[Release Planning 4.6] Samba 4.6.0 scheduled for March 7

Uri Simchoni uri at samba.org
Thu Nov 24 12:01:57 UTC 2016 

On 11/24/2016 12:11 PM, Rowland Penny wrote:
> 
> Wouldn't it be an idea to list the encryption types that can be set and
> provide an example other than 'all' ?
> 
> Rowland
> 

Hopefully the attached version strikes a better balance between brevity
and providing of useful information (the information is also in the man
page).

Thanks,
Uri
-------------- next part --------------
From 8dbdaeb0dc0c89a30bcef2eb905c0efe141da22f Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Wed, 10 Aug 2016 08:38:30 +0300
Subject: [PATCH v2 1/2] WHATSNEW: document kerberos encryption types

Signed-off-by: Uri Simchoni <uri at samba.org>
---
 WHATSNEW.txt | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6b96cae..09f9384 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,21 @@ UPGRADING
 NEW FEATURES/CHANGES
 ====================
 
+kerberos client encryption types
+--------------------------------
+Some parts of Samba (most notably winbindd) perform Kerberos client
+operations based on a Samba-generated krb5.conf file. A new
+parameter, "kerberos encryption types" allows configuring the
+encryption types set in this file, thereby allowing the user to
+enforce strong or legacy encryption in Kerberos exchanges.
+
+The default value of "all" is compatible with previous behavior, allowing
+all encryption algorithms to be negotiated. Setting the parameter to "strong"
+only allows AES-based algorithms to be negotiated. Setting the parameter to
+"legacy" allows only RC4-HMAC-MD5 - the legacy algorithm for Active Directory.
+This can solves some corner cases of mixed environments with Server 2003R2 and
+newer DCs.
+
 
 REMOVED FEATURES
 ================
@@ -26,6 +41,7 @@ smb.conf changes
 
   Parameter Name                Description             Default
   --------------                -----------             -------
+  kerberos encryption types     New                     all
 
 
 KNOWN ISSUES
-- 
2.9.3


From fc0ccb969914c09eb7db56f628c4151f8a16b454 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Wed, 10 Aug 2016 08:38:59 +0300
Subject: [PATCH v2 2/2] WHATSNEW: document new inherit owner option

Signed-off-by: Uri Simchoni <uri at samba.org>
---
 WHATSNEW.txt | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 09f9384..6778a0a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -32,6 +32,16 @@ This can solves some corner cases of mixed environments with Server 2003R2 and
 newer DCs.
 
 
+new option for owner inheritance
+--------------------------------
+The "inherit owner" smb.conf parameter instructs smbd to set the
+owner of files to be the same as the parent directory's owner.
+Up until now, this parameter could be set to "yes" or "no".
+A new option, "unix only", enables this feature only for the UNIX owner
+of the file, not affecting the SID owner in the Windows NT ACL of the
+file. This can be used to emulate something very similar to folder quotas.
+
+
 REMOVED FEATURES
 ================
 
@@ -42,6 +52,7 @@ smb.conf changes
   Parameter Name                Description             Default
   --------------                -----------             -------
   kerberos encryption types     New                     all
+  inherit owner                 New option
 
 
 KNOWN ISSUES
-- 
2.9.3

More information about the samba-technical mailing list