[ANNOUNCE] Samba 4.0.0 TP 5

Andrew Bartlett abartlet at samba.org
Fri Jun 8 00:44:03 GMT 2007

We've just released the fifth technology preview release of Samba 4. 

About Samba 4

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

While we welcome your interest in Samba 4, we don't want you to run your
network with it quite yet. Please note the WARNINGS below, and the
STATUS file, which aims to document what should and should not work.

With over 4 years of development under our belt since Tridge first
proposed a new Virtual File System (VFS) layer for Samba3 (a project
which eventually lead to our Active Directory efforts), we felt that we
should create something we could 'show off' to our users.  This is a
Technology Preview (TP), aimed at allowing you, our users, managers and
developers to see how we have progressed, and to invite your feedback
and support.

Samba4 TP is currently a pre-alpha technology.  That is more a
reference to Samba4's lack of the features we expect you will need
than a statement of code quality, but clearly it hasn't seen a broad
deployment yet.  If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.

For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller: (This is
where we have done most of the research and development).

While Samba4 is subjected to an awesome battery of tests on an
automated basis, and we have found Samba4 to be very stable in it's
behaviour, we have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage.  If you are upgrading an
experimental server, or looking to develop and test Samba, you should
backup all configuration and data.

As we research the needs of Active Directory integration more closely,
we may need to change the format of the user database, but until we make
an alpha release, we won't do any upgrades this automatically.  Indeed,
many module changes are simply easier to cope with if you just
re-provision after the upgrade.

We value the security of your computers, and so we must warn you that
Samba 4 Technology Preview includes basic Access Control List (ACL)
protection on the main user database, but due to time constraints,
none on the registry at this stage.  We also do not currently have
ACLs on the SWAT web-based management tool. This means that Samba 4
Technology Preview is not secure, and should not be exposed to
untrusted networks.

Within the above proviso, file system access should occur as the
logged in user, much as Samba3 does.

As such, we must strongly recommend against using Samba4 in a
production environment at this stage.


'Samba4 TP5' presents you with a snapshot into Samba4's ongoing
development, as we move towards our first alpha releases.  This
Technology Preview (TP) is a snapshot of Samba4's development, as at June

In the time since TP4 was released in January 2007, Samba has
continued to evolve, but you may particularly notice these areas:

  Work has continued on SWAT, the the libnet API behind it.  These we
  hope will grow into a full web-based management solution for both
  local and remote Samba and windows servers.

  The DRSUAPI research effort has largely concluded, and an initial
  implementation of AD replication is present, included in torture
  test-cases.  This includes the decryption of the AD passwords, which
  were specially and separately encrypted.  This should be recognised
  as vital milestone.

  Likewise, the LDAP Backend project has moved from a research
  implementation into something that can be easily deployed outside
  the test infrastructure.

  Testing has been an area of great work, with renewed vigour to
  increase our test coverage over the past few months.  In doing so,
  we now demonstrate PKINIT and many other aspects of kerberos, as
  well as command-line authentication handling in our testsuite.

  The testsuite infrastructure has been rewritten in perl and
  extended, to setup multiple environments: allowing testing of the
  domain member, as well as the domain controller, roles.  Samba4's
  initial implementation of winbind has been revived, to fill in these

  In clustering, work on CTDB (an implementation of a clustered Samba)
  has moved ahead very well, but the current code has not
  been merged into Samba4 in time for this release.

  To support better management, we have investigated group policy
  support, and include the infrastructure required.  Unfortunately
  without MMC write support, you will need to place the polices into
  the directory by hand.

As we move forward, we have many of the features we feel are required
for a Samba4 Alpha.  Similarly, we know enough about the data
formats (particularly those that are encrypted) to be confident that
we won't need to change the LDB format.  Our plan is to publish a
Samba4 alpha in the next few months.

These are just some of the highlights of the work done in the past few
months.  More details can be found in our SVN history.

Download Details

The release tarball is available from the following location:

 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0tp5.tar.gz

This release has been signed using GPG with Andrew's GPG key (28B436BB).

 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0tp5.tar.asc

To verify that the signature is correct, make sure that the tarball has
been unzipped and run:

$ gpg --verify samba-4.0.0tp5.tar.asc

We are also planning on making Debian packages available. No packages
for other distributions are planned at the moment.


A short guide to setting up Samba 4 can be found on

Development and Feedback
Bugs can be filed at https://bugzilla.samba.org/. Please
look at the STATUS file before filing a bug to see if a particular
is supposed to work yet.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for

Happy testing!

The Samba team

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070608/58972c2c/attachment.bin

More information about the samba-technical mailing list