diff options
author | Gerald Carter <jerry@samba.org> | 2003-06-07 17:03:18 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-06-07 17:03:18 +0000 |
commit | 0710b63b28004eea4bc50fa9d99dec48686cdc6a (patch) | |
tree | ccd3da9b0a9b2ca5959eda7963b51ebaed8fcdd0 | |
parent | 9adef8d420e952afb9273b1c75075a7176bc5455 (diff) | |
download | samba-0710b63b28004eea4bc50fa9d99dec48686cdc6a.tar.gz |
intermediate check-in #2 just to be safe; not done
-rw-r--r-- | WHATSNEW.txt | 207 |
1 files changed, 150 insertions, 57 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a6b6d2316ea..0f3eff20a6e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -21,66 +21,65 @@ the section on "Known Issues" for more details. Major new features: ------------------- -- Active Directory support. This release is able to join a ADS realm - as a member server and authenticate users using LDAP/kerberos. +1) Active Directory support. This release is able to join a ADS realm + as a member server and authenticate users using LDAP/kerberos. -- Unicode support. Samba will now negotiate UNICODE on the wire and - internally there is now a much better infrastructure for multi-byte - and UNICODE character sets. +2) Unicode support. Samba will now negotiate UNICODE on the wire and + internally there is now a much better infrastructure for multi-byte + and UNICODE character sets. -- New authentication system. The internal authentication system has - been almost completely rewritten. Most of the changes are internal, - but the new auth system is also very configurable. +3) New authentication system. The internal authentication system has + been almost completely rewritten. Most of the changes are internal, + but the new auth system is also very configurable. -- new filename mangling system. The filename mangling system has been - completely rewritten. An internal database now stores mangling maps - persistently. This needs lots of testing. +4) New filename mangling system. The filename mangling system has been + completely rewritten. An internal database now stores mangling maps + persistently. This needs lots of testing. -- new "net" command. A new "net" command has been added. It is - somewhat similar to the "net" command in windows. Eventually we plan - to replace a bunch of other utilities (such as smbpasswd) with - subcommands in "net", at the moment only a few things are - implemented. +5) New "net" command. A new "net" command has been added. It is + somewhat similar to the "net" command in windows. Eventually we + plan to replace a bunch of other utilities (such as smbpasswd) + with subcommands in "net", at the moment only a few things are + implemented. -- Samba now negotiates NT-style status32 codes on the wire. This - improves error handling a lot. +6) Samba now negotiates NT-style status32 codes on the wire. This + improves error handling a lot. -- better w2k printing support including publishing printer attributes - in active directory +7) Better Windows 2000/XP/2003 printing support including publishing + printer attributes in active directory -- new loadable RPC modules +8) New loadable RPC modules -- new dual-daemon winbindd support for better performance +9) New dual-daemon winbindd support (-B) for better performance -- support for migrating from a Windows NT 4.0 domain +10) Support for migrating from a Windows NT 4.0 domain to a Samba + domain and maintaining user, group and domain SIDs -- support for establishing trust relationships with Windows NT 4.0 - domain controllers +11) Support for establishing trust relationships with Windows NT 4.0 + domain controllers -- Initial support for a distributed winbind architecture using - an LDAP directory for storing SID to uid/gid mappings - -Plus lots of other changes! - +12) Initial support for a distributed winbind architecture using + an LDAP directory for storing SID to uid/gid mappings + +13) Major updates to the Samba documentation tree. -Reporting bugs & Development Discussion ---------------------------------------- +Plus lots of other improvements! -Please discuss this release on the samba-technical mailing list or by -joining the #samba-technical IRC channel on irc.freenode.net. -If you do report problems then please try to send high quality -feedback. If you don't provide vital information to help us track down -the problem then you will probably be ignored. +Additional Documentation +------------------------ -A new bugzilla installation has been established to help support the -Samba 3.0 community of users. This server, located at -https://bugzilla.samba.org/, will replace the existing jitterbug server -and the old http://bugs.samba.org now points to the new bugzilla server. +Please refer to Samba documentation tree (including in the docs/ +subdirectory) for extensive explanations of installing, configuring +and maintaining Samba 3.0 servers and clients. It is advised to +begin with the Samba-HOWTO-Collection for overviews and specific +tasks (the current book is up to approximately 400 pages) and to +refer to the various man pages for information on individual options. +###################################################################### Upgrading from Samba 2.2 ------------------------- +######################## This section is provided to help administrators understand the details involved with upgrading a Samba 2.2 server to Samba 3.0 @@ -228,13 +227,14 @@ New Parameters (new parameters have been grouped by function): Modified Parameters (changes in behavior): - * encrypt passwords - * mangling method + * encrypt passwords (enabled by default) + * mangling method (set to 'hash2' by deault) * passwd chat * passwd program - * restrict anonymous - * strict locking - * winbind cache time + * restrict anonymous (integer value) + * security (new 'ads' value) + * strict locking (enabled by default) + * winbind cache time (increased to 5 minutes) * winbind uid (deprecated in favor of 'idmap uid') * winbind gid (deprecated in favor of 'idmap gid') @@ -242,11 +242,11 @@ Modified Parameters (changes in behavior): Databases --------- -This section contains brief descriptions of any new databases introduced in -Samba 3.0. Please remember to backup your existing ${lock directory}/*tdb -before upgrading to Samba 3.0. Samba will upgrade databases as they are -opened (if necessary), but downgrading from 3.0 to 2.2 is an unsupported -path. +This section contains brief descriptions of any new databases +introduced in Samba 3.0. Please remember to backup your existing +${lock directory}/*tdb before upgrading to Samba 3.0. Samba will +upgrade databases as they are opened (if necessary), but downgrading +from 3.0 to 2.2 is an unsupported path. Name Description Backup? ---- ----------- ------- @@ -272,14 +272,76 @@ registry Read-only samba registry skeleton no Changes in Behavior ------------------- +The following issues are known changes in bahavior between Samba 2.2 and +Samba 3.0 that may affect certain installations of Samba. + 1) When operating as a member of a Windows domain, Samba 2.2 would + map any users authenticated by the remote DC to the 'guest account' + if a uid could not be obtained via the getpwnam() call. Samba 3.0 + rejects the connection as NT_STATUS_LOGON_FAILURE. There is no + current work around to re-establish the 2.2 behavior. + + 2) When adding machines to a Samba 2.2 controlled domain, the + 'add user script' was used to create the UNIX identity of the + machine trust account. Samba 3.0 introduces a new 'add machine + script' that must be specified for this purpose. Samba 3.0 will + not fall back to using the 'add user script' in the absence of + an 'add machine script' + + +###################################################################### +Passdb Backends and Authentication +################################## + +There have been a few new changes that Samba administrators should be +aware of when moving to Samba 3.0. + + 1) encrypted passwords have been enabled by default in order to + interoperate better with out-of-the-box Windows client + installations. This does mean that either (a) a samba account + must be created for each user, or (b) 'encrypt passwords = no' + must be explicitly defined in smb.conf. + + 2) Inclusion of new 'security = ads' option for integration + with an Active Directory domain using the native Windows + Kerberos 5 and LDAP protocols. + +Samba 3.0 also includes the possibility of setting up chains +of authentication methods (auth methods) and account storage +backends (passdb backend). Pleas erefer to the smb.conf(5) +man page for details. While both parameters assume sane default +values, it is likely that you will need to understand what the +values actually mean in order to ensure Samba operates correctly. + +The recommended passdb backends at this time are + + * smbpasswd - 2.2 comatible flat file format + * tdbsam - attribute rich database intended as an smbpasswd + replacement for stand alone servers + * ldapsam - attribute rich account storage and retrieval + backend utilizing an LDAP directory. + * ldapsam_compat - a 2.2 backwards compatible LDAP account + backend + +Certain functions of the smbpasswd(8) tool have been split between the +new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8) +utility. + + +###################################################################### LDAP ----- +#### + +This section outlines the new features affecting Samba / LDAP integration. - A new objectclass (sambaSamAccount) has been introduced to replace the old - sambaAccount. This change aids us in the renaming of attributes to prevent - clashes with attributes from other vendors. There is a conversion script - (examples/LDAP/convertSambaAccount) to modify and LDIF file to the new schema. + New Schema + ---------- + + A new objectclass (sambaSamAccount) has been introduced to replace + the old sambaAccount. This change aids us in the renaming of attributes + to prevent clashes with attributes from other vendors. There is a + conversion script (examples/LDAP/convertSambaAccount) to modify and LDIF + file to the new schema. Example: @@ -297,3 +359,34 @@ LDAP The old sambaAccount schema may still be used by specifying the "ldapsam_compat" passdb backend. + +###################################################################### +Known Issues +############ + +One such limitation that is worth mentioning (and will be corrected +before the actual stable 3.0.0 release is the dead lock problem with +running winbindd on a Samba PDC in order to allocate uids and gids for +users and groups in a trusted domain. When the Samba domain is acting +as the trusted domain to a Windows NT 4.0 domain, there are no known +issues. + +Please refer to https://bugzilla.samba.org/ for a current list of bugs +filed against the Samba 3.0 codebase. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. + +A new bugzilla installation has been established to help support the +Samba 3.0 community of users. This server, located at +https://bugzilla.samba.org/, will replace the existing jitterbug server +and the old http://bugs.samba.org now points to the new bugzilla server. |