[ANNOUNCE] Samba 4.0.0 TP 4

Jelmer Vernooij jelmer at samba.org
Wed Jan 31 11:31:11 GMT 2007

We've just released the fourth technology preview release of Samba 4. 

About Samba 4

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet. Please note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work.

With 4 years of development under our belt since Tridge first proposed
a new Virtual File System (VFS) layer for Samba3 (a project which
eventually lead to our Active Directory efforts), we felt that we
should create something we could 'show off' to our users.  This is a
Technology Preview (TP), aimed at allowing you, our users, managers and
developers to see how we have progressed, and to invite your feedback and

Samba4 TP is currently a pre-alpha technology.  That is more a
reference to Samba4's lack of the features we expect you will need
than a statement of code quality, but clearly it hasn't seen a broad
deployment yet.  If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.

For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller: (This is
where we have done most of the research and development).

While Samba4 is subjected to an awesome battery of tests on an
automated basis, and we have found Samba4 to be very stable in it's
behaviour, we have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage.  If you are upgrading an
experimental server, or looking to develop and test Samba, you should
backup all configuration and data.

As we research the needs of Active Directory integration more closely,
we may need to change the format of the user database, in particular
as we begin to understand how the attributes are generated and stored.
At a worst case, we expect users will be able to extract the stored
data as LDIF and hand munge it, but until we make an alpha release, we
won't do this automatically.  Indeed, many module changes are simply
easier to cope with if you just re-provision after the upgrade.

We value the security of your computers, and so we must warn you that
Samba 4 Technology Preview includes basic Access Control List (ACL)
protection on the main user database, but due to time constraints,
none on the registry at this stage.  We also do not currently have
ACLs on the SWAT web-based management tool. This means that Samba 4
Technology Preview is not secure, and should not be exposed to
untrusted networks.

Within the above proviso, file system access should occur as the
logged in user, much as Samba3 does.

As such, we must strongly recommend against using Samba4 in a
production environment at this stage.


'Samba4 TP4' presents you with an opportunity to see a Technology
Preview (TP) snapshot of Samba4's development, as at January 2007.

In the last few months since TP3 was released in October 2006,
significant work has been done across many parts of Samba4.  Since that
time, we have added the basis for some new and exciting features:

  PKINIT support to Samba4's KDC will allow, smart-card login to a
  Samba4 domain.  TP4 demonstrates this with static key files, but
  work will continue to enable actual hardware cards.

  Clustering support was always a design goal of Samba4, and with TP4
  we have the ctdb framework, a cluster-aware shared database.  This
  allows Samba4 to share a shared cluster file-system with it's
  Presented at this year's linux.conf.au, including a highly rigged
  demo, you can expect to see this mature over the next few months.

  Non-blocking and Asynchronous IO support, has always been a design
  goal in Samba4, and TP4 will use new Linux Kernel features to
  implement event driven asynchronous IO.  This makes Samba more
  efficient on systems where some data may be 'further away' than a
  local disk, such as HSM systems.  This allows the Kernel to handle
  reading the returned data from the disk, only notifying Samba when
  the data is ready for dispatch to the client. 

  Our web-management console, known as SWAT, is being revamped, and in
  TP4 you can find a new Web 2.0 style user interface, being used to
  support a web-based ldb browser.  We hope this new system will allow
  things simple not possible with the form-submit style of web

  Using LDB LDAP back-end integration has improved in this release, with
  improved mapping module allowing the start of Fedora DS back-end

In continuing our research effort, TP4 includes the work to better
understand and implement the DRSUAPI replication protocols.  By better
understanding the needs of replication now, we can structure our
databases so that their format will have to change less in future.

We hope to use this replication function to replace the SamSync based
Vampire process so effectively demonstrated since TP1, and to
eventually join an Active Directory domain, as a replicating partner.

Behind the scenes, much of the core infrastructure of Samba4 continues

  In Kerberos, we have continued to track the development of the
  Heimdal Kerberos implementation, and reduce the custom diff between
  our branch and upstream.  Heimdal now provides plug-in APIs for
  almost all of the hooks we need, including management and validation
  of the PAC.

  In testing, our test infrastructure has undergone a quiet
  revolution, as we improve our unit test framework.  Likewise, the
  tests themselves have continued to expand, as we follow our
  test-driven development pattern.

  In providing an abstraction above our raw RPC layer, the libnet
  library continues to expand, becoming a C and JS management API for
  Samba4 and remote servers.

  To ensure that, as an administrator and developer, you can easily
  read and edit our internal databases, our LDB layer has been
  optimised for speed.  The aim here is to avoid needing to use the
faster, but
  more opaque, TDB layer.  

These are just some of the highlights of the work done in the past few
months.  More details can be found in our SVN history.

Download Details

The release tarball is available from the following location:

 * http://us1.samba.org/samba/ftp/samba4/samba-4.0.0tp4.tar.gz

This release has been signed using GPG with Jelmers' GPG key (1EEF5276).

 * http://us1.samba.org/samba/ftp/samba4/samba-4.0.0tp4.tar.asc

To verify that the signature is correct, make sure that the tarball has
been unzipped and run:

$ gpg --verify samba-4.0.0tp4.tar.asc

We are also planning on making Debian packages available for this
release later this week. No packages for other distributions are planned
at the moment.


A short guide to setting up Samba 4 can be found on

Development and Feedback
Bugs can be filed at https://bugzilla.samba.org/. Please
look at the STATUS file before filing a bug to see if a particular
is supposed to work yet.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for

Happy testing!

The Samba team

Jelmer Vernooij <jelmer at samba.org> - http://samba.org/~jelmer/

More information about the samba-technical mailing list