[Samba] [Announce] Samba 4.18.0rc2 Available for Download
Andrew Bartlett
abartlet at samba.org
Fri Feb 3 02:26:11 UTC 2023
With great thanks to testing, funding from and a lab environment
provided by customer (who can identify themselves if they like ;-), we
have found that:
* Azure AD Connect cloud sync works with the patches I wrote and are
included in this release (and have been backported for the next
4.17.x).
* Azure AD Connect works if you put the created user in "Domain
Admins", probably on existing Samba but tested with the patched version.
I personally think that a pure-Samba tool that runs in python and
doesn't require a windows server as a proxy is still a better long-term
option, so we can control the stack and much more easily address the
issues. I strongly support your work and wish it the best of success.
Andrew Bartlett
On Thu, 2023-02-02 at 12:24 +0100, Simon FONTENEAU via samba wrote:
> Hello
>
> Is it possible to have more details on "Azure Active Directory /
> Office365 synchronisation improvements " ?
>
> I started working on something here :
> https://github.com/sfonteneau/AzureADConnect_Samba4
> (WIP)
>
> To activate a pure python synchronization without windows server.
>
> Couldn't that be necessary anymore?
>
> Simon Fonteneau
>
>
> Le 01/02/2023 à 18:50, Jule Anger via samba a écrit :
> > Release Announcements
> > =====================
> >
> > This is the second release candidate of Samba 4.18. This is *not*
> > intended for production environments and is designed for testing
> > purposes only. Please report any defects via the Samba bug
> > reporting
> > system at
> > https://bugzilla.samba.org/
> > .
> >
> > Samba 4.18 will be the next version of the Samba suite.
> >
> >
> > UPGRADING
> > =========
> >
> >
> > NEW FEATURES/CHANGES
> > ====================
> >
> > More succinct samba-tool error messages
> > ---------------------------------------
> >
> > Historically samba-tool has reported user error or misconfiguration
> > by
> > means of a Python traceback, showing you where in its code it
> > noticed
> > something was wrong, but not always exactly what is amiss. Now it
> > tries harder to identify the true cause and restrict its output to
> > describing that. Particular cases include:
> >
> > * a username or password is incorrect
> > * an ldb database filename is wrong (including in smb.conf)
> > * samba-tool dns: various zones or records do not exist
> > * samba-tool ntacl: certain files are missing
> > * the network seems to be down
> > * bad --realm or --debug arguments
> >
> > Accessing the old samba-tool messages
> > -------------------------------------
> >
> > This is not new, but users are reminded they can get the full
> > Python
> > stack trace, along with other noise, by using the argument '-d3'.
> > This may be useful when searching the web.
> >
> > The intention is that when samba-tool encounters an unrecognised
> > problem (especially a bug), it will still output a Python
> > traceback.
> > If you encounter a problem that has been incorrectly identified by
> > samba-tool, please report it on
> > https://bugzilla.samba.org
> > .
> >
> > Colour output with samba-tool --color
> > -------------------------------------
> >
> > For some time a few samba-tool commands have had a --
> > color=yes|no|auto
> > option, which determines whether the command outputs ANSI colour
> > codes. Now all samba-tool commands support this option, which now
> > also
> > accepts 'always' and 'force' for 'yes', 'never' and 'none' for
> > 'no',
> > and 'tty' and 'if-tty' for 'auto' (this more closely matches
> > convention). With --color=auto, or when --color is omitted, colour
> > codes are only used when output is directed to a terminal.
> >
> > Most commands have very little colour in any case. For those that
> > already used it, the defaults have changed slightly.
> >
> > * samba-tool drs showrepl: default is now 'auto', not 'no'
> >
> > * samba-tool visualize: the interactions between --color-scheme,
> > --color, and --output have changed slightly. When --color-scheme
> > is
> > set it overrides --color for the purpose of the output diagram,
> > but
> > not for other output like error messages.
> >
> > New samba-tool dsacl subcommand for deleting ACES
> > -------------------------------------------------
> >
> > The samba-tool dsacl tool can now delete entries in directory
> > access
> > control lists. The interface for 'samba-tool dsacl delete' is
> > similar
> > to that of 'samba-tool dsacl set', with the difference being that
> > the
> > ACEs described by the --sddl argument are deleted rather than
> > added.
> >
> > No colour with NO_COLOR environment variable
> > --------------------------------------------
> >
> > With both samba-tool --color=auto (see above) and some other places
> > where we use ANSI colour codes, the NO_COLOR environment variable
> > will
> > disable colour output. See
> > https://no-color.org/
> > for a description of
> > this variable. `samba-tool --color=always` will use colour
> > regardless
> > of NO_COLOR.
> >
> > New wbinfo option --change-secret-at
> > ------------------------------------
> >
> > The wbinfo command has a new option, --change-secret-at=<DOMAIN
> > CONTROLLER>
> > which forces the trust account password to be changed at a
> > specified
> > domain
> > controller. If the specified domain controller cannot be contacted
> > the
> > password change fails rather than trying other DCs.
> >
> > New option to change the NT ACL default location
> > ------------------------------------------------
> >
> > Usually the NT ACLs are stored in the security.NTACL extended
> > attribute (xattr) of files and directories. The new
> > "acl_xattr:security_acl_name" option allows to redefine the default
> > location. The default "security.NTACL" is a protected location,
> > which
> > means the content of the security.NTACL attribute is not accessible
> > from normal users outside of Samba. When this option is set to use
> > a
> > user-defined value, e.g. user.NTACL then any user can potentially
> > access and overwrite this information. The module prevents access
> > to
> > this xattr over SMB, but the xattr may still be accessed by other
> > means (eg local access, SSH, NFS). This option must only be used
> > when
> > this consequence is clearly understood and when specific
> > precautions
> > are taken to avoid compromising the ACL content.
> >
> > Azure Active Directory / Office365 synchronisation improvements
> > --------------------------------------------------------------
> >
> > Use of the Azure AD Connect cloud sync tool is now supported for
> > password hash synchronisation, allowing Samba AD Domains to
> > synchronise
> > passwords with this popular cloud environment.
> >
> > REMOVED FEATURES
> > ================
> >
> >
> > smb.conf changes
> > ================
> >
> > Parameter Name Description Default
> > -------------- ----------- -------
> > acl_xattr:security_acl_name New security.NTACL
> >
> >
> > CHANGES SINCE 4.18.0rc1
> > =======================
> >
> > o Andrew Bartlett <
> > abartlet at samba.org
> > >
> > * BUG 10635: Office365 azure Password Sync not working.
> >
> > o Stefan Metzmacher <
> > metze at samba.org
> > >
> > * BUG 15286: auth3_generate_session_info_pac leaks
> > wbcAuthUserInfo.
> >
> > o Noel Power <
> > noel.power at suse.com
> > >
> > * BUG 15293: With clustering enabled samba-bgqd can core dump
> > due
> > to use
> > after free.
> >
> >
> > KNOWN ISSUES
> > ============
> >
> > https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs
> >
> >
> >
> >
> > #######################################
> > Reporting bugs & Development Discussion
> > #######################################
> >
> > Please discuss this release on the samba-technical mailing list or
> > by
> > joining the #samba-technical:matrix.org matrix room, or
> > #samba-technical IRC channel on irc.libera.chat
> >
> > If you do report problems then please try to send high quality
> > feedback. If you don't provide vital information to help us track
> > down
> > the problem then you will probably be ignored. All bug reports
> > should
> > be filed under the Samba 4.1 and newer product in the project's
> > Bugzilla
> > database (
> > https://bugzilla.samba.org/
> > ).
> >
> >
> > ===================================================================
> > ===
> > == Our Code, Our Bugs, Our Responsibility.
> > == The Samba Team
> > ===================================================================
> > ===
> >
> >
> > ================
> > Download Details
> > ================
> >
> > The uncompressed tarballs and patch files have been signed
> > using GnuPG (ID AA99442FB680B620). The source code can be
> > downloaded
> > from:
> >
> >
> > https://download.samba.org/pub/samba/rc/
> >
> >
> > The release notes are available online at:
> >
> > https://download.samba.org/pub/samba/rc/samba-4.18.0rc2.WHATSNEW.txt
> >
> >
> > Our Code, Our Bugs, Our Responsibility.
> > (
> > https://bugzilla.samba.org/
> > )
> >
> > --Enjoy
> > The Samba Team
> >
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list