1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
|
==============================
Release Notes for Samba 3.2.0
July 1, 2008
==============================
This is the first stable release of Samba 3.2.0.
Please be aware that Samba is now distributed under the version 3
of the new GNU General Public License. You may refer to the COPYING
file that accompanies these release notes for further licensing details.
Major enhancements in Samba 3.2.0 include:
File Serving:
o Use of IDL generated parsing layer for several DCE/RPC
interfaces.
o Removal of the 1024 byte limit on pathnames and 256 byte limit on
filename components to honor the MAX_PATH setting from the host OS.
o Introduction of a registry based configuration system.
o Improved CIFS Unix Extensions support.
o Experimental support for file serving clusters.
o Support for IPv6 in the server, and client tools and libraries.
o Support for storing alternate data streams in xattrs.
o Encrypted SMB transport in client tools and libraries, and server.
o Support for Vista clients authenticating via Kerberos.
Winbind and Active Directory Integration:
o Full support for Windows 2003 cross-forest, transitive trusts
and one-way domain trusts.
o Support for userPrincipalName logons via pam_winbind and NSS
lookups.
o Expansion of nested domain groups via NSS calls.
o Support for Active Directory LDAP Signing policy.
o New LGPL Winbind client library (libwbclient.so).
o Support for establishing interdomain trust relationships with
Windows 2008.
Joining:
o New NetApi library for domain join related queries (libnetapi.so)
and example GTK+ Domain join gui.
o New client and server support for remotely joining and unjoining
Domains.
o Support for joining into Windows 2008 domains.
Users & Groups:
o New ldb backend for local group mapping tables
o Raised level of security defaults for authentication operations.
o New NetApi library for user account related queries.
Now Licensed under the GNU GPLv3
================================
The Samba Team has adopted the Version 3 of the GNU General Public
License for the 3.2 and later releases. The GPLv3 is the updated
version of the GPLv2 license under which Samba is currently
distributed. It has been updated to improve compatibility with other
licenses and to make it easier to adopt internationally, and is an
improved version of the license to better suit the needs of Free
Software in the 21st Century.
The original announcement is available on-line at
http://news.samba.org/announcements/samba_gplv3/
New Security Defaults for Authentication
========================================
Support for LanMan passwords is now disabled in both client and server
applications. Additionally, clear text authentication requests are
disabled by default in client utilities such as smbclient and all
libsmbclient based applications. This will affect connection both
to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer
to the "Changes" section for details on the exact parameters that were
updated.
Registry Configuration Backend
==============================
Samba is now able to use a registry based configuration backed to
supplement smb.conf settings. This feature may be enabled by setting
"config backend = registry" in the [global] section of smb.conf for a
registry only configuration, or by specifying "include = registry" to
include global options from registry for a mixed setup.
The new parameter "registry shares = yes" in the [global] section of
smb.conf can be used to activate share definitions from registry.
These shares are loaded on demand by the server. Registry shares are
automatically activated by the global registry options above.
The configuration stored in registry can be conveniently managed using
the "net conf" command.
More information may be obtained from the smb.conf(5) and net(8) man
pages.
Removed Features
================
Both the Python bindings and the libmsrpc shared library have been
removed from the tree due to lack of an official maintainer.
As smbfs is no longer supported in current kernel versions, smbmount has
been removed in this Samba version. Please use cifs (mount.cifs) instead.
See examples/scripts/mount/mount.smbfs as an example for a wrapper which
calls mount.cifs instead of smbmount/mount.smbfs.
Modified API for libsmbclient
==============================================================================
Maintaining ABI compatibility for libsmbclient has become increasingly
difficult to accomplish, while also keeping the code organization such that it
is easily readable. Towards the goal of maintaining ABI compatibility and
also keeping the code easy to maintain and enhance, the API has been enhanced.
In particular, the fields in the SMBCCTX context structure are no longer
intended to be read/write by the user, and are marked as deprecated. An
application that previously accessed the members of the SMBCCTX context
structure will now encounter warnings if recompiled. This is intentional, to
encourage implementation of the small changes required for the new interface.
The number of changes is expected to be quite small for the vast majority of
applications, and no changes need be made for many applications. The changes
required for KDE (konqueror) to conform to the new interface, for example, are
only four lines in only one file.
Instead of the application manually changing or reading values in the context
structure, there are now setter and getter functions for each configurable
member in that structure. Similarly, the smbc_option_get() and
smbc_option_set() functions are deprecated in favor of the setter/getter
interface. The setters and getters are all documented in libsmbclient.h
under these comment blocks:
Getters and setters for CONFIGURATION
Getters and setters for OPTIONS
Getters and setters for FUNCTIONS
Callable functions for files
Callable functions for directories
Callable functions applicable to both files and directories
Example changes that may be required to eliminate "deprecated" warnings:
/* Set the debug level */
context->debug = 99;
changes to:
smbc_setDebug(context, 99);
/* Specify the authentication callback function */
context->callbacks.auth_fn = auth_smbc_get_data;
changes to:
smbc_setFunctionAuthData(context, auth_smbc_get_data);
/* Specify the new-style authentication callback with context parameter */
smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
changes to:
smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
/* Set kerberos flags */
context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
changes to:
smbc_setOptionUseKerberos(context, 1);
smbc_setOptionFallbackAfterKerberos(context, 1);
######################################################################
Changes
#######
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
administrative share New No
client lanman auth Changed Default No
client ldap sasl wrapping New plain
client plaintext auth Changed Default No
clustering New No
cluster addresses New ""
config backend New file
ctdbd socket New ""
debug class New No
lanman auth Changed Default No
ldap connection timeout New 2
ldap debug level New 0
ldap debug threshold New 10
mangled map Removed
min receive file size New 0
open files database hashsize Removed
read bmpx Removed
registry shares New No
smb encrypt New Auto
winbind expand groups New 1
winbind rpc only New No
New special meaning of "include = registry".
Changes since 3.2.0rc2:
-----------------------
o Jeremy Allison <jra@samba.org>
* BUG 5531: Fix conversion of ns units when converting
from nttime to timespec.
* BUG 5533: Fix handling of workgroup names containing a '.' in Winbindd.
* BUG 5551: Fix group enumeration with 'wbinfo -g' on PDCs.
* BUG 5555: Fix setting of the password last set field during domain joins.
* BUG 5568: Fix net rpc trustdom add.
* Fix gcc warnings at -O3.
o Michael Adam <obnox@samba.org>
* BUG 5548: Fix segfaults in handle_include with %m macro expansion.
* Add several tests to the testsuite.
o Steven Danneman <steven.danneman@isilon.com>
* Make winbindd enum users and groups async.
o Günther Deschner <gd@samba.org>
* BUG 5542: Fix empty passwords of samsync.
o Volker Lendecke <vl@samba.org>
* BUG 5500: Add missing become_root to enable access to LDAP DB.
* Fix coverity IDs 464, 474.
* Fix an uninitialized variable found by the IBM checker.
* Fix group parsing in libwbclient's copy_group_entry().
* Fix max_fd calculation in event_loop_once.
* Fix warnings on Fedory Core 9.
* Fix several memleaks.
* Fix a segfaults in wbcLookupRids.
* Fix a segfault in clitar.
* Fix the build on FreeBSD 4.6.2 and Darwin.
* Fix a double-closedir() in form_junctions().
* Fix a crash in _dfs_Enum.
* Fix a segfault in rpcclient adddriver.
* Fix valgrind errors in _spoolss_addprinterdriver.
* Fix warnings on SuSE 9.0.
* Fix a file descriptor leak in add_port_hook.
o William Jojo <jojowil@hvcc.edu>
* Fix several AIX build issues.
* Add -brtl to the AIX linker flags.
o Atte Peltomäki <atte.peltomaki@f-secure.com>
* Fix winbindd group expansion.
o Andreas Schneider <anschneider@suse.de>
* Add documentation for kerberos support in libsmbclient.
* Add krb5 support for the testbrowse example.
o John H Terpstra <jht@samba.org>
* Fix net help info.
* Add documentation for TDB file.
o Bo Yang <boyang@novell.com>
* Fix update of cached credentials during password change in pam_winbind.
o Christoph Zauner <christoph.zauner@sernet.de>
* Fix several typos in the man pages and the Samba3 HowTo Collection.
######################################################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
|
