[Samba] [Announce] Samba 4.18.0rc2 Available for Download
Daniel Müller
mueller at tropenklinik.de
Fri Feb 3 06:36:28 UTC 2023
Thanks to all for the new features.
But is there a chance to have ADWS working in samba4? This would be a great step since swat is gone away since years.
I saw you did some work on it and i tried to set it up from the sources last year but did not succed because there is no really stepby step instruction.
Grretings
Daniel
-----Ursprüngliche Nachricht-----
Von: Andrew Bartlett via samba [mailto:samba at lists.samba.org]
Gesendet: Freitag, 3. Februar 2023 03:26
An: Simon FONTENEAU <sfonteneau at tranquil.it>; samba at lists.samba.org
Betreff: Re: [Samba] [Announce] Samba 4.18.0rc2 Available for Download
With great thanks to testing, funding from and a lab environment provided by customer (who can identify themselves if they like ;-), we have found that:
* Azure AD Connect cloud sync works with the patches I wrote and are included in this release (and have been backported for the next 4.17.x).
* Azure AD Connect works if you put the created user in "Domain Admins", probably on existing Samba but tested with the patched version.
I personally think that a pure-Samba tool that runs in python and doesn't require a windows server as a proxy is still a better long-term option, so we can control the stack and much more easily address the issues. I strongly support your work and wish it the best of success.
Andrew Bartlett
On Thu, 2023-02-02 at 12:24 +0100, Simon FONTENEAU via samba wrote:
> Hello
>
> Is it possible to have more details on "Azure Active Directory /
> Office365 synchronisation improvements " ?
>
> I started working on something here :
> https://github.com/sfonteneau/AzureADConnect_Samba4
> (WIP)
>
> To activate a pure python synchronization without windows server.
>
> Couldn't that be necessary anymore?
>
> Simon Fonteneau
>
>
> Le 01/02/2023 à 18:50, Jule Anger via samba a écrit :
> > Release Announcements
> > =====================
> >
> > This is the second release candidate of Samba 4.18. This is *not*
> > intended for production environments and is designed for testing
> > purposes only. Please report any defects via the Samba bug
> > reporting system at https://bugzilla.samba.org/ .
> >
> > Samba 4.18 will be the next version of the Samba suite.
> >
> >
> > UPGRADING
> > =========
> >
> >
> > NEW FEATURES/CHANGES
> > ====================
> >
> > More succinct samba-tool error messages
> > ---------------------------------------
> >
> > Historically samba-tool has reported user error or misconfiguration
> > by means of a Python traceback, showing you where in its code it
> > noticed something was wrong, but not always exactly what is amiss.
> > Now it tries harder to identify the true cause and restrict its
> > output to describing that. Particular cases include:
> >
> > * a username or password is incorrect
> > * an ldb database filename is wrong (including in smb.conf)
> > * samba-tool dns: various zones or records do not exist
> > * samba-tool ntacl: certain files are missing
> > * the network seems to be down
> > * bad --realm or --debug arguments
> >
> > Accessing the old samba-tool messages
> > -------------------------------------
> >
> > This is not new, but users are reminded they can get the full Python
> > stack trace, along with other noise, by using the argument '-d3'.
> > This may be useful when searching the web.
> >
> > The intention is that when samba-tool encounters an unrecognised
> > problem (especially a bug), it will still output a Python traceback.
> > If you encounter a problem that has been incorrectly identified by
> > samba-tool, please report it on https://bugzilla.samba.org .
> >
> > Colour output with samba-tool --color
> > -------------------------------------
> >
> > For some time a few samba-tool commands have had a --
> > color=yes|no|auto option, which determines whether the command
> > outputs ANSI colour codes. Now all samba-tool commands support this
> > option, which now also accepts 'always' and 'force' for 'yes',
> > 'never' and 'none' for 'no', and 'tty' and 'if-tty' for 'auto' (this
> > more closely matches convention). With --color=auto, or when --color
> > is omitted, colour codes are only used when output is directed to a
> > terminal.
> >
> > Most commands have very little colour in any case. For those that
> > already used it, the defaults have changed slightly.
> >
> > * samba-tool drs showrepl: default is now 'auto', not 'no'
> >
> > * samba-tool visualize: the interactions between --color-scheme,
> > --color, and --output have changed slightly. When --color-scheme
> > is
> > set it overrides --color for the purpose of the output diagram,
> > but
> > not for other output like error messages.
> >
> > New samba-tool dsacl subcommand for deleting ACES
> > -------------------------------------------------
> >
> > The samba-tool dsacl tool can now delete entries in directory access
> > control lists. The interface for 'samba-tool dsacl delete' is
> > similar to that of 'samba-tool dsacl set', with the difference being
> > that the ACEs described by the --sddl argument are deleted rather
> > than added.
> >
> > No colour with NO_COLOR environment variable
> > --------------------------------------------
> >
> > With both samba-tool --color=auto (see above) and some other places
> > where we use ANSI colour codes, the NO_COLOR environment variable
> > will disable colour output. See https://no-color.org/ for a
> > description of this variable. `samba-tool --color=always` will use
> > colour regardless of NO_COLOR.
> >
> > New wbinfo option --change-secret-at
> > ------------------------------------
> >
> > The wbinfo command has a new option, --change-secret-at=<DOMAIN
> > CONTROLLER>
> > which forces the trust account password to be changed at a specified
> > domain controller. If the specified domain controller cannot be
> > contacted the password change fails rather than trying other DCs.
> >
> > New option to change the NT ACL default location
> > ------------------------------------------------
> >
> > Usually the NT ACLs are stored in the security.NTACL extended
> > attribute (xattr) of files and directories. The new
> > "acl_xattr:security_acl_name" option allows to redefine the default
> > location. The default "security.NTACL" is a protected location,
> > which means the content of the security.NTACL attribute is not
> > accessible from normal users outside of Samba. When this option is
> > set to use a user-defined value, e.g. user.NTACL then any user can
> > potentially access and overwrite this information. The module
> > prevents access to this xattr over SMB, but the xattr may still be
> > accessed by other means (eg local access, SSH, NFS). This option
> > must only be used when this consequence is clearly understood and
> > when specific precautions are taken to avoid compromising the ACL
> > content.
> >
> > Azure Active Directory / Office365 synchronisation improvements
> > --------------------------------------------------------------
> >
> > Use of the Azure AD Connect cloud sync tool is now supported for
> > password hash synchronisation, allowing Samba AD Domains to
> > synchronise passwords with this popular cloud environment.
> >
> > REMOVED FEATURES
> > ================
> >
> >
> > smb.conf changes
> > ================
> >
> > Parameter Name Description Default
> > -------------- ----------- -------
> > acl_xattr:security_acl_name New security.NTACL
> >
> >
> > CHANGES SINCE 4.18.0rc1
> > =======================
> >
> > o Andrew Bartlett <
> > abartlet at samba.org
> > >
> > * BUG 10635: Office365 azure Password Sync not working.
> >
> > o Stefan Metzmacher <
> > metze at samba.org
> > >
> > * BUG 15286: auth3_generate_session_info_pac leaks
> > wbcAuthUserInfo.
> >
> > o Noel Power <
> > noel.power at suse.com
> > >
> > * BUG 15293: With clustering enabled samba-bgqd can core dump due
> > to use
> > after free.
> >
> >
> > KNOWN ISSUES
> > ============
> >
> > https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Rel
> > ease_blocking_bugs
> >
> >
> >
> >
> > #######################################
> > Reporting bugs & Development Discussion
> > #######################################
> >
> > Please discuss this release on the samba-technical mailing list or
> > by joining the #samba-technical:matrix.org matrix room, or
> > #samba-technical IRC channel on irc.libera.chat
> >
> > If you do report problems then please try to send high quality
> > feedback. If you don't provide vital information to help us track
> > down the problem then you will probably be ignored. All bug reports
> > should be filed under the Samba 4.1 and newer product in the
> > project's Bugzilla database ( https://bugzilla.samba.org/ ).
> >
> >
> > ===================================================================
> > ===
> > == Our Code, Our Bugs, Our Responsibility.
> > == The Samba Team
> > ===================================================================
> > ===
> >
> >
> > ================
> > Download Details
> > ================
> >
> > The uncompressed tarballs and patch files have been signed using
> > GnuPG (ID AA99442FB680B620). The source code can be downloaded
> > from:
> >
> >
> > https://download.samba.org/pub/samba/rc/
> >
> >
> > The release notes are available online at:
> >
> > https://download.samba.org/pub/samba/rc/samba-4.18.0rc2.WHATSNEW.txt
> >
> >
> > Our Code, Our Bugs, Our Responsibility.
> > (
> > https://bugzilla.samba.org/
> > )
> >
> > --Enjoy
> > The Samba Team
> >
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list