[Samba] [Announce] Samba 4.10.0rc1 Available for Download
Anoop C S
anoopcs at cryptolab.net
Mon Jan 21 10:10:08 UTC 2019
On Mon, 2019-01-21 at 09:44 +0100, Karolin Seeger via samba wrote:
> Release Announcements
> =====================
>
> This is the first release candidate of Samba 4.10. This is *not*
> intended for production environments and is designed for testing
> purposes only. Please report any defects via the Samba bug reporting
> system at https://bugzilla.samba.org/.
>
> Samba 4.10 will be the next version of the Samba suite.
>
>
> UPGRADING
> =========
>
>
> NEW FEATURES/CHANGES
> ====================
>
> GPO Improvements
> ----------------
>
> A new 'samba-tool gpo export' command has been added that can export
> a
> set of Group Policy Objects from a domain in a generalised XML
> format.
>
> A corresponding 'samba-tool gpo restore' command has been added to
> rebuild the Group Policy Objects from the XML after generalization.
> (The administrator needs to correct the values of XML entities
> between
> the backup and restore to account for the change in domain).
>
> kdc prefork
> -----------
>
> The KDC now supports the pre-fork process model and worker processes
> will be
> forked for the KDC when the pre-fork process model is selected for
> samba.
>
> prefork 'prefork children'
> --------------------------
>
> The default value for this smdb.conf parameter has been increased
> from 1 to
> 4.
>
> netlogon prefork
> ----------------
>
> DCERPC now supports pre-forked NETLOGON processes. The netlogon
> processes are
> pre-forked when the prefork process model is selected for samba.
>
> Offline domain backups
> ----------------------
>
> The 'samba-tool domain backup' command has been extended with a new
> 'offline'
> option. This safely creates a backup of the local DC's database
> directly from
> disk. The main benefits of an offline backup are it's quicker, it
> stores more
> database details (for forensic purposes), and the samba process does
> not have
> to be running when the backup is made. Refer to the samba-tool help
> for more
> details on using this command.
>
> Group membership statistics
> ---------------------------
>
> A new 'samba-tool group stats' command has been added. This provides
> summary
> information about how the users are spread across groups in your
> domain.
> The 'samba-tool group list --verbose' command has also been updated
> to include
> the number of users in each group.
>
> prefork process restart
> -----------------------
>
> The pre-fork process model now restarts failed processes. The delay
> between
> restart attempts is controlled by the "prefork backoff increment"
> (default = 10)
> and "prefork maximum backoff" (default = 120) smbd.conf
> parameters. A linear
> back off strategy is used with "prefork backoff increment" added to
> the
> delay between restart attempts up until it reaches "prefork maximum
> backoff".
>
> Using the default sequence the restart delays (in seconds) are:
> 0, 10, 20, ..., 120, 120, ...
>
> standard process model
> ----------------------
>
> When using the standard process model samba forks a new process to
> handle ldap
> and netlogon connections. Samba now honours the 'max smbd processes'
> smb.conf
> parameter. The default value of 0, indicates there is no limit. The
> limit
> is applied individually to netlogon and ldap. When the process limit
> is
> exceeded Samba drops new connections immediately.
>
> python3 support
> ---------------
>
> The version of python which is now the default for samba is python3.
> 'configure' & 'make' will execute using python3. It is possible to
> still
> specify an additional python version with '--extra-python'
> e.g. '--extra-python=/usr/bin/python2'. It should be noted that
> support for
> this option will be deprecated in a future release.
>
> What if I need to build with python2? To build with python2 you
> *must* set
> the 'PYTHON' environent variable to override the python3 default for
> both
> 'configure' and 'make' steps.
>
> 'PYTHON=python2 ./configure.developer'
> &
> 'PYTHON=python2 make'
>
> Note: Support for python2 (with the exception of a build configured
> with
> 'PYTHON=python2 ./configure --disable-python' and built with
> 'PYTHON=python2 make' will be deprecated in the next release.
missing a closing parenthesis? Patch attached if its OK to consider
now.
> JSON logging
> ------------
>
> Authentication messages now contain the Windows Event Id "eventId"
> and logon
> type "logonType". The supported event codes and logon types are:
> Event codes:
> 4624 Successful logon
> 4625 Unsuccessful logon
>
> Logon Types:
> 2 Interactive
> 3 Network
> 8 NetworkCleartext
>
> The version number for Authentication messages is now 1.1, changed
> from 1.0
>
> Password change messages now contain the Windows Event Id "eventId",
> the
> supported event Id's are:
> 4723 Password changed
> 4724 Password reset
>
> The version number for PasswordChange messages is now 1.1, changed
> from 1.0
>
> Group membership change messages now contain the Windows Event Id
> "eventId",
> the supported event Id's are:
> 4728 A member was added to a security enabled global group
> 4729 A member was removed from a security enabled global group
> 4732 A member was added to a security enabled local group
> 4733 A member was removed from a security enabled local group
> 4746 A member was added to a security disabled local group
> 4747 A member was removed from a security disabled local group
> 4751 A member was added to a security disabled global group
> 4752 A member was removed from a security disabled global group
> 4756 A member was added to a security enabled universal group
> 4757 A member was removed from a security enabled universal group
> 4761 A member was added to a security disabled universal group
> 4762 A member was removed from a security disabled universal group
>
>
> The version number for GroupChange messages is now 1.1, changed from
> 1.0. Also
> A GroupChange message is generated when a new user is created to log
> that the
> user has been added to their primary group.
>
> The leading "JSON <message type>:" and source file prefix of the
> JSON formatted
> log entries has been removed to make the parsing of the JSON log
> messages
> easier. JSON log entries now start with 2 spaces followed by an
> opening brace
> i.e. " {"
>
>
>
>
> REMOVED FEATURES
> ================
>
> MIT Kerberos build of the AD DC
> -------------------------------
>
> While not removed, the MIT Kerberos build of the Samba AD DC is still
> considered experimental. Because Samba will not issue security
> patches for this configuration, such builds now require the explicit
> configure option: --with-experimental-mit-ad-dc
>
> For further details see
> https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
>
> samba_backup
> ------------
>
> The samba_backup script has been removed. This has now been replaced
> by the
> 'samba-tool domain backup offline' command.
>
> smb.conf changes
> ================
>
> Parameter
> Name Description Default
> -------------- ----------- -----
> --
> prefork backoff increment Delay added to process restart 10
> (seconds)
> between attempts.
> prefork maximum backoff Maximum delay for process between 120
> (seconds)
> process restart attempts
> smbd search ask sharemode Name changed, old name was
> "smbd:search ask sharemode"
> smbd async dosmode Name changed, old name was
> "smbd:async dosmode"
> smbd max async dosmode Name changed, old name was
> "smbd:max async dosmode"
> smbd getinfo ask sharemode New: similar to "smbd search ask yes
> sharemode" but for SMB getinfo
>
> KNOWN ISSUES
> ============
>
> https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.10#Release_blocking_bugs
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track
> down
> the problem then you will probably be ignored. All bug reports
> should
> be filed under the Samba 4.1 and newer product in the project's
> Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> =====================================================================
> =
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> =====================================================================
> =
>
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded
> from:
>
> https://download.samba.org/pub/samba/rc/
>
> The release notes are available online at:
>
>
> https://download.samba.org/pub/samba/rc/samba-4.10.0rc1.WHATSNEW.txt
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
> --Enjoy
> The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-WHATSNEW-Add-missing-parenthesis.patch
Type: text/x-patch
Size: 853 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190121/b89dfaa7/0001-WHATSNEW-Add-missing-parenthesis.bin>
More information about the samba-technical
mailing list