[Samba] [Announce] Samba 4.3.0rc2 Available for Download

mourik jan heupink heupink at merit.unu.edu
Wed Aug 5 10:11:55 UTC 2015 

Cool new features!

On 08/04/2015 11:19 PM, Stefan Metzmacher wrote:
> Release Announcements =====================
> 
> This is the second release candidate of Samba 4.3.  This is *not* 
> intended for production environments and is designed for testing 
> purposes only.  Please report any defects via the Samba bug
> reporting system at https://bugzilla.samba.org/.
> 
> Samba 4.3 will be the next version of the Samba suite.
> 
> 
> UPGRADING =========
> 
> Nothing special.
> 
> 
> NEW FEATURES ============
> 
> Logging -------
> 
> The logging code now supports logging to multiple backends.  In 
> addition to the previously available syslog and file backends, the 
> backends for logging to the systemd-journal, lttng and gpfs have
> been added. Please consult the section for the 'logging' parameter
> in the smb.conf manpage for details.
> 
> Spotlight ---------
> 
> Support for Apple's Spotlight has been added by integrating with
> Gnome Tracker.
> 
> For detailed instructions how to build and setup Samba for
> Spotlight, please see the Samba wiki:
> <https://wiki.samba.org/index.php/Spotlight>
> 
> New FileChangeNotify subsystem ------------------------------
> 
> Samba now contains a new subsystem to do FileChangeNotify. The 
> previous system used a central database, notify_index.tdb, to
> store all notification requests. In particular in a cluster this
> turned out to be a major bottleneck, because some hot records need
> to be bounced back and forth between nodes on every change event
> like a new created file.
> 
> The new FileChangeNotify subsystem works with a central daemon per 
> node. Every FileChangeNotify request and every event are handled by
> an asynchronous message from smbd to the notify daemon. The notify
> daemon maintains a database of all FileChangeNotify requests in
> memory and will distribute the notify events accordingly. This
> database is asynchronously distributed in the cluster by the notify
> daemons.
> 
> The notify daemon is supposed to scale a lot better than the
> previous implementation. The functional advantage is cross-node
> kernel change notify: Files created via NFS will be seen by SMB
> clients on other nodes per FileChangeNotify, despite the fact that
> popular cluster file systems do not offer cross-node inotify.
> 
> Two changes to the configuration were required for this new
> subsystem: The parameters "change notify" and "kernel change
> notify" are not per-share anymore but must be set globally. So it
> is no longer possible to enable or disable notify per share, the
> notify daemon has no notion of a share, it only works on absolute
> paths.
> 
> New SMB profiling code ----------------------
> 
> The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb
> instead of sysv IPC shared memory. This avoids performance problems
> and NUMA effects. The profile stats are a bit more detailed than
> before.
> 
> Improved DCERPC man in the middle detection for kerberos 
> --------------------------------------------------------
> 
> The gssapi based kerberos backends for gensec have support for 
> DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
> 
> SMB signing required in winbindd by default 
> -------------------------------------------
> 
> The effective value for "client signing" is required by default for
> winbindd, if the primary domain uses active directory.
> 
> Experimental NTDB was removed -----------------------------
> 
> The experimental NTDB library introduced in Samba 4.0 has been 
> removed again.
> 
> Improved support for trusted domains (as AD DC) 
> -----------------------------------------------
> 
> The support for trusted domains/forests has improved a lot.
> 
> samba-tool got "domain trust" subcommands to manage trusts:
> 
> create      - Create a domain or forest trust. delete      - Delete
> a domain trust. list        - List domain trusts. namespaces  -
> Manage forest trust namespaces. show        - Show trusted domain
> details. validate    - Validate a domain trust.
> 
> External trusts between individual domains work in both ways 
> (inbound and outbound). The same applies to root domains of a
> forest trust. The transitive routing into the other forest is fully
> functional for kerberos, but not yet supported for NTLMSSP.
> 
> While a lot of things are working fine, there are currently a few 
> limitations:
> 
> - Both sides of the trust need to fully trust each other! - No SID
> filtering rules are applied at all! - This means DCs of domain A
> can grant domain admin rights in domain B. - It's not possible to
> add users/groups of a trusted domain into domain groups.
> 
> SMB 3.1.1 supported -------------------
> 
> Both client and server have support for SMB 3.1.1 now.
> 
> This is the dialect introduced with Windows 10, it improves the
> secure negotiation of SMB dialects and features.
> 
> New smbclient subcommands -------------------------
> 
> - Query a directory for change notifications: notify <dir name> -
> Server side copy: scopy <source filename> <destination filename>
> 
> New rpcclient subcommands -------------------------
> 
> netshareenumall 	- Enumerate all shares netsharegetinfo 	- Get
> Share Info netsharesetinfo 	- Set Share Info netsharesetdfsflags	-
> Set DFS flags netfileenum		- Enumerate open files netnamevalidate	-
> Validate sharename netfilegetsec		- Get File security netsessdel		-
> Delete Session netsessenum		- Enumerate Sessions netdiskenum		-
> Enumerate Disks netconnenum		- Enumerate Connections netshareadd		-
> Add share netsharedel		- Delete share
> 
> New modules -----------
> 
> idmap_script 		- see 'man 8 idmap_script' vfs_unityed_media	- see
> 'man 8 vfs_unityed_media' vfs_shell_snap	- see 'man 8
> vfs_shell_snap'
> 
> New sparsely connected replia graph (Improved KCC) 
> --------------------------------------------------
> 
> The Knowledge Consistency Checker (KCC) maintains a replication
> graph for DCs across an AD network. The existing Samba KCC uses a
> fully connected graph, so that each DC replicates from all the
> others, which does not scale well with large networks. In 4.3 there
> is an experimental new KCC that creates a sparsely connected
> replication graph and closely follows Microsoft's specification. It
> is turned off by default. To use the new KCC, set
> "kccsrv:samba_kcc=true" in smb.conf and let us know how it goes.
> You should consider doing this if you are making a large new
> network. For small networks there is little benefit and you can
> always switch over at a later date.
> 
> Configurable TLS protocol support, with better defaults 
> -------------------------------------------------------
> 
> The "tls priority" option can be used to change the supported TLS 
> protocols. The default is to disable SSLv3, which is no longer 
> considered secure.
> 
> 
> ######################################################################
>
> 
Changes
> #######
> 
> smb.conf changes ----------------
> 
> Parameter Name		Description		Default --------------		-----------
> ------- logging			New			(empty) msdfs shuffle referrals	New			no 
> smbd profiling level		New			off spotlight			New			no tls priority
> New 			NORMAL:-VERS-SSL3.0 use ntdb			Removed change notify
> Changed to [global] kernel change notify		Changed to [global] 
> client max protocol		Changed	default		SMB3_11 server max protocol
> Changed default		SMB3_11
> 
> Removed modules ---------------
> 
> vfs_notify_fam - see section 'New FileChangeNotify subsystem'.
> 
> 
> KNOWN ISSUES ============
> 
> Currently none.
> 
> 
> CHANGES SINCE 4.2.0rc1 ======================
> 
> o   Jeremy Allison <jra at samba.org> * BUG 11359: strsep is not
> available on Solaris
> 
> o   Björn Baumbach <bb at sernet.de> * BUG 11421: Build with GPFS
> support is broken
> 
> o   Justin Maggard <jmaggard at netgear.com> * BUG 11320: "force
> group" with local group not working
> 
> o   Martin Schwenke <martin at meltin.net * BUG 11424: Build broken
> with --disable-python
> 
> 
> ####################################### Reporting bugs &
> Development Discussion #######################################
> 
> Please discuss this release on the samba-technical mailing list or
> by joining the #samba-technical IRC channel on irc.freenode.net.
> 
> If you do report problems then please try to send high quality 
> feedback. If you don't provide vital information to help us track
> down the problem then you will probably be ignored.  All bug
> reports should be filed under the "Samba 4.1 and newer" product in
> the project's Bugzilla database (https://bugzilla.samba.org/).
> 
> 
> ======================================================================
>
> 
== Our Code, Our Bugs, Our Responsibility.
> == The Samba Team 
> ======================================================================
>
> 
> 
> ================ Download Details ================
> 
> The uncompressed tarballs and patch files have been signed using
> GnuPG (ID 6568B7EA).  The source code can be downloaded from:
> 
> https://download.samba.org/pub/samba/rc/
> 
> The release notes are available online at:
> 
> https://download.samba.org/pub/samba/rc/samba-4.3.0rc2.WHATSNEW.txt
>
>  Our Code, Our Bugs, Our Responsibility. 
> (https://bugzilla.samba.org/)
> 
> --Enjoy The Samba Team
> 
> 
> 
>

More information about the samba mailing list