Samba 3.0.23c Available for Download
Gerald (Jerry) Carter
jerry at samba.org
Fri Sep 1 12:08:45 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
"I think we just hit thread level Orange."
This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. Please read the changes in this section and for the
original 3.0.23 release regarding new features and difference
in behavior from previous releases.
We would like to thank the developers of the Saturn code analysis
tool from Stanford University (http://glide.stanford.edu/saturn).
This release includes several code fixes based on its reports.
Common bugs fixed in 3.0.23c include:
o Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
o Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
RID Algorithms & Passdb
Starting with the 3.0.23c release, the officially supported
passdb backends (smbpasswd, tdbsam, and ldapsam) now operate
identically with regards to the historical RID algorithm for
unmapped users and groups (i.e. accounts not in the passdb
or group mapping table). The resulting behavior is that all
unmapped users are resolved to a SID in the S-1-22-1 domain
and all unmapped groups resolve to a SID in the S-1-22-2
domain. Previously, when using the smbpasswd passdb, such
users and groups would resolve to an algorithmic SID in the
machine's own domain (S-1-5-XX-XX-XX). However, the smbpasswd
backend still utilizes the RID algorithm when creating new
user accounts or allocating a RID for a new group mapping
With the changes in the 3.0.23c release, it is now possible
to resolve a uid/gid, name, or SID in any direction and always
obtain a symmetric mapping. This is important so that values
for smb.conf parameters such as "valid users" resolve to the
same SIDs as those included in the local user's initial token.
Most installations will notice no change. However, because
an unmapped account's SID will now change even when using
smbpasswd it is possible that any security descriptors on files
previously copied from a Samba host to a Windows NTFS partition
may now fail to give access. The workaround is to either
manually map all affect groups (or add impacted users to the
server's passdb) or to manually reset the file's ACL.
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 157BC95E). The source code can be
The release notes are available online at:
Binary packages are available at
Our Code, Our Bugs, Our Responsibility.
The Samba Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical