[Samba] [Announce] Samba 4.3.0rc2 Available for Download
mourik jan heupink
heupink at merit.unu.edu
Wed Aug 5 10:11:55 UTC 2015
Cool new features!
On 08/04/2015 11:19 PM, Stefan Metzmacher wrote:
> Release Announcements =====================
>
> This is the second release candidate of Samba 4.3. This is *not*
> intended for production environments and is designed for testing
> purposes only. Please report any defects via the Samba bug
> reporting system at https://bugzilla.samba.org/.
>
> Samba 4.3 will be the next version of the Samba suite.
>
>
> UPGRADING =========
>
> Nothing special.
>
>
> NEW FEATURES ============
>
> Logging -------
>
> The logging code now supports logging to multiple backends. In
> addition to the previously available syslog and file backends, the
> backends for logging to the systemd-journal, lttng and gpfs have
> been added. Please consult the section for the 'logging' parameter
> in the smb.conf manpage for details.
>
> Spotlight ---------
>
> Support for Apple's Spotlight has been added by integrating with
> Gnome Tracker.
>
> For detailed instructions how to build and setup Samba for
> Spotlight, please see the Samba wiki:
> <https://wiki.samba.org/index.php/Spotlight>
>
> New FileChangeNotify subsystem ------------------------------
>
> Samba now contains a new subsystem to do FileChangeNotify. The
> previous system used a central database, notify_index.tdb, to
> store all notification requests. In particular in a cluster this
> turned out to be a major bottleneck, because some hot records need
> to be bounced back and forth between nodes on every change event
> like a new created file.
>
> The new FileChangeNotify subsystem works with a central daemon per
> node. Every FileChangeNotify request and every event are handled by
> an asynchronous message from smbd to the notify daemon. The notify
> daemon maintains a database of all FileChangeNotify requests in
> memory and will distribute the notify events accordingly. This
> database is asynchronously distributed in the cluster by the notify
> daemons.
>
> The notify daemon is supposed to scale a lot better than the
> previous implementation. The functional advantage is cross-node
> kernel change notify: Files created via NFS will be seen by SMB
> clients on other nodes per FileChangeNotify, despite the fact that
> popular cluster file systems do not offer cross-node inotify.
>
> Two changes to the configuration were required for this new
> subsystem: The parameters "change notify" and "kernel change
> notify" are not per-share anymore but must be set globally. So it
> is no longer possible to enable or disable notify per share, the
> notify daemon has no notion of a share, it only works on absolute
> paths.
>
> New SMB profiling code ----------------------
>
> The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb
> instead of sysv IPC shared memory. This avoids performance problems
> and NUMA effects. The profile stats are a bit more detailed than
> before.
>
> Improved DCERPC man in the middle detection for kerberos
> --------------------------------------------------------
>
> The gssapi based kerberos backends for gensec have support for
> DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
>
> SMB signing required in winbindd by default
> -------------------------------------------
>
> The effective value for "client signing" is required by default for
> winbindd, if the primary domain uses active directory.
>
> Experimental NTDB was removed -----------------------------
>
> The experimental NTDB library introduced in Samba 4.0 has been
> removed again.
>
> Improved support for trusted domains (as AD DC)
> -----------------------------------------------
>
> The support for trusted domains/forests has improved a lot.
>
> samba-tool got "domain trust" subcommands to manage trusts:
>
> create - Create a domain or forest trust. delete - Delete
> a domain trust. list - List domain trusts. namespaces -
> Manage forest trust namespaces. show - Show trusted domain
> details. validate - Validate a domain trust.
>
> External trusts between individual domains work in both ways
> (inbound and outbound). The same applies to root domains of a
> forest trust. The transitive routing into the other forest is fully
> functional for kerberos, but not yet supported for NTLMSSP.
>
> While a lot of things are working fine, there are currently a few
> limitations:
>
> - Both sides of the trust need to fully trust each other! - No SID
> filtering rules are applied at all! - This means DCs of domain A
> can grant domain admin rights in domain B. - It's not possible to
> add users/groups of a trusted domain into domain groups.
>
> SMB 3.1.1 supported -------------------
>
> Both client and server have support for SMB 3.1.1 now.
>
> This is the dialect introduced with Windows 10, it improves the
> secure negotiation of SMB dialects and features.
>
> New smbclient subcommands -------------------------
>
> - Query a directory for change notifications: notify <dir name> -
> Server side copy: scopy <source filename> <destination filename>
>
> New rpcclient subcommands -------------------------
>
> netshareenumall - Enumerate all shares netsharegetinfo - Get
> Share Info netsharesetinfo - Set Share Info netsharesetdfsflags -
> Set DFS flags netfileenum - Enumerate open files netnamevalidate -
> Validate sharename netfilegetsec - Get File security netsessdel -
> Delete Session netsessenum - Enumerate Sessions netdiskenum -
> Enumerate Disks netconnenum - Enumerate Connections netshareadd -
> Add share netsharedel - Delete share
>
> New modules -----------
>
> idmap_script - see 'man 8 idmap_script' vfs_unityed_media - see
> 'man 8 vfs_unityed_media' vfs_shell_snap - see 'man 8
> vfs_shell_snap'
>
> New sparsely connected replia graph (Improved KCC)
> --------------------------------------------------
>
> The Knowledge Consistency Checker (KCC) maintains a replication
> graph for DCs across an AD network. The existing Samba KCC uses a
> fully connected graph, so that each DC replicates from all the
> others, which does not scale well with large networks. In 4.3 there
> is an experimental new KCC that creates a sparsely connected
> replication graph and closely follows Microsoft's specification. It
> is turned off by default. To use the new KCC, set
> "kccsrv:samba_kcc=true" in smb.conf and let us know how it goes.
> You should consider doing this if you are making a large new
> network. For small networks there is little benefit and you can
> always switch over at a later date.
>
> Configurable TLS protocol support, with better defaults
> -------------------------------------------------------
>
> The "tls priority" option can be used to change the supported TLS
> protocols. The default is to disable SSLv3, which is no longer
> considered secure.
>
>
> ######################################################################
>
>
Changes
> #######
>
> smb.conf changes ----------------
>
> Parameter Name Description Default -------------- -----------
> ------- logging New (empty) msdfs shuffle referrals New no
> smbd profiling level New off spotlight New no tls priority
> New NORMAL:-VERS-SSL3.0 use ntdb Removed change notify
> Changed to [global] kernel change notify Changed to [global]
> client max protocol Changed default SMB3_11 server max protocol
> Changed default SMB3_11
>
> Removed modules ---------------
>
> vfs_notify_fam - see section 'New FileChangeNotify subsystem'.
>
>
> KNOWN ISSUES ============
>
> Currently none.
>
>
> CHANGES SINCE 4.2.0rc1 ======================
>
> o Jeremy Allison <jra at samba.org> * BUG 11359: strsep is not
> available on Solaris
>
> o Björn Baumbach <bb at sernet.de> * BUG 11421: Build with GPFS
> support is broken
>
> o Justin Maggard <jmaggard at netgear.com> * BUG 11320: "force
> group" with local group not working
>
> o Martin Schwenke <martin at meltin.net * BUG 11424: Build broken
> with --disable-python
>
>
> ####################################### Reporting bugs &
> Development Discussion #######################################
>
> Please discuss this release on the samba-technical mailing list or
> by joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track
> down the problem then you will probably be ignored. All bug
> reports should be filed under the "Samba 4.1 and newer" product in
> the project's Bugzilla database (https://bugzilla.samba.org/).
>
>
> ======================================================================
>
>
== Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
>
>
> ================ Download Details ================
>
> The uncompressed tarballs and patch files have been signed using
> GnuPG (ID 6568B7EA). The source code can be downloaded from:
>
> https://download.samba.org/pub/samba/rc/
>
> The release notes are available online at:
>
> https://download.samba.org/pub/samba/rc/samba-4.3.0rc2.WHATSNEW.txt
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
> --Enjoy The Samba Team
>
>
>
>
More information about the samba
mailing list