Luke Kenneth Casson Leighton lkcl at
Mon Apr 10 02:53:41 GMT 2000


- fixed smbd for win95-style profile-locating (it now works, thank you to
everyone who sent in log files to get this fixed)

- various modes tested and confirmed as working:

    security = user
    encrypt passwords = yes
    domain master = no
    domain logons = no

    security = user
    encrypt passwords = yes
    domain master = yes
    domain logons = yes

    security = domain
    password server = PDC [BDC1 BDC2...]
    encrypt passwords = yes
    domain master = no
    domain logons = no

- modes NOT tested recently:

    security = user
    password server = PDC
    encrypt passwords = yes
    domain master = no
    domain logons = yes

- a reminder that in this version of TNG, smbd, spoolssd and nmbd are now
up-to-date from cvs main.  oh, and they work.  we _have_ had one report of
a coredump from smbd for an oplock issue [REALLY important to track this
down, people!]

- i am also impressed (even though i wrote it) that pam_ntdom actually
works.  just for fun, i added an account named DOMAIN\administrator to
/etc/passwd yesterday, and was stunned to find that it actually worked.  
i typed in DOMAIN\administrator, and password of test, and got a login
prompt.  in combination with winbindd, this is going to be great.  it's
_such_ a pity that not many more OSes support PAM, oh well.

anyway, here follows a copy of the WHATSNEW.txt file, which i thought
you'd appreciate.

all the best,

luke (samba team)

          WHATS NEW IN Samba (The Next Generation) 2.2

This is an ALPHA release of Samba TNG, the UNIX based SMB/CIFS file,
print and login server for Windows systems.

This release is to enlist the help of people who are unable to use
cvs ( in a major development project to
integrate Samba into a Windows NT (tm) Domain environment - the
NT Domains for Unix project.

If you are running Windows 9x and do not forsee the need for or
need to use any Windows NT Workstations on your network in the near
future, you will not need Samba TNG or any of its functionality,
and your assistance is not being solicited in the development of
this project.

[lkcl: There is, however, a large enough Windows 9x user-base
to warrant ensuring that Samba TNG remains compatible, it's just that
personally i will not touch it with a ten foot barge pole (I got
as far as setting up a vmware session called win98, and it's still
empty).  This is a personal view, not held by any other Samba
Team members who are cracking the whip in my direction, and I
keep getting into trouble over this.  I apologise sincerely and
wholeheartedly to all Windows 9x users for any offense and
inconvenience I may have caused to anyone using this stupid OS.]

Major changes in Samba TNG

There are many major changes in Samba TNG.  Here are some of them:

1). Windows NT (tm) Primary Domain Controller compatibility

Samba TNG can act as a Primary Domain Controller to Windows NT 3.5,
4.0 and 5.0 (in 4.0 backwards-compatible mode) Workstations.  Backup
Domain Controller and Inter-Domain Trust Relationships are at an
early, but functional and very hands-on, stage.

2). Support for Windows NT (tm) Administrative tools

Significant in-roads have been made into providing support for at least
the following Windows NT (tm) tools and services:

- User Manager for Domains
- Server Manager for Domains
- Event Log
- Service Control Manager
- Registry Editor
- Command Scheduler
- NT-style Printing

A command-line tool named rpcclient, with a command-syntax similar to
smbclient, has over sixty five commands that provide equivalent
functionality for the same Windows NT (tm) Administrative tools,
including the ability to remotely shut down a Windows NT (tm) Server.

rpcclient has now been joined by net, samedit, regedit, ntspool,
eventlog, lsa, cmdat and svccontrol.  If anyone can think of better
names for these, suggestions are welcomed.

3). Portability

Samba is now self-configuring using GNU autoconf and libtool, removing
the need for people installing Samba to have to hand-configured
Makefiles, as was needed in previous versions.

You now configure Samba by running "./configure" then "make".  See
docs/textdocs/UNIX_INSTALL.txt for details.

The use of libtool dramatically reduces the size of samba binaries.
As we are using libtool in a slightly different way from usual,
you may encounter run-time or compilation errors, so please report
them to us.

4). New SAM Database Daemons

The SAM database daemon, samrd, is being considered "legacy", and
the aim is to replace it.  To this end, some new SAM database
daemons are being developed - samrtdbd and samrnt5ldapd.
They will need to be run with their counterparts, netlogontdbd or
netlogonnt5ldapd.  None of these are built as part of the standard
make, they have to be explicitly built because they are in
development: samrd and lsarpcd are compiled by default.

5). pam_ntdom and winbindd

The Windows Bind Daemon and the Plugin Authentication Module for NT
Domains are now part of the Samba TNG Development effort.  

winbindd presents, when installed using nsswitch, a unix-like view
of a Windows NT Domain environment, allowing Unix applications and
the Unix Operating system to enumerate NT users, groups and aliases
as Unix users and groups.

pam_ntdom, when installed as part of a PAM-enabled Unix Authentication
system, allows Unix users to be authenticated against a Windows NT
Domain environment.

@begin marketing-speak
	" The powerful combination of winbindd and pam_ntdom allows Unix
	  to be integrated seamlessly into Windows NT Domain environments,
	  which moves us closer to the Holy Grail of 'Single Sign-on'. "
@end marketing-speak


NOTE - Some important information

Samba TNG up to alpha-0.3 required that the samba server be joined.
to its own Domain.  This requirement has been removed.

It is important that you read the source/README file for
instructions, and it is recommended that you join samba-ntdom at
for update information and status reports.  For details, please see:


NOTE - Primary Domain Controller Functionality

This version of Samba contains code that correctly implements
the undocumented Primary Domain Controller authentication
protocols.  However, there is much more to being a Primary
Domain Controller than serving Windows NT logon requests.

A useful version of a Primary Domain Controller contains
many remote procedure calls to do things like enumerate users, 
groups, and security information, 98% of which Samba TNG currently

This work is being done in the CVS (developer) versions of Samba,
development of which continues at a fast pace.  If you are
interested in participating in or helping with this development
please join the Samba-NTDOM mailing list.  Details on joining
are available at :

Details on obtaining CVS (developer) versions of Samba
are available at:

For this version, use a tag of SAMBA_TNG


NOTE - Known Bugs

It is *not* recommended that this version of Samba be run in a
production environment, for at least the following reasons:

1) The new MSRPC architecture forks() one MSRPC daemon per incoming
service request.  The msrpc daemon stays around for as long as
the remote server maintains a connection to it.  An investigation
is underway to attempt to minimise the number of outstanding
connections, because a *single* NT user logon can result in up to
5 or 6 msrpc daemons waiting around, doing nothing but take up
process table space.

Connection reuse has now been added and debugged: the number of
incoming connections is reduced but still fairly large.


If you have problems, or think you have found a bug please email 
a full, detailed report to:

        samba-technical at

As always, all bugs are our responsibility.


        The Samba Team.  

More information about the samba-ntdom mailing list