[Samba] [Announce] Samba 4.18.0rc2 Available for Download
Andrew Bartlett
abartlet at samba.org
Fri Feb 3 07:54:10 UTC 2023
Active Directory Web Services are very badly named, they are not a web
interface, but a SOAP API interface (we implemented some parts that map
to LDAP) and other things over HTTP.
Sorry,
On Fri, 2023-02-03 at 07:36 +0100, Daniel Müller wrote:
> Thanks to all for the new features.But is there a chance to have ADWS
> working in samba4? This would be a great step since swat is gone away
> since years.I saw you did some work on it and i tried to set it up
> from the sources last year but did not succed because there is no
> really stepby step instruction.
> GrretingsDaniel
> -----Ursprüngliche Nachricht-----Von: Andrew Bartlett via samba
> [mailto:samba at lists.samba.org] Gesendet: Freitag, 3. Februar 2023
> 03:26An: Simon FONTENEAU <sfonteneau at tranquil.it>;
> samba at lists.samba.org
> Betreff: Re: [Samba] [Announce] Samba 4.18.0rc2 Available for
> Download
> With great thanks to testing, funding from and a lab environment
> provided by customer (who can identify themselves if they like ;-),
> we have found that:
> * Azure AD Connect cloud sync works with the patches I wrote and are
> included in this release (and have been backported for the next
> 4.17.x).
> * Azure AD Connect works if you put the created user in "Domain
> Admins", probably on existing Samba but tested with the patched
> version.
> I personally think that a pure-Samba tool that runs in python and
> doesn't require a windows server as a proxy is still a better long-
> term option, so we can control the stack and much more easily address
> the issues. I strongly support your work and wish it the best of
> success.
> Andrew Bartlett
> On Thu, 2023-02-02 at 12:24 +0100, Simon FONTENEAU via samba wrote:
> > Hello
> > Is it possible to have more details on "Azure Active Directory
> > /Office365 synchronisation improvements " ?
> > I started working on something here :
> > https://github.com/sfonteneau/AzureADConnect_Samba4
> > (WIP)
> > To activate a pure python synchronization without windows server.
> > Couldn't that be necessary anymore?
> > Simon Fonteneau
> >
> > Le 01/02/2023 à 18:50, Jule Anger via samba a écrit :
> > > Release Announcements=====================
> > > This is the second release candidate of Samba 4.18. This is
> > > *not* intended for production environments and is designed for
> > > testing purposes only. Please report any defects via the Samba
> > > bug reporting system at https://bugzilla.samba.org/ .
> > > Samba 4.18 will be the next version of the Samba suite.
> > >
> > > UPGRADING=========
> > >
> > > NEW FEATURES/CHANGES====================
> > > More succinct samba-tool error messages------------------------
> > > ---------------
> > > Historically samba-tool has reported user error or
> > > misconfiguration by means of a Python traceback, showing you
> > > where in its code it noticed something was wrong, but not always
> > > exactly what is amiss. Now it tries harder to identify the true
> > > cause and restrict its output to describing that. Particular
> > > cases include:
> > > * a username or password is incorrect * an ldb database filename
> > > is wrong (including in smb.conf) * samba-tool dns: various zones
> > > or records do not exist * samba-tool ntacl: certain files are
> > > missing * the network seems to be down * bad --realm or --debug
> > > arguments
> > > Accessing the old samba-tool messages--------------------------
> > > -----------
> > > This is not new, but users are reminded they can get the full
> > > Python stack trace, along with other noise, by using the argument
> > > '-d3'.This may be useful when searching the web.
> > > The intention is that when samba-tool encounters an unrecognised
> > > problem (especially a bug), it will still output a Python
> > > traceback.If you encounter a problem that has been incorrectly
> > > identified by samba-tool, please report it on
> > > https://bugzilla.samba.org .
> > > Colour output with samba-tool --color--------------------------
> > > -----------
> > > For some time a few samba-tool commands have had a --
> > > color=yes|no|auto option, which determines whether the command
> > > outputs ANSI colour codes. Now all samba-tool commands support
> > > this option, which now also accepts 'always' and 'force' for
> > > 'yes', 'never' and 'none' for 'no', and 'tty' and 'if-tty' for
> > > 'auto' (this more closely matches convention). With --color=auto,
> > > or when --color is omitted, colour codes are only used when
> > > output is directed to a terminal.
> > > Most commands have very little colour in any case. For those that
> > > already used it, the defaults have changed slightly.
> > > * samba-tool drs showrepl: default is now 'auto', not 'no'
> > > * samba-tool visualize: the interactions between --color-
> > > scheme, --color, and --output have changed slightly. When --
> > > color-scheme is set it overrides --color for the purpose of the
> > > output diagram, but not for other output like error messages.
> > > New samba-tool dsacl subcommand for deleting ACES--------------
> > > -----------------------------------
> > > The samba-tool dsacl tool can now delete entries in directory
> > > access control lists. The interface for 'samba-tool dsacl delete'
> > > is similar to that of 'samba-tool dsacl set', with the difference
> > > being that the ACEs described by the --sddl argument are deleted
> > > rather than added.
> > > No colour with NO_COLOR environment variable---------------------
> > > -----------------------
> > > With both samba-tool --color=auto (see above) and some other
> > > places where we use ANSI colour codes, the NO_COLOR environment
> > > variable will disable colour output. See https://no-color.org/ f
> > > or a description of this variable. `samba-tool --color=always`
> > > will use colour regardless of NO_COLOR.
> > > New wbinfo option --change-secret-at-----------------------------
> > > -------
> > > The wbinfo command has a new option, --change-secret-
> > > at=<DOMAINCONTROLLER>which forces the trust account password to
> > > be changed at a specified domain controller. If the specified
> > > domain controller cannot be contacted the password change fails
> > > rather than trying other DCs.
> > > New option to change the NT ACL default location-----------------
> > > -------------------------------
> > > Usually the NT ACLs are stored in the security.NTACL extended
> > > attribute (xattr) of files and directories. The new
> > > "acl_xattr:security_acl_name" option allows to redefine the
> > > default location. The default "security.NTACL" is a protected
> > > location, which means the content of the security.NTACL attribute
> > > is not accessible from normal users outside of Samba. When this
> > > option is set to use a user-defined value, e.g. user.NTACL then
> > > any user can potentially access and overwrite this information.
> > > The module prevents access to this xattr over SMB, but the xattr
> > > may still be accessed by other means (eg local access, SSH, NFS).
> > > This option must only be used when this consequence is clearly
> > > understood and when specific precautions are taken to avoid
> > > compromising the ACL content.
> > > Azure Active Directory / Office365 synchronisation improvements
> > > --------------------------------------------------------------
> > > Use of the Azure AD Connect cloud sync tool is now supported for
> > > password hash synchronisation, allowing Samba AD Domains to
> > > synchronise passwords with this popular cloud environment.
> > > REMOVED FEATURES================
> > >
> > > smb.conf changes================
> > > Parameter
> > > Name Description Default --------
> > > ------ ----------- ----
> > > --- acl_xattr:security_acl_name New security.NTACL
> > >
> > > CHANGES SINCE 4.18.0rc1=======================
> > > o Andrew Bartlett <abartlet at samba.org
> > > * BUG 10635: Office365 azure Password Sync not working.
> > > o Stefan Metzmacher <metze at samba.org
> > > * BUG 15286: auth3_generate_session_info_pac leaks
> > > wbcAuthUserInfo.
> > > o Noel Power <noel.power at suse.com
> > > * BUG 15293: With clustering enabled samba-bgqd can core dump
> > > due to use after free.
> > >
> > > KNOWN ISSUES============
> > > https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Rel
> > > ease_blocking_bugs
> > >
> > >
> > > #######################################Reporting bugs &
> > > Development Discussion #######################################
> > > Please discuss this release on the samba-technical mailing list
> > > or by joining the #samba-technical:matrix.org matrix room, or
> > > #samba-technical IRC channel on irc.libera.chat
> > > If you do report problems then please try to send high quality
> > > feedback. If you don't provide vital information to help us track
> > > down the problem then you will probably be ignored. All bug
> > > reports should be filed under the Samba 4.1 and newer product in
> > > the project's Bugzilla database ( https://bugzilla.samba.org/ ).
> > >
> > > =================================================================
> > > ======= Our Code, Our Bugs, Our Responsibility.== The Samba
> > > Team=============================================================
> > > =========
> > >
> > > ================Download Details================
> > > The uncompressed tarballs and patch files have been signed using
> > > GnuPG (ID AA99442FB680B620). The source code can be
> > > downloadedfrom:
> > > https://download.samba.org/pub/samba/rc/
> > >
> > >
> > > The release notes are available online at:
> > > https://download.samba.org/pub/samba/rc/samba-4.18.0rc2.WHATSNEW.txt
> > >
> > >
> > > Our Code, Our Bugs, Our Responsibility.(
> > > https://bugzilla.samba.org/
> > > )
> > > --Enjoy The Samba
> > > Team
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst.Net Limited
Catalyst.Net Ltd - a Catalyst IT group company - Expert Open SourceSolutions
More information about the samba
mailing list