[SCM] Samba Shared Repository - branch v4-0-stable updated
Karolin Seeger
kseeger at samba.org
Tue Dec 11 10:20:29 MST 2012
The branch, v4-0-stable has been updated
via df33344 VERSION: Bump version number up to 4.0.0.
via a69e731 WHATSNEW: Update changes since rc6.
via 0eb0a5e selftest: skip the samba4.rpc.samr.passwords test in ncacn_np(dc) and s4member environments
via 55cf387 s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3()
via 9fcd01c s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUser
via 89e11bb s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checks
via 59a6739 s4:dsdb/password_hash: do the min password age checks first
via 8fc0b57 s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required
via ee4f3ff s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* calls
via 22fcbd5 s4:dsdb/password_hash: Honor password complexity settings.
via a86ee3d WHATSNEW: Fix typo.
via 1819e94 WHATSNEW: Add link to the whitepaper.
via 3c131a8 WHATSNEW: Move AD stuff to the corresponding paragraph.
via f553377 WHATSNEW: Update release notes.
via 5b202f0 WHATSNEW: Update release notes.
via 3ecca2d WHATSNEW: Update changes since rc6.
via cfe4b43 s4:provision: set the correct nTSecurityDescriptor on CN=Domain Controllers,... (bug #9481)
via 78814f7 s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)
via 8e2c71f s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug #9481)
via e037bac s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)
via 7e50d96 s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... (bug #9481)
via 58a2a5e s4:provision: set the correct nTSecurityDescriptor on CN=Sites,CN=Configuration... (bug #9481)
via 1e3f0e4 s4:provision: set the correct nTSecurityDescriptor on CN=Partitions,CN=Configuration... (bug #9481)
via 2cb4450 s4:dsdb/descriptor: pass object_list to create_security_descriptor()
via 566aae7 libcli/security: calculate the correct inherited_object GUID
via 3cda521 libcli/security: implement object_in_list()
via bde0414 WHATSNEW: Update release notes for Samba 4.0.0.
via 1afacd4 s3:auth: fix create_token_from_sid() to not fail in the winbindd case
via c14d1da s3:auth: fix function header comment for user_sid_in_group_sid()
via 8ee8ebb s3:auth: fix header comment for user_sid_in_group_sid()
via b9241d6 s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps working
via 73c2db7 s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags interaction
via c6cb652 s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
via ac3dd3c s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470)
via b73f780 s4:dsdb/acl_read: give some variables a better name
via 111ecf1 s4:dsdb/acl_read: fix the calculation of the attribute array for the sub search
via 3407dd4 s4:dsdb/acl_read: check the ldb_attr_list_copy_add() result
via 5321239 s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)
via 45e53f0 s4:dsdb/descriptor: fix replication of NC heads
via d0237f6 s4:dsdb/acl_read: improve debugging for fatal error
via 630bde0 s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470)
via 0da785a s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to msg->elements[i].values (bug #9470)
via 1762d14 s4:dsdb/schema: fix dsdb_schema_set_el_from_ldb_msg() (bug #9470)
via 9eab38b WHATSNEW: Update changes since rc6.
via ad987df s4-torture: call the s4u2self tests with arcfour and aes.
via e057dea s4-torture: precalculate expected session keys from samlogon in schannel test.
via f84b881 libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().
via db81ad1 libcli/auth: remove trailing whitespace.
via 9de38fc s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
via 751b152 s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.
via 32f8265 s3-auth: session keys in validation level 6 samlogon replies are *not* encrypted.
via 012937c s3-rpc_server: support AES for interactive netlogon samlogon password decryption.
via 1dbf3ac s4-rpc_server: support AES encryption in interactive and generic samlogon.
via 119b15c s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().
via 0996946 s4-torture: validate owf password hash and negotiate AES in forest trust test.
via 9a9d2f2 s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo test.
via a63d67b s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().
via 65f75fc s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.
via 967705d s4-torture: exit early when join fails in samba3rpc tests.
via 12e3fed s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.
via a517808 s4-torture: support AES encryption in pac_verify/generic samlogon netlogon tests.
via da08243 s4-torture: use names for r.in.logon_level of netlogon samlogon requests.
via 2b1646e s4-torture: remove trailing whitespace in smbtorture remote_pac test.
via 7aa26fd s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.
via 5217de0 s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.
via 7d84230 s4-torture: add AES support for netr_ServerPasswordSet2 tests.
via 9c82385 s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests.
via 32bb7c0 s4-torture: remove trailing whitespace from netlogon test.
via 7a8205a s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.
via aed9bf6 s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client.
via a4b1dda s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword.
via d4dedc7 libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.
via 71df5a6 WHATSNEW: Add changes since rc6.
via 91d2752 wafsamba: Make sure md5 is really work before using it or overriding the hash function
via 25eb1af Fix bug #9471 - SEGV when using second vfs module.
via 1cd24d5 build: Install .po files for SWAT intl support
via e2db48e Documentation fixes for bug #9462 - Users can not be given write permissions any more by default
via d007f60 s3:smbd: don't apply create/directory mask and modes in apply_default_perms()
via 9e48899 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
via 373b3a5 s3:smbd: Fix typo in got_duplicate_group check
via 26b2d2b Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes the logic clearer.
via 8b41f78 Revert "Fix bug 9376 - ensure_canon_entry_valid generates duplicate SMB_ACL_GROUP, acl_valid fails."
via b35add2 Revert "Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs."
via 9339c45 Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests.
via ef7e06b BUG 9459: Install manpages only if we install the target.
via 1496a75 s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED
via 59ae4dd VERSION: Bump version number up to rc7.
from 484747c VERSION: Disable git snapshots to prepare rc6 release.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 306 +++++++++-------
buildtools/wafsamba/samba_utils.py | 8 +
buildtools/wafsamba/wafsamba.py | 9 +-
docs-xml/smbdotconf/security/createmask.xml | 5 -
docs-xml/smbdotconf/security/directorymask.xml | 5 -
.../smbdotconf/security/directorysecuritymask.xml | 4 +-
docs-xml/smbdotconf/security/forcecreatemode.xml | 6 -
.../smbdotconf/security/forcedirectorymode.xml | 6 -
.../security/forcedirectorysecuritymode.xml | 5 +-
docs-xml/smbdotconf/security/forcesecuritymode.xml | 5 +-
docs-xml/smbdotconf/security/securitymask.xml | 4 +-
lib/util/debug.c | 2 +-
libcli/auth/credentials.c | 118 +++++--
libcli/auth/proto.h | 2 +
libcli/security/create_descriptor.c | 33 ++-
selftest/skip | 2 +
source3/auth/auth_util.c | 34 +--
source3/auth/check_samsec.c | 2 +-
source3/auth/proto.h | 9 +-
source3/auth/server_info.c | 30 --
source3/auth/token_util.c | 16 +-
source3/modules/vfs_acl_common.c | 1 +
source3/rpc_client/cli_netlogon.c | 7 +-
source3/rpc_client/init_netlogon.c | 12 +-
source3/rpc_client/init_netlogon.h | 2 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 110 ++++--
source3/smbd/posix_acls.c | 370 ++++++++------------
source3/smbd/trans2.c | 23 ++-
source3/torture/pdbtest.c | 2 +-
source3/wscript_build | 3 +
source4/dsdb/common/util.c | 18 +-
source4/dsdb/samdb/ldb_modules/acl_read.c | 95 ++++--
source4/dsdb/samdb/ldb_modules/descriptor.c | 19 +-
source4/dsdb/samdb/ldb_modules/dirsync.c | 6 +-
source4/dsdb/samdb/ldb_modules/operational.c | 14 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 29 +-
source4/dsdb/samdb/ldb_modules/schema_data.c | 24 +-
source4/dsdb/schema/schema_set.c | 14 +-
source4/dsdb/tests/python/sec_descriptor.py | 123 +++++++
source4/rpc_server/netlogon/dcerpc_netlogon.c | 35 ++-
source4/rpc_server/samr/samr_password.c | 112 ++++---
.../scripting/python/samba/provision/__init__.py | 31 ++-
.../scripting/python/samba/provision/descriptor.py | 137 ++++++++
source4/setup/provision.ldif | 3 +
source4/setup/provision_computers_add.ldif | 1 +
source4/setup/provision_configuration.ldif | 2 +
source4/setup/provision_users_add.ldif | 1 +
source4/torture/rpc/forest_trust.c | 13 +-
source4/torture/rpc/netlogon.c | 296 ++++++++++-------
source4/torture/rpc/remote_pac.c | 226 ++++++++----
source4/torture/rpc/samba3rpc.c | 19 +-
source4/torture/rpc/samlogon.c | 4 +-
source4/torture/rpc/samr.c | 142 +++++++-
source4/torture/rpc/samsync.c | 2 +-
source4/torture/rpc/schannel.c | 122 ++++++-
56 files changed, 1717 insertions(+), 914 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index ac19dd5..8aa0bfb 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=6
+SAMBA_VERSION_RC_RELEASE=
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 355de80..520075f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,68 +1,20 @@
-Release Announcements
-=====================
+ =============================
+ Release Notes for Samba 4.0.0
+ December 11, 2012
+ =============================
-This is the sixth release candidate of Samba 4.0. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
-In this release candidate, we have a significant number of improvements
-to our Access Control List (ACL) code, particularly for the Active
-Directory Domain Controller, but also in our general purpose file
-server.
-
-These changes are important, as they enable Group Policy Objects to work
-correctly, allow administrators to impose restrictions on some users
-reading certain parts of the directory and correctly propagating
-inherited ACLs down the LDAP directory tree.
-
-Users of the Active Directory Domain Controller upgrading from any
-previous release should run 'samba-tool ntacl sysvolreset' to re-sync
-ACLs on the sysvol share with those matching the GPOs in LDAP and the
-defaults from an initial provision. This will set an underlying POSIX
-ACL if required.
-
-Samba 4.0 will be the next version of the Samba suite and incorporates
-all the technology found in both the Samba4 series and the
-stable 3.x series. The primary additional features over Samba 3.6 are
-support for the Active Directory logon protocols used by Windows 2000
-and above.
+This is is the first stable release of Samba 4.0.
This release contains the best of all of Samba's
technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain
-controller work previously known as 'samba4'.
-
-If you are upgrading, or looking to develop, test or deploy Samba 4.0
-releases candidates, you should backup all configuration and data.
-
-
-UPGRADING
-=========
-
-Users upgrading from Samba 3.x domain controllers and wanting to use
-Samba 4.0 as an AD DC should use the 'samba-tool domain
-classicupgrade' command. See the wiki for more details:
-https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO.
-
-Users upgrading from Samba 4.0 alpha and beta releases since alpha15
-should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
-Samba. Users upgrading from earlier alpha releases should contact the
-team for advice.
-
-Users upgrading an AD DC from any previous release should run
-'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
-with those matching the GPOs in LDAP and the defaults from an initial
-provision. This will set an underlying POSIX ACL if required (eg not
-using the NTVFS file server).
-
-If you used the BIND9_FLATFILE or BIND9_DLZ features,
-you'll have to add '-dns' to the 'server services' option,
-as the internal dns server (SAMBA_INTERNAL) is the default now.
+controller work previously known as 'Samba4'.
+Major enhancements in Samba 4.0.0 include:
-NEW FEATURES
-============
+Active Directory services
+=========================
Samba 4.0 supports the server-side of the Active Directory logon
environment used by Windows 2000 and later, so we can do full domain
@@ -74,12 +26,24 @@ Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.
-Samba 4.0.0rc5 ships with two distinct file servers. We now use the
+When running an AD DC, you only need to run 'samba' (not smbd/nmbd/winbindd),
+as the required services are co-coordinated by this master binary.
+The tool to administer the Active Directory services is called 'samba-tool'.
+
+A short guide to setting up Samba 4 as an AD DC can be found on the wiki:
+
+ http://wiki.samba.org/index.php/Samba4/HOWTO
+
+
+File Services
+=============
+
+Samba 4.0.0 ships with two distinct file servers. We now use the
file server from the Samba 3.x series 'smbd' for all file serving by
default.
Samba 4.0 also ships with the 'NTVFS' file server. This file server
-is what was used in all previous releases of Samba 4.0, and is
+is what was used prior to the beta2 release of Samba 4.0, and is
tuned to match the requirements of an AD domain controller. We
continue to support this, not only to provide continuity to
installations that have deployed it as part of an AD DC, but also as a
@@ -87,10 +51,11 @@ running example of the NT-FSA architecture we expect to move smbd to in
the longer term.
For pure file server work, the binaries users would expect from that
-series (nmbd, winbindd, smbpasswd) continue to be available. When
-running an AD DC, you only need to run 'samba' (not
-nmbd/smbd/winbind), as the required services are co-coordinated by this
-master binary.
+series (smbd, nmbd, winbindd, smbpasswd) continue to be available.
+
+
+DNS
+===
As DNS is an integral part of Active Directory, we also provide two DNS
solutions, a simple internal DNS server for 'out of the box' configurations
@@ -101,16 +66,97 @@ If you chose the BIND_DLZ backend, a configuration file will be generated
for bind to make it use this plugin, as well as a file explaining how to
set up bind.
+
+NTP
+===
+
To provide accurate timestamps to Windows clients, we integrate with
the NTP project to provide secured NTP replies. To use you need to
start ntpd and configure it with the 'restrict ... ms-sntp' and
ntpsigndsocket options.
-Finally, a new scripting interface has been added to Samba 4, allowing
+
+Python Scripting Interface
+==========================
+
+A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals, and many tools and
internal workings of the DC code is now implemented in python.
+Known Issues
+============
+
+- Replication of DNS data from one AD server to another may not work.
+ The DNS data used by the internal DNS server and bind9_dlz is stored
+ in an application partition in our directory. The replication of
+ this partition is not yet reliable.
+
+- Replication may fail on FreeBSD due to getaddrinfo() rejecting names
+ containing _. A workaround will be in a future release.
+
+- samba_upgradeprovision should not be run when upgrading to this release
+ from a recent release. No important database format changes have
+ been made since alpha16.
+
+- Installation on systems without a system iconv (and developer
+ headers at compile time) is known to cause errors when dealing with
+ non-ASCII characters.
+
+- Domain member support in the 'samba' binary is in its infancy, and
+ is not comparable to the support found in winbindd. As such, do not
+ use the 'samba' binary (provided for the AD server) on a member
+ server.
+
+- There is no NetBIOS browsing support (network neighbourhood)
+ available for the AD domain controller. (Support in nmbd and smbd
+ for classic domains and member/standalone servers is unchanged).
+
+- Clock Synchronisation is critical. Many 'wrong password' errors are
+ actually due to Kerberos objecting to a clock skew between client
+ and server. (The NTP work in the previous alphas are partly to assist
+ with this problem).
+
+- The DRS replication code may fail. Please contact the team if you
+ experience issues with DRS replication, as we have fixed many issues
+ here in response to feedback from our production users.
+
+- Linux inotify will now only be supported on systems where glibc also supports
+ it (for details, please refer to bug #8850).
+
+
+Upgrading
+=========
+
+Users upgrading from Samba 3.x domain controllers and wanting to use
+Samba 4.0 as an AD DC should use the 'samba-tool domain
+classicupgrade' command. See the wiki for more details:
+https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO.
+
+Users upgrading from Samba 4.0 alpha and beta releases since alpha15
+should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
+Samba. Users upgrading from earlier alpha releases should contact the
+team for advice.
+
+Users upgrading an AD DC from any previous release should run
+'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
+with those matching the GPOs in LDAP and the defaults from an initial
+provision. This will set an underlying POSIX ACL if required (eg not
+using the NTVFS file server).
+
+If you used the BIND9_FLATFILE or BIND9_DLZ features,
+you'll have to add '-dns' to the 'server services' option,
+as the internal dns server (SAMBA_INTERNAL) is the default now.
+
+
+Supported features
+==================
+
+A whitepaper of currently (un-)supported features is available on the wiki:
+
+ https://wiki.samba.org/index.php/Samba_4.0_Whitepaper
+
+
######################################################################
Changes
#######
@@ -181,12 +227,73 @@ smb.conf changes
winbindd socket directory New
+CHANGES SINCE 4.0.0rc6
+======================
+
+o Michael Adam <obnox at samba.org>
+ * BUG 9414: Honor password complexity settings.
+ * BUG 9456: developer-build: Fix panic when acl_xattr fails with access
+ denied.
+ * BUG 9457: Fix "map username script" with "security=ads" and Winbind.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 9462: Users can not be given write permissions any more by default.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 9415: Install SWAT *.msg files with waf.
+
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 9479: Support FIPS mode when building Samba.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 9438: Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon
+ AES.
+
+
+o Tsukasa Hamano <hamano at osstech.co.jp>
+ * BUG 9471: Fix SEGV when using second vfs module.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9414: Honor password complexity settings.
+ * BUG 9470: Fix MMC crashes.
+ * BUG 9481: Fix ACL on "cn=partitions,cn=configuration".
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 9459: Install manpages only if we install the target.
+
+
+o Richard Sharpe <realrichardsharpe at gmail.com>
+ * BUG 9460: Respond correctly to FILE_STREAM_INFO requests.
+
+
CHANGES SINCE 4.0.0rc5
======================
-With this release candidate the ACLs in the Active Directory
-are also checked on searches by default. The automatic inheritance
-of ACLs is also correctly recalculated on changes now.
+In this release candidate, we have a significant number of improvements
+to our Access Control List (ACL) code, particularly for the Active
+Directory Domain Controller, but also in our general purpose file
+server.
+
+These changes are important, as they enable Group Policy Objects to work
+correctly, allow administrators to impose restrictions on some users
+reading certain parts of the directory and correctly propagating
+inherited ACLs down the LDAP directory tree.
+
+Users of the Active Directory Domain Controller upgrading from any
+previous release should run 'samba-tool ntacl sysvolreset' to re-sync
+ACLs on the sysvol share with those matching the GPOs in LDAP and the
+defaults from an initial provision. This will set an underlying POSIX
+ACL if required.
+
+The ACLs in the Active Directory are also checked on searches by default.
+The automatic inheritance of ACLs is also correctly recalculated on
+changes now.
o Michael Adam <obnox at samba.org>
* BUG 9350: Fail "configure --with-ads" if ads support is not available.
@@ -641,71 +748,6 @@ o Andreas Schneider <asn at samba.org>
registry.
-KNOWN ISSUES
-============
-
-- 'samba-tool domain classicupgrade' will fail when setting ACLs on
- the GPO folders with NT_STATUS_INVALID_ONWER in the default
- configuration. This happens if, as is typical a 'domain admins'
- group (-512) is mapped in the passdb backend being upgraded. This
- is because the group mapping to a GID only prevents Samba from
- allocating a uid for that group. The uid is needed so the 'domain
- admins' group can own the GPO file objects.
-
- To work around this issue, remove the 'domain admins' group before
- upgrade, as it will be re-created automatically. You will
- of course need to fill in the group membership again. A future release
- will make this automatic, or find some other workaround.
-
-- This release makes the s3fs file server the default, as this is the
- file server combination we will use for the Samba 4.0 release.
-
-- For similar reasons, sites with ACLs stored by the ntvfs file server
- may wish to continue to use that file server implementation, as a
- posix ACL will similarly not be set in this case.
-
-- Replication of DNS data from one AD server to another may not work.
- The DNS data used by the internal DNS server and bind9_dlz is stored
- in an application partition in our directory. The replication of
- this partition is not yet reliable.
-
-- Replication may fail on FreeBSD due to getaddrinfo() rejecting names
- containing _. A workaround will be in a future release.
-
-- samba_upgradeprovision should not be run when upgrading to this release
- from a recent release. No important database format changes have
- been made since alpha16.
-
-- Installation on systems without a system iconv (and developer
- headers at compile time) is known to cause errors when dealing with
- non-ASCII characters.
-
-- Domain member support in the 'samba' binary is in its infancy, and
- is not comparable to the support found in winbindd. As such, do not
- use the 'samba' binary (provided for the AD server) on a member
- server.
-
-- There is no NetBIOS browsing support (network neighbourhood)
- available for the AD domain controller. (Support in nmbd and smbd
- for classic domains and member/standalone servers is unchanged).
-
-- Clock Synchronisation is critical. Many 'wrong password' errors are
- actually due to Kerberos objecting to a clock skew between client
- and server. (The NTP work in the previous alphas are partly to assist
- with this problem).
-
-- The DRS replication code may fail. Please contact the team if you
- experience issues with DRS replication, as we have fixed many issues
- here in response to feedback from our production users.
-
-
-RUNNING Samba 4.0 as an AD DC
-=============================
-
-A short guide to setting up Samba 4 as an AD DC can be found on the wiki:
-
- http://wiki.samba.org/index.php/Samba4/HOWTO
-
#######################################
Reporting bugs & Development Discussion
#######################################
diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
index c1869df..cab87a4 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -388,9 +388,17 @@ def RUN_COMMAND(cmd,
# make sure we have md5. some systems don't have it
try:
from hashlib import md5
+ try:
+ foo = md5.md5('abcd')
+ except ValueError:
+ raise
except:
try:
import md5
+ try:
+ foo = md5.md5('abcd')
+ except ValueError:
+ raise
except:
import Constants
Constants.SIG_NIL = hash('abcd')
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 59d3a2c..9409669 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -287,7 +287,7 @@ def SAMBA_LIBRARY(bld, libname, source,
if (manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and
bld.env['XSLTPROC_MANPAGES']):
- bld.MANPAGES(manpages)
+ bld.MANPAGES(manpages, install)
Build.BuildContext.SAMBA_LIBRARY = SAMBA_LIBRARY
@@ -383,7 +383,7 @@ def SAMBA_BINARY(bld, binname, source,
)
if manpages is not None and 'XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']:
- bld.MANPAGES(manpages)
+ bld.MANPAGES(manpages, install)
Build.BuildContext.SAMBA_BINARY = SAMBA_BINARY
@@ -771,7 +771,7 @@ def INSTALL_DIRS(bld, destdir, dirs):
Build.BuildContext.INSTALL_DIRS = INSTALL_DIRS
-def MANPAGES(bld, manpages):
+def MANPAGES(bld, manpages, install):
'''build and install manual pages'''
bld.env.MAN_XSL = 'http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl'
for m in manpages.split():
@@ -782,7 +782,8 @@ def MANPAGES(bld, manpages):
group='final',
rule='${XSLTPROC} --xinclude -o ${TGT} --nonet ${MAN_XSL} ${SRC}'
)
- bld.INSTALL_FILES('${MANDIR}/man%s' % m[-1], m, flat=True)
+ if install:
+ bld.INSTALL_FILES('${MANDIR}/man%s' % m[-1], m, flat=True)
Build.BuildContext.MANPAGES = MANPAGES
def SAMBAMANPAGES(bld, manpages):
diff --git a/docs-xml/smbdotconf/security/createmask.xml b/docs-xml/smbdotconf/security/createmask.xml
index 59e208d..5df0718 100644
--- a/docs-xml/smbdotconf/security/createmask.xml
+++ b/docs-xml/smbdotconf/security/createmask.xml
@@ -26,11 +26,6 @@
This parameter does not affect directory masks. See the parameter <smbconfoption name="directory mask"/>
for details.
</para>
-
- <para>
- New in Samba 4.0.0. This mask is applied whenever permissions are changed on a file. To allow clients full control
- over permission changes it should be set to 0777.
- </para>
</description>
<related>force create mode</related>
diff --git a/docs-xml/smbdotconf/security/directorymask.xml b/docs-xml/smbdotconf/security/directorymask.xml
index 2ebfc16..b17625c 100644
--- a/docs-xml/smbdotconf/security/directorymask.xml
+++ b/docs-xml/smbdotconf/security/directorymask.xml
@@ -23,11 +23,6 @@
<para>Following this Samba will bit-wise 'OR' the UNIX mode
created from this parameter with the value of the <smbconfoption name="force directory mode"/> parameter.
This parameter is set to 000 by default (i.e. no extra mode bits are added).</para>
-
- <para>
- New in Samba 4.0.0. This mask is applied whenever permissions are changed on a directory. To allow clients full control
- over permission changes it should be set to 0777.
- </para>
</description>
<related>force directory mode</related>
diff --git a/docs-xml/smbdotconf/security/directorysecuritymask.xml b/docs-xml/smbdotconf/security/directorysecuritymask.xml
index c5c8c65..ad208f4 100644
--- a/docs-xml/smbdotconf/security/directorysecuritymask.xml
+++ b/docs-xml/smbdotconf/security/directorysecuritymask.xml
@@ -5,9 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter has been removed for Samba 4.0.0. The parameter
- <smbconfoption name="directory mask"/> is now used instead to mask
- any permission bit changes on directories.
+ This parameter has been removed for Samba 4.0.0.
</para>
</description>
diff --git a/docs-xml/smbdotconf/security/forcecreatemode.xml b/docs-xml/smbdotconf/security/forcecreatemode.xml
index 5a57a29..a3f1c2c 100644
--- a/docs-xml/smbdotconf/security/forcecreatemode.xml
+++ b/docs-xml/smbdotconf/security/forcecreatemode.xml
--
Samba Shared Repository
More information about the samba-cvs
mailing list