blob: a6b6d2316ea7639d70fcb9a3b3ae1651d027fa4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
WHATS NEW IN Samba 3.0.0 beta1
June 7 2003
==============================
This is a beta of Samba 3.0. This is a non-production release intended
for testing purposes. Use at your own risk.
The purpose of this beta release is to get wider testing of the major
new pieces of code in the current Samba 3.0 development tree. We have
officially ceased development on the 2.2.x release of Samba and are
concentrating on Samba 3.0. To reduce the time before the final
Samba 3.0 release we need as many people as possible to start testing
these beta releases, and hopefully giving us some high quality feedback
on what needs fixing.
Samba 3.0 is feature complete yet. However there is still some final
work to be done on certain pieces of functionality. Please refer to
the section on "Known Issues" for more details.
Major new features:
-------------------
- Active Directory support. This release is able to join a ADS realm
as a member server and authenticate users using LDAP/kerberos.
- Unicode support. Samba will now negotiate UNICODE on the wire and
internally there is now a much better infrastructure for multi-byte
and UNICODE character sets.
- New authentication system. The internal authentication system has
been almost completely rewritten. Most of the changes are internal,
but the new auth system is also very configurable.
- new filename mangling system. The filename mangling system has been
completely rewritten. An internal database now stores mangling maps
persistently. This needs lots of testing.
- new "net" command. A new "net" command has been added. It is
somewhat similar to the "net" command in windows. Eventually we plan
to replace a bunch of other utilities (such as smbpasswd) with
subcommands in "net", at the moment only a few things are
implemented.
- Samba now negotiates NT-style status32 codes on the wire. This
improves error handling a lot.
- better w2k printing support including publishing printer attributes
in active directory
- new loadable RPC modules
- new dual-daemon winbindd support for better performance
- support for migrating from a Windows NT 4.0 domain
- support for establishing trust relationships with Windows NT 4.0
domain controllers
- Initial support for a distributed winbind architecture using
an LDAP directory for storing SID to uid/gid mappings
Plus lots of other changes!
Reporting bugs & Development Discussion
---------------------------------------
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.
A new bugzilla installation has been established to help support the
Samba 3.0 community of users. This server, located at
https://bugzilla.samba.org/, will replace the existing jitterbug server
and the old http://bugs.samba.org now points to the new bugzilla server.
Upgrading from Samba 2.2
------------------------
This section is provided to help administrators understand the details
involved with upgrading a Samba 2.2 server to Samba 3.0
Building
--------
Many of the options to the GNU autoconf script have been modified
in the 3.0 release. The most noticible are
* removal of --with-tdbsam (is now included by default; see section
on passdb backends and authentication for more details)
* --with-ldapsam is now on used to provided backwards compatible
parameters for LDAP enabled Samba 2.2 servers. Refer to the passdb
backend and authentication section for more details
* inclusion of non-standard passdb modules may be enabled using
--with-expsam. This includes an XML backend, a mysql backend,
and a NIS backend.
* removal of --with-msdfs (is now enabled by default)
* removal of --with-ssl (no longer supported)
* --with-utmp now defaults to 'yes' on support ed systems
* --with-sendfile-support is now enabled by default on supported
systems
Parameters
----------
This section contains a brief listing of changes to smb.conf options
in the 3.0.0 release. Please refer to the smb.conf(5) man page for
complete descriptions of new or modified parameters.
Removed Parameters (order alphabetically):
* admin log
* alternate permissions
* character set
* client codepage
* code page directory
* coding system
* domain admin group
* domain guest group
* force unknown acl user
* nt smb support
* post script
* printer driver
* printer driver file
* printer driver location
* status
* total print jobs
* use rhosts
* valid chars
* vfs options
New Parameters (new parameters have been grouped by function):
Remote management
-----------------
* abortshutdownscript
* shutdown script
User and Group Account Management
---------------------------------
* add group script
* add machine script
* add user to group script
* algorithmic rid base
* delete group script
* delete user from group script
* passdb backend
* set primary group script
Authentication
--------------
* auth methods
* ads server
* realm
Protocol Options
----------------
* client lanman auth
* client NTLMv2 auth
* client schannel
* client signing
* client use spnego
* disable netbios
* ntlm auth
* paranoid server security
* server schannel
* smb ports
* use spnego
File Service
------------
* get quota command
* hide special files
* hide unwriteable files
* hostname lookups
* kernelchange notify
* mangle prefix
* msdfs proxy
* set quota command
* use sendfile
* vfs objects
Printing
--------
* max reported print jobs
UNICODE and Character Sets
--------------------------
* display charset
* dos charset
* unicode
* unix charset
SID to uid/gid Mappings
-----------------------
* idmap backend
* idmap gid
* idmap only
* idmap uid
LDAP
----
* ldap delete dn
* ldap group suffix
* ldap idmap suffix
* ldap machine suffix
* ldap passwd sync
* ldap trust ids
* ldap user suffix
General Configuration
---------------------
* preload modules
* privatedir
Modified Parameters (changes in behavior):
* encrypt passwords
* mangling method
* passwd chat
* passwd program
* restrict anonymous
* strict locking
* winbind cache time
* winbind uid (deprecated in favor of 'idmap uid')
* winbind gid (deprecated in favor of 'idmap gid')
Databases
---------
This section contains brief descriptions of any new databases introduced in
Samba 3.0. Please remember to backup your existing ${lock directory}/*tdb
before upgrading to Samba 3.0. Samba will upgrade databases as they are
opened (if necessary), but downgrading from 3.0 to 2.2 is an unsupported
path.
Name Description Backup?
---- ----------- -------
account_policy User policy settings yes
gencache Generic caching db no
group_mapping Mapping table from Windows yes
groups/SID to unix groups
idmap new ID map table from SIDS yes
to UNIX uids/gids.
namecache Name resolution cache entries no
netlogon_unigrp Cache of universal group no
membership obtained when
operating as a member of a
Windows domain
printing/*.tdb Cached output from 'lpq no
command' created on a per print
service basis
registry Read-only samba registry skeleton no
that provides support for exporting
various db tables via the winreg RPCs
Changes in Behavior
-------------------
LDAP
----
A new objectclass (sambaSamAccount) has been introduced to replace the old
sambaAccount. This change aids us in the renaming of attributes to prevent
clashes with attributes from other vendors. There is a conversion script
(examples/LDAP/convertSambaAccount) to modify and LDIF file to the new schema.
Example:
$ ldapsearch .... -b "ou=people,dc=..." > old.ldif
$ convertSambaAccount <DOM SID> old.ldif new.ldif
The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
on the Samba PDC as root.
The sambaDomain and sambaGroupMapping objects have also been modified
to use the new attribute naming conventions as well. There are no
conversion scripts for this data since the old schema was never published
in a stable release.
The old sambaAccount schema may still be used by specifying the
"ldapsam_compat" passdb backend.
|