[ANNOUNCE] Samba 4.0.0alpha4

Andrew Bartlett abartlet at samba.org
Thu Jun 5 00:07:39 GMT 2008

We are proud to a announce a forth alpha release of Samba 4. 

What's new in Samba 4 alpha4

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

Samba 4 is currently not yet in a state where it is usable in
production environments. Note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work.

Samba4 alpha4 follows on from the alpha release series we have been
publishing since September last year.


Samba4 alpha4 is not a final Samba release.  That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet.  If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.

For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller: (This is
where we have done most of the research and development).

While Samba4 is subjected to an awesome battery of tests on an
automated basis, and we have found Samba4 to be very stable in it's
behaviour, we have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage.  If you are upgrading an
experimental server, or looking to develop and test Samba, you should
backup all configuration and data.


Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we

The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations.  This includes file
annotation information (in streams) and NT ACLs in particular.  The
VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.

The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends.  One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large


In the time since Samba4 Alpha2 was released in December 2007, Samba has
continued to evolve, but you may particularly notice these areas:

  Python Bindings: Bindings for Python are now used for all internal
  scripting, and the system python installation is used to run all
  Samba python scripts (in place of smbpython found in the previous

  As such Python is no longer optional, and configure will generate an
  error if it cannot locate an appropriate Python installation.

  SWAT Remains Disabled: Due to a lack of developer time and without a
  long-term web developer to maintain it, the SWAT web UI remains been
  disabled (and would need to be rewritten in python in any case).

  GNU Make: To try and simplfy our build system, we rely on GNU Make
  to avoid autogenerating a massive single makefile. 

  Registry: Samba4's registry library has continued to improve.

  ID mapping: Samba4 uses the internal ID mapping in winbind for all
  but a few core users.  Samba users should not appear in /etc/passwd,
  as Samba will generate new user and group IDs regradless. 

  NTP: Samba4 can act as a signing server for the ntp.org NTP deamon,
  allowing NTPd to reply using Microsoft's non-standard signing
  scheme.  A patch to make NTPd talk to Samba for this purpose has
  been submitted to the ntp.org project.

  CLDAP: Users should experience less arbitary delays and more success with
  group policy, domain joins and logons due to an improved
  implementation of CLDAP and the 'netlogon' mailslot datagrams.

  SMB2: The Samba4 SMB2 server and testsuite have been greatly
  improved, but the SMB2 server remains off by default.

  Secure DNS update: Configuration for GSS-TSIG updates of DNS records
  is now generated by the provision script.

These are just some of the highlights of the work done in the past few
months.  More details can be found in our GIT history.


Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.


- Domain member support is in it's infancy, and is not comparable to
  the support found in Samba3.

- There is no printing support in the current release.

- There is no netbios browsing support in the current release

- The Samba4 port of the CTDB clustering support is not yet complete

- Clock Synchronisation is critical.  Many 'wrong password' errors are
  actually due to Kerberos objecting to a clock skew between client
  and server.  (The NTP work is partly to assist with this problem).

- Samba4 alpha4 is currently only portable to recent Linux
  distributions.  Work to return support for other Unix varients is
  expected during the next alpha cycle

- Samba4 alpha4 is incompatible with GnuTLS 2.0, found in Fedora 9 and
  recent Ubuntu releases.  Please remove the
  gnutls-devel/libgnutls-dev package before compiling (otherwise 'make
  test' and LDAPS operations will hang).


A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.

Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.  

The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for

Download Details

The release tarball is available from the following location:
 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha4.tar.gz

This release has been signed using GPG with Andrew's GPG key (28B436BB).

 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha4.tar.asc

To verify that the signature is correct, make sure that the tarball has
been unzipped and run:

$ gpg --verify samba-4.0.0alpha4.tar.asc

We are also planning on making Debian packages available. No packages
for other distributions are planned at the moment.

Happy testing!

The Samba team

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-announce/attachments/20080605/57069e7f/attachment.bin

More information about the samba-announce mailing list