We've just released the fourth technology preview release of Samba 4. ============= About Samba 4 =============
Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet. Please note the WARNINGS below, and the STATUS file, which aims to document what should and should not work. With 4 years of development under our belt since Tridge first proposed a new Virtual File System (VFS) layer for Samba3 (a project which eventually lead to our Active Directory efforts), we felt that we should create something we could 'show off' to our users. This is a Technology Preview (TP), aimed at allowing you, our users, managers and developers to see how we have progressed, and to invite your feedback and support. ======== Warnings ======== Samba4 TP is currently a pre-alpha technology. That is more a reference to Samba4's lack of the features we expect you will need than a statement of code quality, but clearly it hasn't seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find many things work, but that other key features you may have relied on simply are not there yet. For example, while Samba 3.0 is an excellent member of a Active Directory domain, Samba4 is happier as a domain controller: (This is where we have done most of the research and development). While Samba4 is subjected to an awesome battery of tests on an automated basis, and we have found Samba4 to be very stable in it's behaviour, we have to recommend against upgrading production servers from Samba 3 to Samba 4 at this stage. If you are upgrading an experimental server, or looking to develop and test Samba, you should backup all configuration and data. As we research the needs of Active Directory integration more closely, we may need to change the format of the user database, in particular as we begin to understand how the attributes are generated and stored. At a worst case, we expect users will be able to extract the stored data as LDIF and hand munge it, but until we make an alpha release, we won't do this automatically. Indeed, many module changes are simply easier to cope with if you just re-provision after the upgrade. We value the security of your computers, and so we must warn you that Samba 4 Technology Preview includes basic Access Control List (ACL) protection on the main user database, but due to time constraints, none on the registry at this stage. We also do not currently have ACLs on the SWAT web-based management tool. This means that Samba 4 Technology Preview is not secure, and should not be exposed to untrusted networks. Within the above proviso, file system access should occur as the logged in user, much as Samba3 does. As such, we must strongly recommend against using Samba4 in a production environment at this stage. ======= Changes ======= 'Samba4 TP4' presents you with an opportunity to see a Technology Preview (TP) snapshot of Samba4's development, as at January 2007. In the last few months since TP3 was released in October 2006, significant work has been done across many parts of Samba4. Since that time, we have added the basis for some new and exciting features: PKINIT support to Samba4's KDC will allow, smart-card login to a Samba4 domain. TP4 demonstrates this with static key files, but work will continue to enable actual hardware cards. Clustering support was always a design goal of Samba4, and with TP4 we have the ctdb framework, a cluster-aware shared database. This allows Samba4 to share a shared cluster file-system with it's clients. Presented at this year's linux.conf.au, including a highly rigged demo, you can expect to see this mature over the next few months. Non-blocking and Asynchronous IO support, has always been a design goal in Samba4, and TP4 will use new Linux Kernel features to implement event driven asynchronous IO. This makes Samba more efficient on systems where some data may be 'further away' than a local disk, such as HSM systems. This allows the Kernel to handle reading the returned data from the disk, only notifying Samba when the data is ready for dispatch to the client. Our web-management console, known as SWAT, is being revamped, and in TP4 you can find a new Web 2.0 style user interface, being used to support a web-based ldb browser. We hope this new system will allow things simple not possible with the form-submit style of web management. Using LDB LDAP back-end integration has improved in this release, with an improved mapping module allowing the start of Fedora DS back-end support. In continuing our research effort, TP4 includes the work to better understand and implement the DRSUAPI replication protocols. By better understanding the needs of replication now, we can structure our databases so that their format will have to change less in future. We hope to use this replication function to replace the SamSync based Vampire process so effectively demonstrated since TP1, and to eventually join an Active Directory domain, as a replicating partner. Behind the scenes, much of the core infrastructure of Samba4 continues development: In Kerberos, we have continued to track the development of the Heimdal Kerberos implementation, and reduce the custom diff between our branch and upstream. Heimdal now provides plug-in APIs for almost all of the hooks we need, including management and validation of the PAC. In testing, our test infrastructure has undergone a quiet revolution, as we improve our unit test framework. Likewise, the tests themselves have continued to expand, as we follow our test-driven development pattern. In providing an abstraction above our raw RPC layer, the libnet library continues to expand, becoming a C and JS management API for Samba4 and remote servers. To ensure that, as an administrator and developer, you can easily read and edit our internal databases, our LDB layer has been optimised for speed. The aim here is to avoid needing to use the faster, but more opaque, TDB layer. These are just some of the highlights of the work done in the past few months. More details can be found in our SVN history. ================ Download Details ================ The release tarball is available from the following location: * http://us1.samba.org/samba/ftp/samba4/samba-4.0.0tp4.tar.gz This release has been signed using GPG with Jelmers' GPG key (1EEF5276). * http://us1.samba.org/samba/ftp/samba4/samba-4.0.0tp4.tar.asc To verify that the signature is correct, make sure that the tarball has been unzipped and run: $ gpg --verify samba-4.0.0tp4.tar.asc We are also planning on making Debian packages available for this release later this week. No packages for other distributions are planned at the moment. ============ Installation ============ A short guide to setting up Samba 4 can be found on http://wiki.samba.org/index.php/Samba4/HOWTO. ======================== Development and Feedback ======================== Bugs can be filed at https://bugzilla.samba.org/. Please look at the STATUS file before filing a bug to see if a particular is supposed to work yet. Development and general discussion about Samba 4 happens mainly on the #samba-technical IRC channel (on irc.freenode.net) and the samba-technical mailing list (see http://lists.samba.org/ for details). Happy testing! The Samba team -- Jelmer Vernooij <[EMAIL PROTECTED]> - http://samba.org/~jelmer/We've just released the fourth technology preview release of Samba 4.
=============
About Samba 4
=============
Samba 4 is an ambitious development effort of the Samba project, being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
Samba 4 is currently not yet in a state where it is usable in
production environments. Note the STATUS file, which aims to document
what should and should not work.
========
Warnings
========
Samba4 TP is currently a pre-alpha technology. It may eat your cat, but
is far more likely to choose to munch on your password database. We recommend against upgrading any production servers from Samba 3 to Samba 4 at this stage. If you are upgrading an experimental server, you should backup all configuration and data. We expect that format changes will require that the user database be rebuilt from scratch a number of times before we make a final release, losing password data each time. Again, we strongly recommend against use in a production environment at this stage.
=======
Changes
=======
Andrew Bartlett wrote a summary of the changes we've made since the previous
'Samba4 TP4' presents you with an opportunity to see a Technology
Preview (TP) snapshot of Samba4's development, as at January 2007.
In the last few months since TP3 was released in October 2006,
significant work has been done across many parts of Samba4. Since that
time, we have added the basis for some new and exciting features:
PKINIT support to Samba4's KDC will allow, smart-card login to a
Samba4 domain. TP4 demonstrates this with static key files, but
work will continue to enable actual hardware cards.
Clustering support was always a design goal of Samba4, and with TP4
we have the ctdb framework, a cluster-aware shared database. This
allows Samba4 to share a shared cluster file-system with it's clients.
Presented at this year's linux.conf.au, including a highly rigged
demo, you can expect to see this mature over the next few months.
Non-blocking and Asynchronous IO support, has always been a design
goal in Samba4, and TP4 will use new Linux Kernel features to
implement event driven asynchronous IO. This makes Samba more
efficient on systems where some data may be 'further away' than a
local disk, such as HSM systems. This allows the Kernel to handle
reading the returned data from the disk, only notifying Samba when
the data is ready for dispatch to the client.
Our web-management console, known as SWAT, is being revamped, and in
TP4 you can find a new Web 2.0 style user interface, being used to
support a web-based ldb browser. We hope this new system will allow
things simple not possible with the form-submit style of web
management.
Using LDB LDAP back-end integration has improved in this release, with an
improved mapping module allowing the start of Fedora DS back-end
support.
In continuing our research effort, TP4 includes the work to better
understand and implement the DRSUAPI replication protocols. By better
understanding the needs of replication now, we can structure our
databases so that their format will have to change less in future.
We hope to use this replication function to replace the SamSync based
Vampire process so effectively demonstrated since TP1, and to
eventually join an Active Directory domain, as a replicating partner.
Behind the scenes, much of the core infrastructure of Samba4 continues
development:
In Kerberos, we have continued to track the development of the
Heimdal Kerberos implementation, and reduce the custom diff between
our branch and upstream. Heimdal now provides plug-in APIs for
almost all of the hooks we need, including management and validation
of the PAC.
In testing, our test infrastructure has undergone a quiet
revolution, as we improve our unit test framework. Likewise, the
tests themselves have continued to expand, as we follow our
test-driven development pattern.
In providing an abstraction above our raw RPC layer, the libnet
library continues to expand, becoming a C and JS management API for
Samba4 and remote servers.
To ensure that, as an administrator and developer, you can easily
read and edit our internal databases, our LDB layer has been
optimised for speed. The aim here is to avoid needing to use the faster, but
more opaque, TDB layer.
These are just some of the highlights of the work done in the past few
months. More details can be found in our SVN history.
================
Download Details
================
The release tarball is available from the following location:
* http://us1.samba.org/samba/ftp/samba4/samba-4.0.0tp4.tar.gz
This release has been signed using GPG with Jelmers' GPG key (1EEF5276).
* http://us1.samba.org/samba/ftp/samba4/samba-4.0.0tp4.tar.asc
To verify that the signature is correct, make sure that the tarball has been unzipped and run:
$ gpg --verify samba-4.0.0tp4.tar.asc
We are also planning on making Debian packages available for this release later this week. No packages for other distributions are planned at the moment.
Happy testing!
The Samba team
-- Jelmer Vernooij <[EMAIL PROTECTED]> - http://samba.org/~jelmer/ |
