[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Feb 7 16:58:02 UTC 2018
The branch, master has been updated
via 701b2ed WHATSNEW: Start release notes for Samba 4.9.
via 0109b59 docs-xml: Add 'samba-tool visualize' to man samba-tool.8.
via 0f577cd selftest: run "samba.tests.common"
from a222b75 libgpo: Fix the build --without-ads
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 701b2ed6cfa27f9638dd5ea5a85e2ddbc44aa5e8
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Feb 7 10:08:53 2018 +0100
WHATSNEW: Start release notes for Samba 4.9.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 7 17:57:39 CET 2018 on sn-devel-144
commit 0109b5965f8a5f467aa12aa505be849ae33e1f8e
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Feb 5 09:37:48 2018 +0100
docs-xml: Add 'samba-tool visualize' to man samba-tool.8.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13226
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0f577cd9e79e8a93b09d0c5f5b4f6842ed847932
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 30 10:40:36 2018 +0100
selftest: run "samba.tests.common"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 192 +------------------------------------
docs-xml/manpages/samba-tool.8.xml | 57 ++++++++++-
selftest/tests.py | 1 +
3 files changed, 59 insertions(+), 191 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6cc362d..ad045e3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,12 @@
Release Announcements
=====================
-This is the first release candidate of Samba 4.8. This is *not*
+This is the first preview release of Samba 4.9. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
-Samba 4.8 will be the next version of the Samba suite.
+Samba 4.9 will be the next version of the Samba suite.
UPGRADING
@@ -16,177 +16,10 @@ UPGRADING
NEW FEATURES/CHANGES
====================
-KDC GPO application
--------------------
-
-Adds Group Policy support for the Samba kdc. Applies password policies
-(minimum/maximum password age, minimum password length, and password
-complexity) and kerberos policies (user/service ticket lifetime and
-renew lifetime).
-
-Adds the samba_gpoupdate script for applying and unapplying
-policy. Can be applied automatically by setting
-
- 'apply group policies = yes'.
-
-Time Machine Support with vfs_fruit
------------------------------------
-
-Samba can be configured as a Time Machine target for Apple Mac devices
-through the vfs_fruit module. When enabling a share for Time Machine
-support the relevant Avahi records to support discovery will be published
-for installations that have been built against the Avahi client library.
-
-Shares can be designated as a Time Machine share with the following setting:
-
- 'fruit:time machine = yes'
-
-Support for lower casing the MDNS Name
---------------------------------------
-
-Allows the server name that is advertised through MDNS to be set to the
-hostname rather than the Samba NETBIOS name. This allows an administrator
-to make Samba registered MDNS records match the case of the hostname
-rather than being in all capitals.
-
-This can be set with the following settings:
-
- 'mdns name = mdns'
-
-Encrypted secrets
------------------
-
-Attributes deemed to be sensitive are now encrypted on disk. The sensitive
-values are currently:
- pekList
- msDS-ExecuteScriptPassword
- currentValue
- dBCSPwd
- initialAuthIncoming
- initialAuthOutgoing
- lmPwdHistory
- ntPwdHistory
- priorValue
- supplementalCredentials
- trustAuthIncoming
- trustAuthOutgoing
- unicodePwd
- clearTextPassword
-
-This encryption is enabled by default on a new provision or join, it
-can be disabled at provision or join time with the new option
-'--plaintext-secrets'.
-
-However, an in-place upgrade will not encrypt the database.
-
-Once encrypted, it is not possible to do an in-place downgrade (eg to
-4.7) of the database. To obtain an unencrypted copy of the database a
-new DC join should be performed, specifying the '--plaintext-secrets'
-option.
-
-The key file "encrypted_secrets.key" is created in the same directory
-as the database and should NEVER be disclosed. It is included by the
-samba_backup script.
-
-Active Directory replication visualisation
-------------------------------------------
-
-To work out what is happening in a replication graph, it is sometimes
-helpful to use visualisations. We introduce a samba-tool subcommand to
-write Graphviz dot output and generate text-based heatmaps of the
-distance in hops between DCs.
-
-There are two subcommands, two graphical modes, and (roughly) two modes of
-operation with respect to the location of authority.
-
-`samba-tool visualize ntdsconn` looks at NTDS Connections.
-`samba-tool visualize reps` looks at repsTo and repsFrom objects.
-
-In '--distance' mode (default), the distances between DCs are shown in
-a matrix in the terminal. With '--color=yes', this is depicted as a
-heatmap. With '--utf8' it is a lttle prettier.
-
-In '--dot' mode, Graphviz dot output is generated. When viewed using
-dot or xdot, this shows the network as a graph with DCs as vertices
-and connections edges. Certain types of degenerate edges are shown in
-different colours or line-styles.
-
-NT4-style replication based net commands removed
-------------------------------------------------
-
-The following commands and sub-commands have been removed from the
-"net" utility:
-
-net rpc samdump
-net rpc vampire ldif
-
-Also, replicating from a real NT4 domain with "net rpc vampire" and
-"net rpc vampire keytab" has been removed.
-
-The NT4-based commands were accidentially broken in 2013, and nobody
-noticed the breakage. So instead of fixing them including tests (which
-would have meant writing a server for the protocols, which we don't
-have) we decided to remove them.
-
-For the same reason, the "samsync", "samdeltas" and "database_redo"
-commands have been removed from rpcclient.
-
-"net rpc vampire keytab" from Active Directory domains continues to be
-supported.
-
-vfs_aio_linux module removed
-----------------------------
-
-The current Linux kernel aio does not match what Samba would
-do. Shipping code that uses it leads people to false
-assumptions. Samba implements async I/O based on threads by default,
-there is no special module required to see benefits of read and write
-request being sent do the disk in parallel.
-
-smbclient reparse point symlink parameters reversed
----------------------------------------------------
-
-A bug in smbclient caused the 'symlink' command to reverse the
-meaning of the new name and link target parameters when creating a
-reparse point symlink against a Windows server. As this is a
-little used feature the ordering of these parameters has been
-reversed to match the parameter ordering of the UNIX extensions
-'symlink' command. The usage message for this command has also
-been improved to remove confusion.
-
-Winbind changes
----------------
-
-The dependency to global list of trusted domains within
-the winbindd processes has been reduced a lot.
-
-The construction of that global list is not reliable and often
-incomplete in complex trust setups. In most situations the list is not needed
-any more for winbindd to operate correctly. E.g. for plain file serving via SMB
-using a simple idmap setup with autorid, tdb or ad. However some more complex
-setups require the list, e.g. if you specify idmap backends for specific
-domains. Some pam_winbind setups may also require the global list.
-
-If you have a setup that doesn't require the global list, you should set
-"winbind scan trusted domains = no".
-
REMOVED FEATURES
================
-The two commands 'net serverid list' and 'net serverid wipe' have been
-removed, because the file serverid.tdb is not used anymore.
-
-'net serverid list' can be replaced by listing all files in the
-subdirectory "msg.lock" of Samba's "lock directory". The unique id
-listed by 'net serverid list' is stored in every process' lockfile in
-"msg.lock".
-
-'net serverid wipe' is not necessary anymore. It was meant primarily
-for clustered environments, where the serverid.tdb file was not
-properly cleaned up after single node crashes. Nowadays smbd and
-winbind take care of cleaning up the msg.lock and msg.sock directories
-automatically.
smb.conf changes
@@ -194,31 +27,12 @@ smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
- apply group policies New no
- auth methods Removed
- binddns dir New
- client schannel Default changed/ yes
- Deprecated
- gpo update command New
- ldap ssl ads Deprecated
- map untrusted to domain Removed
- oplock contention limit Removed
- prefork children New 1
- mdns name Added netbios
- fruit:time machine Added false
- profile acls Removed
- use spnego Removed
- server schannel Default changed/ yes
- Deprecated
- unicode Deprecated
- winbind scan trusted domains New yes
- winbind trusted domains only Removed
KNOWN ISSUES
============
-https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.8#Release_blocking_bugs
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs
#######################################
diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml
index ed10d61..1349654 100644
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -607,6 +607,61 @@
</refsect2>
<refsect2>
+ <title>visualize [options] <replaceable>subcommand</replaceable></title>
+ <para>Produce graphical representations of Samba network state.
+ To work out what is happening in a replication graph, it is sometimes
+ helpful to use visualisations.</para>
+
+ <para>
+ There are two subcommands, two graphical modes, and (roughly) two modes
+ of operation with respect to the location of authority.</para>
+
+ <refsect3><title>MODES OF OPERATION</title>
+ <varlistentry>
+ <term>samba-tool visualize ntdsconn</term>
+ <listitem><para>Looks at NTDS connections.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>samba-tool visualize reps</term>
+ <listitem><para>Looks at repsTo and repsFrom objects.
+ </para></listitem>
+ </varlistentry>
+ </refsect3>
+
+ <refsect3><title>GRAPHICAL MODES</title>
+ <varlistentry>
+ <term>--distance</term>
+ <listitem><para>Distances between DCs are shown in a matrix in
+ the terminal.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--dot</term>
+ <listitem><para>Generate Graphviz dot output. When viewed using
+ dot or xdot, this shows the network as a graph with DCs as
+ vertices and connections edges. Certain types of degenerate
+ edges are shown in different colours or line-styles.
+ </para></listitem>
+ </varlistentry>
+ </refsect3>
+
+ <varlistentry>
+ <term>-r</term>
+ <listitem><para>Normally, <command>samba-tool</command> talks
+ to one database; with the <arg choice="opt">-r</arg> option
+ attempts are made to contact all the DCs known to the first
+ database. This is necessary to get sensible results from
+ <command>samba-tool visualize reps</command> because the
+ repsFrom/To objects are not replicated, and it can reveal
+ replication issues in other modes.
+ </para></listitem>
+ </varlistentry>
+</refsect2>
+
+<refsect2>
<title>help</title>
<para>Gives usage information.</para>
</refsect2>
@@ -627,8 +682,6 @@
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
-
- <para>The samba-tool manpage was written by Karolin Seeger.</para>
</refsect1>
</refentry>
diff --git a/selftest/tests.py b/selftest/tests.py
index 126e118..b2d1a67 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -65,6 +65,7 @@ planpythontestsuite("none", "samba.tests.dcerpc.integer")
planpythontestsuite("none", "samba.tests.param", py3_compatible=True)
planpythontestsuite("none", "samba.tests.upgrade")
planpythontestsuite("none", "samba.tests.core", py3_compatible=True)
+planpythontestsuite("none", "samba.tests.common")
planpythontestsuite("none", "samba.tests.provision")
planpythontestsuite("none", "samba.tests.password_quality")
planpythontestsuite("none", "samba.tests.samba3")
--
Samba Shared Repository
More information about the samba-cvs
mailing list