stable releases. We would like to ask the Samba community for help in testing these changes as we work towards the next significant production upgrade Samba 3.0 release. There has been a substantial amount of cleanup work done during this development cycle. Two weeks of development time was dedicated to fixing bugs reported by the Coverity source code scans. Details can be found at in the following two articles: http://news.samba.org/#coverity_zero_bugs http://news.samba.org/#zdnet_quick_response New features introduced in 3.0.23pre1 include: o New offline mode in winbindd. o New kerberos support for pam_winbind.so. o New handling of unmapped users and groups. o New non-root share management tools. o Improved support for local and BUILTIN groups. User and Group changes ===================== The user and group internal management routines have been rewritten to prevent overlaps of assigned Relative Identifiers (RIDs). In the past the has been a potential problem when either manually mapping Unix groups with the 'net groupmap' command or when migrating a Windows domain to a Samba domain using 'net rpc vampire'. Unmapped users are now assigned a SID in the S-1-22-1 domain and unmapped groups are assigned a SID in the S-1-22-2 domain. Previously they were assign a RID within the SAM on the Samba server. For a DC this would have been under the authority of the domain SID where as on a member server or standalone host, this would have been under the authority of the local SAM (hint: net getlocalsid). The result is that any unmapped users or groups on an upgraded Samba domain controller may be assigned a new SID. Because the SID rather than a name is stored in Windows security descriptors, this can cause a user to no longer have access to a resource for example if a file was copied from a Samba file server to a local NTFS partition. Any files stored on the Samba server itself will continue to be accessible because Unix stores the Unix gid and not the SID for authorization checks. A further example will help illustrate the change. Assume that a group named 'developers' exists with a Unix gid of 782 but this user does not exist in Samba's group mapping table. it would be perfectly normal for this group to be appear in an ACL editor. Prior to 3.0.23, the group SID might appear as S-1-5-21-647511796-4126122067-3123570092-2565. With 3.0.23, the group SID would be reported as S-1-22-2-782. Any security descriptors associated with files stored on an NTFS disk partition would not allow access based on the group permissions if the user was not a member of the S-1-5-21-647511796-4126122067-3123570092-2565 group. Because this group SID not reported in a user's token is S-1-22-2-782, Windows would fail the authorization check even though both SIDs in some respect referred to the same Unix group. The current workaround is to create a manual domain group mapping entry for the group 'developers' to point at the S-1-5-21-647511796-4126122067-3123570092-2565 SID. LDAP Changes =========== There has also been a minor update the Samba LDAP schema file. A substring matching rule has been added to the sambaSID attribute definition. For OpenLDAP servers, this will require the addition of 'index sambaSID sub' to the slapd.conf configuration file. It will be necessary to run slapindex after making this change. There has been no change to actual data storage schema. ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 157BC95E). The source code can be downloaded from: http://download.samba.org/samba/ftp/pre/ The release notes are available online at: http://www.samba.org/samba/ftp/pre/WHATSNEW-3-0-23pre1.txt Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFES2JdIR7qMdg1EfYRAn6NAKCKr2ILaF70uDxSKJ0L70Ix68wm5wCgoGRV 3j/+wWaW6Cae/WubFn7FUxA=6J5A -----END PGP SIGNATURE-----
On Sun, Apr 23, 2006 at 06:17:50AM -0500, Gerald Carter wrote: [snip]> Binary packages are available at > > http://download.samba.org/samba/ftp/Binary_Packages/RPM packages of Samba 3.0.23pre1 for all SuSE Linux products are available at ftp://ftp.SuSE.com/pub/projects/samba/pre/ or http://ftp.SuSE.com/pub/projects/samba/pre/ The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/pre/ Starting with this pre/ rc releases we support also for the pre/ rc RPM packages a continous update path. Therefore the pre and rc state is encoded into the RPM release and not into the version. This allows you to update from a stable release to a pre release, from any pre release to a rc release, and finaly to the next stable release. Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to samba-maintainers at SuSE dot de. Or use http://bugzilla.Novell.com with the same assignee instead. For additional information - how to report bugs and which log files are required - see http://en.openSUSE.org/Samba Our customers, our products, our responsibility. Have a lot of fun... Lars M?ller - for the Novell Samba Team -- Lars M?ller [?la?(r)z ?m?l?] Samba Team SuSE Linux, Maxfeldstra?e 5, 90409 N?rnberg, Germany -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20060423/190da9ea/attachment.bin