[ANNOUNCE] Samba 4.0.0 TP 4
jelmer at samba.org
Wed Jan 31 11:31:11 GMT 2007
We've just released the fourth technology preview release of Samba 4.
About Samba 4
Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet. Please note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work.
With 4 years of development under our belt since Tridge first proposed
a new Virtual File System (VFS) layer for Samba3 (a project which
eventually lead to our Active Directory efforts), we felt that we
should create something we could 'show off' to our users. This is a
Technology Preview (TP), aimed at allowing you, our users, managers and
developers to see how we have progressed, and to invite your feedback and
Samba4 TP is currently a pre-alpha technology. That is more a
reference to Samba4's lack of the features we expect you will need
than a statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.
For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller: (This is
where we have done most of the research and development).
While Samba4 is subjected to an awesome battery of tests on an
automated basis, and we have found Samba4 to be very stable in it's
behaviour, we have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage. If you are upgrading an
experimental server, or looking to develop and test Samba, you should
backup all configuration and data.
As we research the needs of Active Directory integration more closely,
we may need to change the format of the user database, in particular
as we begin to understand how the attributes are generated and stored.
At a worst case, we expect users will be able to extract the stored
data as LDIF and hand munge it, but until we make an alpha release, we
won't do this automatically. Indeed, many module changes are simply
easier to cope with if you just re-provision after the upgrade.
We value the security of your computers, and so we must warn you that
Samba 4 Technology Preview includes basic Access Control List (ACL)
protection on the main user database, but due to time constraints,
none on the registry at this stage. We also do not currently have
ACLs on the SWAT web-based management tool. This means that Samba 4
Technology Preview is not secure, and should not be exposed to
Within the above proviso, file system access should occur as the
logged in user, much as Samba3 does.
As such, we must strongly recommend against using Samba4 in a
production environment at this stage.
'Samba4 TP4' presents you with an opportunity to see a Technology
Preview (TP) snapshot of Samba4's development, as at January 2007.
In the last few months since TP3 was released in October 2006,
significant work has been done across many parts of Samba4. Since that
time, we have added the basis for some new and exciting features:
PKINIT support to Samba4's KDC will allow, smart-card login to a
Samba4 domain. TP4 demonstrates this with static key files, but
work will continue to enable actual hardware cards.
Clustering support was always a design goal of Samba4, and with TP4
we have the ctdb framework, a cluster-aware shared database. This
allows Samba4 to share a shared cluster file-system with it's
Presented at this year's linux.conf.au, including a highly rigged
demo, you can expect to see this mature over the next few months.
Non-blocking and Asynchronous IO support, has always been a design
goal in Samba4, and TP4 will use new Linux Kernel features to
implement event driven asynchronous IO. This makes Samba more
efficient on systems where some data may be 'further away' than a
local disk, such as HSM systems. This allows the Kernel to handle
reading the returned data from the disk, only notifying Samba when
the data is ready for dispatch to the client.
Our web-management console, known as SWAT, is being revamped, and in
TP4 you can find a new Web 2.0 style user interface, being used to
support a web-based ldb browser. We hope this new system will allow
things simple not possible with the form-submit style of web
Using LDB LDAP back-end integration has improved in this release, with
improved mapping module allowing the start of Fedora DS back-end
In continuing our research effort, TP4 includes the work to better
understand and implement the DRSUAPI replication protocols. By better
understanding the needs of replication now, we can structure our
databases so that their format will have to change less in future.
We hope to use this replication function to replace the SamSync based
Vampire process so effectively demonstrated since TP1, and to
eventually join an Active Directory domain, as a replicating partner.
Behind the scenes, much of the core infrastructure of Samba4 continues
In Kerberos, we have continued to track the development of the
Heimdal Kerberos implementation, and reduce the custom diff between
our branch and upstream. Heimdal now provides plug-in APIs for
almost all of the hooks we need, including management and validation
of the PAC.
In testing, our test infrastructure has undergone a quiet
revolution, as we improve our unit test framework. Likewise, the
tests themselves have continued to expand, as we follow our
test-driven development pattern.
In providing an abstraction above our raw RPC layer, the libnet
library continues to expand, becoming a C and JS management API for
Samba4 and remote servers.
To ensure that, as an administrator and developer, you can easily
read and edit our internal databases, our LDB layer has been
optimised for speed. The aim here is to avoid needing to use the
more opaque, TDB layer.
These are just some of the highlights of the work done in the past few
months. More details can be found in our SVN history.
The release tarball is available from the following location:
This release has been signed using GPG with Jelmers' GPG key (1EEF5276).
To verify that the signature is correct, make sure that the tarball has
been unzipped and run:
$ gpg --verify samba-4.0.0tp4.tar.asc
We are also planning on making Debian packages available for this
release later this week. No packages for other distributions are planned
at the moment.
A short guide to setting up Samba 4 can be found on
Development and Feedback
Bugs can be filed at https://bugzilla.samba.org/. Please
look at the STATUS file before filing a bug to see if a particular
is supposed to work yet.
Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
The Samba team
Jelmer Vernooij <jelmer at samba.org> - http://samba.org/~jelmer/
More information about the samba-technical