[ANNOUNCE] Samba 4 alpha 13

Jelmer Vernooij jelmer at samba.org
Mon Sep 20 16:15:36 MDT 2010

We are happy to announce the release of another alpha of Samba 4. We
plan to release take less time to release the next alpha than we took
for this one. 

What's new in Samba 4 alpha13

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.x series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

Samba4 alpha13 follows on from the alpha release series we have been
publishing since September 2007. Since this file has referred to alpha
12 for a while before any release happened and since Debian packages
have been published that presumed the existence of a alpha12 release
we are skipping alpha12 and going straight to alpha13.


Samba4 alpha13 is not a final Samba release.  That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet.  If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.

For example, while Samba 3 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller, and it is
in this role where it has seen deployment into production.

Samba4 is subjected to an awesome battery of tests on an
automated basis, we have found Samba4 to be very stable in it's
behaviour. We have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage, because there may be the features
on which you may rely that are not present, or the mapping of
your configuration and user database may not be complete.

If you are upgrading, or looking to develop, test or deploy Samba4, you
should backup all configuration and data.


Samba4 supports the server-side of the Active Directory logon
environment used by Windows 2000 and later, so we can do full domain
join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we

The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations.  This includes file
annotation information (in streams) and NT ACLs in particular.  The
VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.

The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends.  One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large


We have continued our commitment to provide a full DRS implementation
for our AD implementation and therefore achieved also this time big
steps forward.

Our progress on DRS is being tracked in the Samba wiki:

A lot of other changes have made it into this release. Among other

* a new build system based on WAF
Andrew Tridgell (tridge) invested much time to bring this up. He
achieved a marvellous work which brings us faster building, easier
management and smaller binaries.

* enhancements in Samba4 winbind to provide a fairly good implementation
of the most important functions needed by "libnss_winbind" and
"pam_winbind" These two components allow a user/group mapping for
Windows accounts on UNIX and UNIX-like systems. Therefore also these
accounts can be used to connect to services as "ssh", "login",
"Xsession" and so on. More informations available at
http://wiki.samba.org/index.php/Samba4/Winbind and for winbind in
general, "libnss_winbind" and "pam_winbind" in the Samba 3.X

* server side NT ACLs manipulation
These can now also be set on the command line directly on the server.
See "net acl" for further informations.

* dynamic DNS updates
Up-to-date DNS entries are essential for Active Directory deployments.
As for the moment Samba4 isn't yet capable to interoperate with
Microsofts AD DNS server (regarding RPCs, ADs zone entries...) a kind of
update script has been developed. It also permits the update of the
"grant" and "resource" lists.

* registry improvements
The registry code was reworked, improved and retested. This was achieved
by the new torture tests written by gd and some additional testing
against Windows ("regedit" - Windows Registry Editor and "regedt32" -
Windows NT Registry Editor). Also some real bugs were fixed.

* new Kerberos HEIMDAL release
Andrew Bartlett (abartlet) imported a new release with various bugfixes

* DCE/RPC code unification work
Stefan Metzmacher (metze) has worked on further unifying these codebases
between s3 and s4

* And much more
We always try to fix bugs and keep improving the (source) quality of our


Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.


- Domain member support is in it's infancy, and is not comparable to
  the support found in Samba3.

- There is no printing support in the current release.

- There is no NetBIOS browsing support in the current release

- The Samba4 port of the CTDB clustering support is not yet complete

- Clock Synchronisation is critical.  Many 'wrong password' errors are
  actually due to Kerberos objecting to a clock skew between client
  and server.  (The NTP work in the previous alphas are partly to assist
  with this problem).

- The DRS replication code often fails, and is very new

- Users upgrading existing databases to Samba4 should carefully
  consult upgrading-samba4.txt.  We have made a number of changes in
  this release that should make it easier to upgrade in future.
  Btw: there exists also a script under the "setup" directory of the
  source distribution called "upgrade_from_s3" which should allow a  
  step-up from Samba3 to Samba4. 


A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.


We need your help! Projects as Samba 4 live from the community feedback.
If you provide expressive bug reports, some documentation snippets on
the wiki or some real code patches - all is appreciated if it meets our
quality criterias. Here you can find further references:

Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.

The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for

Download Details

The release tarball is available from the following location:
 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha13.tar.gz

This release has been signed using GPG with Jelmer's GPG keys (1EEF5276
and D729A457).

 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha13.tar.asc

To verify that the signature is correct, make sure that the tarball has
been unzipped and run:

$ gpg --verify samba-4.0.0alpha13.tar.asc

Happy testing!

The Samba team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100920/fee44a04/attachment.pgp>

More information about the samba-technical mailing list