>From 61414ce7032de2bd64442d4ee3d6180ff330c9da Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Thu, 23 Jul 2015 17:14:00 +1200 Subject: [PATCH 1/2] WHATSNEW: add a section about samba_kcc Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- WHATSNEW.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 89a03b5..2a31d81 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -155,6 +155,21 @@ New modules vfs_unityed_media - see 'man 8 vfs_unityed_media' vfs_shell_snap - see 'man 8 vfs_shell_snap' +New sparsely connected replia graph (Improved KCC) +-------------------------------------------------- + +The Knowledge Consistency Checker (KCC) maintains a replication graph +for DCs across an AD network. The existing Samba KCC uses a fully +connected graph, so that each DC replicates from all the others, which +does not scale well with large networks. In 4.3 there is an +experimental new KCC that creates a sparsely connected replication +graph and closely follows Microsoft's specification. It is turned off +by default. To use the new KCC, set "kccsrv:samba_kcc=true" in +smb.conf and let us know how it goes. You should consider doing this +if you are making a large new network. For small networks there is +little benefit and you can always switch over at a later date. + + ###################################################################### Changes ####### -- 1.9.1 >From 19baacf6838fed9b83dccf0d5b028a2b75247322 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Thu, 23 Jul 2015 17:27:52 +1200 Subject: [PATCH 2/2] WHATSNEW: a note about TLS protocol support It's a small thing but apparently much requested. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- WHATSNEW.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2a31d81..94d9818 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -169,6 +169,13 @@ smb.conf and let us know how it goes. You should consider doing this if you are making a large new network. For small networks there is little benefit and you can always switch over at a later date. +Configurable TLS protocol support, with better defaults +------------------------------------------------------- + +The "tls priority" option can be used to change the supported TLS +protocols. The default is to disable SSLv3, which is no longer +considered secure. + ###################################################################### Changes -- 1.9.1