[ANNOUNCE] Samba 3.2.0pre3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Release Announcements = This is the third preview release of Samba 3.2.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Please be aware that Samba is now distributed under the version 3 of the new GNU General Public License. You may refer to the COPYING file that accompanies these release notes for further licensing details. Major enhancements in Samba 3.2.0 include: File Serving: o Use of IDL generated parsing layer for several DCE/RPC interfaces. o Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. o Introduction of a registry based configuration system. o Improved CIFS Unix Extensions support. o Experimental support for file serving clusters. o Support for IPv6 in the server, and client tools and libraries. o Support for storing alternate data streams in xattrs. o Encrypted SMB transport in client tools and libraries, and server. o Support for Vista clients authenticating via Kerberos. Winbind and Active Directory Integration: o Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. o Support for userPrincipalName logons via pam_winbind and NSS lookups. o Expansion of nested domain groups via NSS calls. o Support for Active Directory LDAP Signing policy. o New LGPL Winbind client library (libwbclient.so). Joining: o New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. o New client and server support for remotely joining and unjoining Domains. o Support for joining into Windows 2008 domains. Users & Groups: o New ldb backend for local group mapping tables o Raised level of security defaults for authentication operations. Documentation: o Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing. Now Licensed under the GNU GPLv3 The Samba Team has adopted the Version 3 of the GNU General Public License for the 3.2 and later releases. The GPLv3 is the updated version of the GPLv2 license under which Samba is currently distributed. It has been updated to improve compatibility with other licenses and to make it easier to adopt internationally, and is an improved version of the license to better suit the needs of Free Software in the 21st Century. The original announcement is available on-line at http://news.samba.org/announcements/samba_gplv3/ New Security Defaults for Authentication Support for LanMan passwords is now disabled in both client and server applications. Additionally, clear text authentication requests are disabled by default in client utilities such as smbclient and all libsmbclient based applications. This will affect connection both to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer to the "Changes" section for details on the exact parameters that were updated. Registry Configuration Backend == Samba is now able to use a registry based configuration backed to supplement smb.conf settings. This feature may be enabled by setting "config backend = registry" in the [global] section of smb.conf for a registry only configuration, or by specifying "include = registry" to include global options from registry for a mixed setup. The new parameter "registry shares = yes" in the [global] section of smb.conf can be used to activate share definitions from registry. These shares are loaded on demand by the server. Registry shares are automatically activated by the global registry options above. The configuration stored in registry can be conveniently managed using the "net conf" command. More information may be obtained from the smb.conf(5) and net(8) man pages. Removed Features Both the Python bindings and the libmsrpc shared library have been removed from the tree due to lack of an official maintainer. As smbfs is no longer supported in current kernel versions, smbmount has been removed in this Samba version. Please use cifs (mount.cifs) instead. See examples/scripts/mount/mount.smbfs as an example for a wrapper which calls mount.cifs instead of smbmount/mount.smbfs. Modified API for libsmbclient == Maintaining ABI compatibility for libsmbclient has become increasingly difficult to accomplish, while also keeping the code organization such that it is easily readable. Towards the goal of maintaining ABI compatibility and also keeping the code easy to maintain and enhance, the API has been enhanced. In particular, the fields in the SMBCCTX context structure are no longer intended to
[ANNOUNCE] Samba 3.2.0rc1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Preamble: Please help us testing this release candidate! If there are no major catastrophes, it will become the first major release of Samba 3.2.0. It might take a few hours until the files will be spread to all mirrors. = Release Notes for Samba 3.2.0rc1 May 23, 2008 = This is the first release candidate of Samba 3.2.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Please be aware that Samba is now distributed under the version 3 of the new GNU General Public License. You may refer to the COPYING file that accompanies these release notes for further licensing details. Major enhancements in Samba 3.2.0 include: File Serving: o Use of IDL generated parsing layer for several DCE/RPC interfaces. o Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. o Introduction of a registry based configuration system. o Improved CIFS Unix Extensions support. o Experimental support for file serving clusters. o Support for IPv6 in the server, and client tools and libraries. o Support for storing alternate data streams in xattrs. o Encrypted SMB transport in client tools and libraries, and server. o Support for Vista clients authenticating via Kerberos. Winbind and Active Directory Integration: o Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. o Support for userPrincipalName logons via pam_winbind and NSS lookups. o Expansion of nested domain groups via NSS calls. o Support for Active Directory LDAP Signing policy. o New LGPL Winbind client library (libwbclient.so). o Support for establishing interdomain trust relationships with Windows 2008. Joining: o New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. o New client and server support for remotely joining and unjoining Domains. o Support for joining into Windows 2008 domains. Users & Groups: o New ldb backend for local group mapping tables o Raised level of security defaults for authentication operations. o New NetApi library for user account related queries. Documentation: o Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing. Now Licensed under the GNU GPLv3 The Samba Team has adopted the Version 3 of the GNU General Public License for the 3.2 and later releases. The GPLv3 is the updated version of the GPLv2 license under which Samba is currently distributed. It has been updated to improve compatibility with other licenses and to make it easier to adopt internationally, and is an improved version of the license to better suit the needs of Free Software in the 21st Century. The original announcement is available on-line at http://news.samba.org/announcements/samba_gplv3/ New Security Defaults for Authentication Support for LanMan passwords is now disabled in both client and server applications. Additionally, clear text authentication requests are disabled by default in client utilities such as smbclient and all libsmbclient based applications. This will affect connection both to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer to the "Changes" section for details on the exact parameters that were updated. Registry Configuration Backend == Samba is now able to use a registry based configuration backed to supplement smb.conf settings. This feature may be enabled by setting "config backend = registry" in the [global] section of smb.conf for a registry only configuration, or by specifying "include = registry" to include global options from registry for a mixed setup. The new parameter "registry shares = yes" in the [global] section of smb.conf can be used to activate share definitions from registry. These shares are loaded on demand by the server. Registry shares are automatically activated by the global registry options above. The configuration stored in registry can be conveniently managed using the "net conf" command. More information may be obtained from the smb.conf(5) and net(8) man pages. Removed Features Both the Python bindings and the libmsrpc shared library have been removed from the tree due to lack of an official maintainer. As smbfs is no longer supported in current kernel versions, smbmount has been removed in this Samba version. Please use cifs (mount.cifs) instead. See examples/scripts/mount/mount.smbfs as an example for a wrapper which calls mount.cifs instead
[ANNOUNCE] Samba 3.2.0rc2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Release Notes for Samba 3.2.0rc2 June 10, 2008 = This is the second release candidate of Samba 3.2.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Please be aware that Samba is now distributed under the version 3 of the new GNU General Public License. You may refer to the COPYING file that accompanies these release notes for further licensing details. Major enhancements in Samba 3.2.0 include: File Serving: o Use of IDL generated parsing layer for several DCE/RPC interfaces. o Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. o Introduction of a registry based configuration system. o Improved CIFS Unix Extensions support. o Experimental support for file serving clusters. o Support for IPv6 in the server, and client tools and libraries. o Support for storing alternate data streams in xattrs. o Encrypted SMB transport in client tools and libraries, and server. o Support for Vista clients authenticating via Kerberos. Winbind and Active Directory Integration: o Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. o Support for userPrincipalName logons via pam_winbind and NSS lookups. o Expansion of nested domain groups via NSS calls. o Support for Active Directory LDAP Signing policy. o New LGPL Winbind client library (libwbclient.so). o Support for establishing interdomain trust relationships with Windows 2008. Joining: o New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. o New client and server support for remotely joining and unjoining Domains. o Support for joining into Windows 2008 domains. Users & Groups: o New ldb backend for local group mapping tables o Raised level of security defaults for authentication operations. o New NetApi library for user account related queries. Documentation: o Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing. Now Licensed under the GNU GPLv3 The Samba Team has adopted the Version 3 of the GNU General Public License for the 3.2 and later releases. The GPLv3 is the updated version of the GPLv2 license under which Samba is currently distributed. It has been updated to improve compatibility with other licenses and to make it easier to adopt internationally, and is an improved version of the license to better suit the needs of Free Software in the 21st Century. The original announcement is available on-line at http://news.samba.org/announcements/samba_gplv3/ New Security Defaults for Authentication Support for LanMan passwords is now disabled in both client and server applications. Additionally, clear text authentication requests are disabled by default in client utilities such as smbclient and all libsmbclient based applications. This will affect connection both to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer to the "Changes" section for details on the exact parameters that were updated. Registry Configuration Backend == Samba is now able to use a registry based configuration backed to supplement smb.conf settings. This feature may be enabled by setting "config backend = registry" in the [global] section of smb.conf for a registry only configuration, or by specifying "include = registry" to include global options from registry for a mixed setup. The new parameter "registry shares = yes" in the [global] section of smb.conf can be used to activate share definitions from registry. These shares are loaded on demand by the server. Registry shares are automatically activated by the global registry options above. The configuration stored in registry can be conveniently managed using the "net conf" command. More information may be obtained from the smb.conf(5) and net(8) man pages. Removed Features Both the Python bindings and the libmsrpc shared library have been removed from the tree due to lack of an official maintainer. As smbfs is no longer supported in current kernel versions, smbmount has been removed in this Samba version. Please use cifs (mount.cifs) instead. See examples/scripts/mount/mount.smbfs as an example for a wrapper which calls mount.cifs instead of smbmount/mount.smbfs. Modified API for libsmbclient == Maintaining ABI compatibility for libsmbclient has become increasingly difficult to acco
[ANNOUNCE] Samba 3.2.0 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == "Patience is the companion of wisdom." Saint Augustine == Release Announcements = This is the first stable release of Samba 3.2.0. Please be aware that Samba is now distributed under the version 3 of the new GNU General Public License. You may refer to the COPYING file that accompanies these release notes for further licensing details. Major enhancements in Samba 3.2.0 include: File Serving: o Use of IDL generated parsing layer for several DCE/RPC interfaces. o Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. o Introduction of a registry based configuration system. o Improved CIFS Unix Extensions support. o Experimental support for file serving clusters. o Support for IPv6 in the server, and client tools and libraries. o Support for storing alternate data streams in xattrs. o Encrypted SMB transport in client tools and libraries, and server. o Support for Vista clients authenticating via Kerberos. Winbind and Active Directory Integration: o Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. o Support for userPrincipalName logons via pam_winbind and NSS lookups. o Expansion of nested domain groups via NSS calls. o Support for Active Directory LDAP Signing policy. o New LGPL Winbind client library (libwbclient.so). o Support for establishing interdomain trust relationships with Windows 2008. Joining: o New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. o New client and server support for remotely joining and unjoining Domains. o Support for joining into Windows 2008 domains. Users & Groups: o New ldb backend for local group mapping tables o Raised level of security defaults for authentication operations. o New NetApi library for user account related queries. Now Licensed under the GNU GPLv3 The Samba Team has adopted the Version 3 of the GNU General Public License for the 3.2 and later releases. The GPLv3 is the updated version of the GPLv2 license under which Samba is currently distributed. It has been updated to improve compatibility with other licenses and to make it easier to adopt internationally, and is an improved version of the license to better suit the needs of Free Software in the 21st Century. The original announcement is available on-line at http://news.samba.org/announcements/samba_gplv3/ New Security Defaults for Authentication Support for LanMan passwords is now disabled in both client and server applications. Additionally, clear text authentication requests are disabled by default in client utilities such as smbclient and all libsmbclient based applications. This will affect connection both to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer to the "Changes" section for details on the exact parameters that were updated. Registry Configuration Backend == Samba is now able to use a registry based configuration backed to supplement smb.conf settings. This feature may be enabled by setting "config backend = registry" in the [global] section of smb.conf for a registry only configuration, or by specifying "include = registry" to include global options from registry for a mixed setup. The new parameter "registry shares = yes" in the [global] section of smb.conf can be used to activate share definitions from registry. These shares are loaded on demand by the server. Registry shares are automatically activated by the global registry options above. The configuration stored in registry can be conveniently managed using the "net conf" command. More information may be obtained from the smb.conf(5) and net(8) man pages. Removed Features Both the Python bindings and the libmsrpc shared library have been removed from the tree due to lack of an official maintainer. As smbfs is no longer supported in current kernel versions, smbmount has been removed in this Samba version. Please use cifs (mount.cifs) instead. See examples/scripts/mount/mount.smbfs as an example for a wrapper which calls mount.cifs instead of smbmount/mount.smbfs. Modified API for libsmbclient == Maintaining ABI compatibility for libsmbclient has become increasingly difficult to accomplish, while also keeping the code organization such that it is easily readable. Towards the goal of maintaining ABI compatibility and also keeping the code easy to maintain and enhance, the API has been enhanced
[ANNOUNCE] Samba 3.2.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == "A goal without a plan is just a wish." Antoine de Saint-Exupery == Release Announcements = This is the second stable release of Samba 3.2. Major bug fixes included in Samba 3.2.1 are: o Race condition in Winbind leading to a crash. o Regression in Winbindd offline mode. o Flushing of smb.conf when creating a new share using SWAT. o Setting of ACEs in setups with "dos filemode = yes". ## Changes ### Changes since 3.2.0 - --- o Michael Adam <[EMAIL PROTECTED]> * BUG 5608: Fix link creation for libtalloc.so.1 (and friends) on Solaris 8. * BUG 5594: Fix "make test" by adding and using a new testparm switch "--skip-logic-checks". * Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a. * Update the section about net conf in the net(8) manpage. * Improve processing of registry shares. * Fix listing of registry shares with testparm. * Fix several build issues. o Jeremy Allison <[EMAIL PROTECTED]> * BUG 5578: Fix error from strlcat. * BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT. * Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. * Remove worrying warning message when safe_strcpy tries to copy a pseaudo interface name that's too long. * Canonicalize servername in the printer functions to remove leading '\\' characters. * Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. * Fix bug creating files using DOS clients with mixed case files. * Fix uninitialized variable. o Yannick Bergeron <[EMAIL PROTECTED]> * Fix compile error on AIX 6.1 o Jim Brown <[EMAIL PROTECTED]> * Fix SGI compiler warnings. o Günther Deschner <[EMAIL PROTECTED]> * BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. * BUG 5570: Fix bogus error message during AD domain join. * Fix trusted domain handling in Winbindd. * Fix build warning. o SATOH Fumiyasu <[EMAIL PROTECTED]> * BUG 5202: Fix setting of ACEs for users/groups with write access in setups with 'dos filemode = yes'. * Re-activate 'acl group control' parameter and make it only apply to owning group. o Volodymyr Khomenko <[EMAIL PROTECTED]> * Make ntimes function more like POSIX and allow NULL arg. o Volker Lendecke <[EMAIL PROTECTED]> * BUG 5512: Fix alignment problems on sparc. * BUG 5616: Fix share connections in setups with "server signing = mandatory" or SMB signing set on the client side. * Fix a race condition in Winbind leading to a crash. * Fix a segfault in base64_encode_data_blob. * Fix some uninitialized variable references via ndr_print. * Fix error message if trying to join with a non-privileged user. * Fix setups using "include = registry" without [global] settings in the registry. * Fix "net sam rights" on domain member servers. * Add documentation for the vfs streams modules. o Herb Lewis <[EMAIL PROTECTED]> * Cleanup some duplicate code by passing the password to the wbinfo_auth* functions. * Allow SID with 0 in subauthority to be converted properly. o Zach Loafman <[EMAIL PROTECTED]> * Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage. * Fix realpath() check so that it doesn't generate a core() when it fails. o Jim McDonough <[EMAIL PROTECTED]> * Fix overwriting of winbind logfiles. o Lars Müller <[EMAIL PROTECTED]> * Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic. o Darshan Purandare <[EMAIL PROTECTED]> * Add broadcasting of the debug message to all winbindd children. o Karolin Seeger <[EMAIL PROTECTED]> * BUG 5635: Fix updating of printer queues. o Andreas Schneider <[EMAIL PROTECTED]> * Release still reachable memory if the smbclient context is freed. * Remove trailing withespace from wbinfo -m which breaks gdm auth. o Simo Sorce <[EMAIL PROTECTED]> * BUG 5540: Fix "set primary group script" user option substitution. * Fix regression in Winbindd offline mode. o Bo Yang <[EMAIL PROTECTED]> * Allow authentication and memory credential refresh after password change from gdm/xdm. * Allow %u parameters for print job username. Download Details The uncompressed tarballs and patch files have been signed using G
[ANNOUNCE] Samba 3.2.2 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == "Life is trying things to see if they work." Ray Bradbury == Release Announcements = This is a bug fix release of the Samba 3.2 series. Major bug fixes included in Samba 3.2.2 are: o Fix removal of dead records in tdb files. This can lead to very large tdb files and to overflowing partitions as a consequence on systems running an nmbd daemon. o Fix "force group" in setups using Winbind. o Fix freezing Windows Explorer on WinXP while browsing Samba shares. This one led to timeouts during printing as well. o Fix assigning of primary group memberships when authenticating via Winbind. o Fix creation and installation of shared libraries. ## Changes ### Changes since 3.2.1 - --- o Michael Adam <[EMAIL PROTECTED]> * BUG 5592: Fix creation and installation of shared libraries. * Fix replacement of random seed generator. * Fix a race condition in idmap_tdb2_allocate_id(). * Fix unix_convert() for "*" after changing map_nt_error_from_unix(). * Make sure to always set errno on error path in OpenDir. o Jeremy Allison <[EMAIL PROTECTED]> * BUG 5675: Fix smbspool program assuming Kerberos authentication by mistake. * BUG 5686: Fix segfaults in libsmbclient. * BUG 5692: Fix coredump in full_audit.so. * BUG 5696: Fix "force group" in setups using Winbind. * Rename cifs.spnego to cifs.upcall. * Fix segfault in cifs.upcall when it is called without any arguments. * Fix coverity ID 594 (resource leak on error path). * Fix assigning of primary group memberships when authenticating via Winbind. * Several build fixes. o Bartosz Antosik <[EMAIL PROTECTED]> * BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba shares. o Andrew Bartlett <[EMAIL PROTECTED]> * Include stdlib.h to get a prototype for free(). o Yannick Bergeron <[EMAIL PROTECTED]> * Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c. * Use NGROUPS_MAX instead of 32 for the max group value in rep_initgroups(). o Günther Deschner <[EMAIL PROTECTED]> * Fix build warning. * Add add c++ guard to netapi. o Steve French <[EMAIL PROTECTED]> * Fix compile warning in cifs.upcall. * Add "dns_resolver" key type to cifs.upcall. o SATOH Fumiyasu <[EMAIL PROTECTED]> * BUG 5688: Fix orphaned LPQ processes if socket address is invalid. o Volker Lendecke <[EMAIL PROTECTED]> * BUG 5684: Fix removal of dead records in tdb files. * Fix coverity IDs 595, 596. * Fix smb_len calculation for chained requests. o Herb Lewis <[EMAIL PROTECTED]> * Fix output of test status. o Jim McDonough <[EMAIL PROTECTED]> * Fix smbclient connections to older servers. o Andrew Tridgell <[EMAIL PROTECTED]> * Fix a fd leak when trying to regain contact to a domain controller in Winbind. * Fix permissions on ctdb databases. * Fix passing back success when a function had in fact failed in two places. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.2.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIqncxKGi9fisXk1ERAmmoAJ0TbQd+HwfWEc/ylJC4HDxyJcu/NgCfdGok lfKpab2DfKDDUfjlYS1MBNg= =12s+ -END PGP SIGNATURE-
[ANNOUNCE] Samba 3.3.0pre1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Release Announcements = This is the first preview release of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.3.0 include: Configuration/installation: o Splitting of library directory into library directory and separate modules directory. File Serving: o Extended Cluster support. Winbind: o Simplyfied idmap configuration. o Added new parameter "winbind reconnect delay". Administrative tools: o The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. Configure changes = The configure option "--with-libdir" has been removed. The library directory can still be specified by using the existing "--libdir" option. A new option "--with-modulesdir" has been added to allow the specification of a separate directory for the shared modules. Winbind idmap backend changes = The idmap configuration has changed with version 3.3 to something that allows a smoother upgrade path from pre-3.0.25 configurations that use "idmap backend". The reason for this change is that to many, also to Samba developers, the 3.0.25 style configuration with "idmap config" turned out to be very complex. Version 3.3 no longer deprecates the "idmap backend" parameter, instead with "idmap backend" the default idmap backend is specified. Accordingly, the "idmap config : default = yes" setting is no longer being looked at. As another simplification, there can be only one allocating backend. The alloc backend defaults to the default backend, which should be able to allocate IDs. In the default distribution the tdb and ldap backends can allocate, the ad and rid backends can not. The idmap alloc range is now being set with the "old" parameters "idmap uid" and "idmap gid". The "idmap domains" parameter has been removed. winbind reconnect delay === This is a new parameter which specifies the number of seconds the Winbind daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable. ## Changes ### smb.conf changes - Parameter Name Description Default -- --- --- idmap domains Removed init logon delayed hostsNew "" init logon delayNew 100 winbind reconnect delay New 30 Commit Highlights: - -- o Michael Adam <[EMAIL PROTECTED]> * Remove configure option "--with-libdir" and add "--with-modulesdir". * Add "net rpc vampire keytab" and "net rpc vampire ldif". o Jeremy Allison <[EMAIL PROTECTED]> * Add new "winbind reconnect delay" parameter. * Make the change to smbcontrol for "all" to mean broadcast, and "smbd" to mean the main smb daemon. o Guenther Deschner <[EMAIL PROTECTED]> * BUG 5710: Fix changing of machine account passwords. o Volker Lendecke <[EMAIL PROTECTED]> * Rework of the Winbind idmap backend. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/pre/ The release notes are available online at: http://www.samba.org/samba/ftp/pre/WHATSNEW-3-3-0pre1.txt Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIs8r4KGi9fisXk1ERAlFSAJ48tBtzcQcSXsRaIxiOTn1KfZC8WQCfV3U/ SkfURNssFRTqST+dKqU8ams= =sGKf -END PGP SIGNATURE-
[ANNOUNCE] Samba 3.2.4 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === "It is only with one's heart that one can see clearly. What is essential is invisible to the eye." Antoine de Saint-Exupéry === Release Announcements = This is a bug fix release of the Samba 3.2 series. Major bug fixes included in Samba 3.2.4 are: o Fix Winbind crashes. o Fix changing of machine account passwords. o Fix non guest connections to shares when "security = share" is used. o Fix file write times. ## Changes ### Changes since 3.2.3 - --- o Michael Adam <[EMAIL PROTECTED]> * BUG 5590: Fix binary stripping on older OS. * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff. * BUG 5507: Fix several issues in the RHEL SPEC file. * Fix linking of cifs.upcall when nscd_flush_cache() is found. o Jeremy Allison <[EMAIL PROTECTED]> * BUG 5052: Allow inheritable permissions. * BUG 5697: Fix spinning of nmbd in reload_interfaces when only loopback has an IPv4 address. * BUG 5698: Fix non guest connections to shares when "security = share" is used. * BUG 5729: Explicitly allow "-valid". * BUG 5745: Fix Kerberos authentication with (lib)smbclient. * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. * BUG 5761: Fix opening of mangled directory name (resulted 'is a stream name'). * Fix the wcache_invalidate_samlogon calls. * Add st_birthtime and friends for accurate create times on *BSD and MacOSX. * Clarify usage of "force create mode". * Write times code update. o Gerald (Jerry) Carter <[EMAIL PROTECTED]> * Fix Winbind crash. * idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure. o Steven Danneman <[EMAIL PROTECTED]> * Fix build warnings. * Cleanup of DC enumeration in get_dcs(). o Günther Deschner <[EMAIL PROTECTED]> * BUG 5710: Fix changing of machine account passwords. * Fix several build warnings. * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. o James Ding <[EMAIL PROTECTED]> * BUG 5736: Fix Winbind crash bug with trusted domains. o Ephi Dror <[EMAIL PROTECTED]> * Correct the netsamlogon_clear_cached_user function. o Jeff Layton <[EMAIL PROTECTED]> * Fix handling of MSKRB5 OID in cifs.upcall. * Fix build warnings in cifs.upcall. * Change default install location of cifs.upcall to EPREFIX/sbin. * Enable building of cifs.upcall by default on Linux. o Volker Lendecke <[EMAIL PROTECTED]> * BUG 5707: Do proper error handling if the socket is closed. * Fix calculation of useable_space for trans2 and nttrans replies. * Fix Coverity ID 587. * Add mapping of generic bits when setting an NFSv4 ACL. o Stefan Metzmacher <[EMAIL PROTECTED]> * Some write time fixes. o David Leonard <[EMAIL PROTECTED]> * BUG 4516: No IPv6 on Solaris 2.6. o Simo Sorce <[EMAIL PROTECTED]> * BUG 5571: Fix group memeberships in Winbind. o Timur <[EMAIL PROTECTED]> * Fix cut and paste error in quota code. * Fix display of POSIX ACLs. * Fix aio on FreeBSD. o Andrew Tridgell <[EMAIL PROTECTED]> * Avoid a race condition in glibc between AIO and setresuid(). * Add missing become root for AIO operations. * Fix logic of tsmsm_sendfile(). * Fix an errno handling bug that could lead to an infinite loop. * Fix handling of arbitrary new PAC types. o Qiao Yang <[EMAIL PROTECTED]> * Fix a memleak. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.2 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.4.html Binary packages will be made available on a
[ANNOUNCE] Samba 3.3.0pre2 Available for Download
og: * uidNumber * uid * gidNumber A basic config using the current trunk code would look like: [global] idmap backend = adex idmap uid = 1 - 2 idmap gid = 1 - 2 winbind nss info = adex winbind normalize names = yes winbind refresh tickets = yes template homedir = /home/%D/%U template shell = /bin/bash Please refer to the idmap_adex(8) man page for more details. ## Changes ### smb.conf changes - Parameter Name Description Default -- --- --- cups connection timeout New 30 idmap domains Removed init logon delayed hostsNew "" init logon delayNew 100 winbind reconnect delay New 30 Changes since 3.3.0pre1: - o Michael Adam <[EMAIL PROTECTED]> * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff. * BUG 5507: Fix several issues in the RHEL SPEC file. o Jeremy Allison <[EMAIL PROTECTED]> * BUG 5729: Explicitly allow "-valid". * BUG 5737: Fix winbindd crash in an unusual failure mode. * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. * BUG 5762: Fix opening of mangled directory name (resulted 'is a stream name'). * BUG 5783: Fix FindFirst where search pattern == mangled filename. * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file disposition. * BUG 5797: Fix moving of readonly files. * Fix crashes when looking up a non-existant uid. * Fix getting/setting of NT ACLs on a file. * Add st_birthtime and friends for accurate create times on *BSD and MacOSX). * Fix the wcache_invalidate_samlogon calls. * Clarify usage of "force create mode". * Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid mappings. * Write times code update. * Add experimental version of VFS module acl_xattr. * Fix rename_open_files. * Make SMB traffic analyzer VFS module more efficient. o Gerald W. Carter <[EMAIL PROTECTED]> * Fix segfault when calling nss_get_info() with a NULL ads structure. * Add support for name aliasing in Winbind. * Add the idmap/nss-info provider from Likewise Open. * Allow an admin to define the "uid" attribute for a RFC2307 user object in AD to be the username alias. * Add new idmap backend "adex" to support RFC2307 enabled AD forests. * Add new idmap backend "hash". o Steven Danneman <[EMAIL PROTECTED]> * Fix build warnings. * Cleanup of DC enumeration in get_dcs(). o Günther Deschner <[EMAIL PROTECTED]> * BUG 5710: Fix changing of machine account passwords. * BUG 5784: Fix pam_winbind build issue on Solaris. * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. * Fix double installation of cifs.upcall. * Add change-user-password command to wbinfo. * Fix segfault in _srvsvc_NetShareAdd. o James Ding <[EMAIL PROTECTED]> * BUG 5736: Fix Winbind crash bug with trusted domains. o Ephi Dror <[EMAIL PROTECTED]> * Correct the netsamlogon_clear_cached_user function. o Holger Hetterich <[EMAIL PROTECTED]> * Add new VFS module to analyze SMB traffic to record write and read operations on the Samba server. o Jeff Layton <[EMAIL PROTECTED]> * Fix build warnings in cifs.upcall. o Volker Lendecke <[EMAIL PROTECTED]> * BUG 5707: Do proper error handling if the socket is closed. * BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined. * Fix Coverity IDs 587 and 589. * Increase the default positive idmap cache time to a week. * Fix calculation of useable_space for trans2 and nttrans replies. * Add mapping of generic bits when setting an NFSv4 ACL. o Stefan Metzmacher <[EMAIL PROTECTED]> * Some write time fixes. o Karolin Seeger <[EMAIL PROTECTED]> * Add new parameter "cups connection timeout". o Simo Sorce <[EMAIL PROTECTED]> * Fix enumeration of nested group memberships in Winbind. This affected only setups using "security = ads". o Timur <[EMAIL PROTECTED]> * Fix cut and paste error in quota code. * Fix display of POSIX ACLs. * Fix aio on FreeBSD. o Andrew Tridgell <[EMAIL PROTECTED]> * Fix permissions of group_mapping.ldb (CVE-2008-3789). * Avoid a race condition in glibc between AIO and setresuid(). * Add missing become root for AIO operations. * Fix an errno handling bug that could lea
[Announce] Samba 3.0.33 Available for Download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Release Announcements
=
This is a security release in order to address CVE-2008-4314 ("Potential leak of
arbitrary memory contents").
o CVE-2008-4314
Samba 3.0.29 to 3.2.4 can potentially leak
arbitrary memory contents to malicious
clients.
The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/
##
Changes
###
Changes since 3.0.32
-
o Volker Lendecke <[EMAIL PROTECTED]>
* Fix for CVE-2008-4314.
##
Reporting bugs & Development Discussion
###
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.0 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==
Download Details
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.0.33.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFJLp7tKGi9fisXk1ERAhZGAJ9UOFqXLPrb8Z4v2O83Ht84nVLr4ACfQ6GL
UaJdiooCI0vaNmw+O0lIGao=
=fe4K
-END PGP SIGNATURE-
[Announce] Samba 3.3.0rc1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Release Announcements = This is the first release candidate of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.3.0 include: Configuration/installation: o Splitting of library directory into library directory and separate modules directory. File Serving: o Extended Cluster support. Winbind: o Simplified idmap configuration. o New idmap backends "adex" and "hash". o Added new parameter "winbind reconnect delay". o Added support for user and group aliasing. Administrative tools: o The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. o The 'net' utility can now use kerberos for joining and authentication. o The 'wbinfo' utility can now add, modify and remove identity mapping entries. Libraries: o NetApi library implements various new calls for User- and Group Account Management. Configure changes = The configure option "--with-libdir" has been removed. The library directory can still be specified by using the existing "--libdir" option. A new option "--with-modulesdir" has been added to allow the specification of a separate directory for the shared modules. Winbind idmap backend changes = The idmap configuration has changed with version 3.3 to something that allows a smoother upgrade path from pre-3.0.25 configurations that use "idmap backend". The reason for this change is that to many, also to Samba developers, the 3.0.25 style configuration with "idmap config" turned out to be very complex. Version 3.3 no longer deprecates the "idmap backend" parameter, instead with "idmap backend" the default idmap backend is specified. Accordingly, the "idmap config : default = yes" setting is no longer being looked at. The alloc backend defaults to the default backend, which should be able to allocate IDs. In the default distribution the tdb and ldap backends can allocate, the ad and rid backends can not. The idmap alloc range is now being set with the "old" parameters "idmap uid" and "idmap gid". The "idmap domains" parameter has been removed. winbind reconnect delay === This is a new parameter which specifies the number of seconds the Winbind daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable. Winbind's Name Aliasing === Name aliasing in Winbind is a feature that allows an administrator to map a fully qualified user or group name from a Windows domain to a convenient short name for Unix access. This is similar to the username map functionality supported by smbd but is primary intended for clients and servers making use of Winbind's PAM and NSS libraries. For example, the user "DOMAIN\fred" has been mapped to the Unix name "freddie". $ getent passwd "DOMAIN\fred" freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash $ getent passwd freddie freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash The name aliasing support is provided by individual nss_info plugins. For example, the new "adex" plugin reads the uid attribute from Active Directory to make a short login name to the fully qualified name. While the new "hash" module utilizes a local file to map "short_name = QUALIFIED\name". Both user and group name mapping is supported. Please refer to the "winbind nss info" option in smb.conf(5) and to individual plugin man pages for further details. idmap_hash == The idmap_hash plugin provides similar support as the idmap_rid module. However, uids and gids are generated from the full domain SID using a hashing algorithm that maps the lower 19 bits from the user or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit uid or gid that is consistent across machines and provides support for trusted domains. Please refer to the idmap_hash(8) man page for more details. idmap_adex == The adex idmap/nss_info plugin is an adaptation of the Likewise Enterprise plugin with support for OU based cells removed (since the Windows pieces to manage the cells are not available). This plugin supports * The RFC2307 schema for users and groups. * Connections to trusted domains * Global catalog searches * Cross forest trusts * User and group aliases Prerequisite: Add the following attributes to the Partial Attribute Set in global catalog: * uidNumber * uid * gidNumber A basic config using the current trunk code would look like: [global] idmap backend = adex idmap uid = 1 - 2 i
[Announce] Samba 3.2.5 Available for Download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Release Announcements
=
This is a security release in order to address CVE-2008-4314 ("Potential leak of
arbitrary memory contents").
o CVE-2008-4314
Samba 3.0.29 to 3.2.4 can potentially leak
arbitrary memory contents to malicious
clients.
The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/
##
Changes
###
Changes since 3.2.4
- ---
o Volker Lendecke <[EMAIL PROTECTED]>
* Fix for CVE-2008-4314.
##
Reporting bugs & Development Discussion
###
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==
Download Details
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.2.5.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFJLp71KGi9fisXk1ERAkceAJwLWd1ju3k+8eAOCLADSffvnfoWjQCff0Zf
w0Tpitu7/FNoMHR/oiUS9bI=
=wLET
-END PGP SIGNATURE-
[ANNOUNCE] Samba 3.2.6 Available for Download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
===
"Myths are public dreams,
dreams are private myths."
Joseph Campbell
===
Release Announcements
=
This is a bug fix release of the Samba 3.2 series.
Major enhancements included in Samba 3.2.6 are:
o Fix Winbind crash bugs.
o Fix moving of readonly files.
o Fix "write list" in setups using "security = share".
o Fix access to cups-printers with cups 1.3.4.
o Fix timeouts in setups with large groups.
o Fix several bugs concerning Alternate Data Streams.
o Add new SMB traffic analyzer VFS module.
##
Changes
###
Changes since 3.2.5
- ---
o Michael Adam
* BUG 5677: Fix test_{shlibs,nss_modules,pam_modules} on Solaris.
* BUG 5765: Fix installlibs on solaris by using portable "test -r".
* Fix potential segfault in vfs_tsmsm.
* Don't list the domain twice when expanding internal aliases.
* Fix the output of "getent group" when "winbind use default domain = yes"
with "security = ads".
* Add domain prefix to username in lookup_groupmem().
* Prevent negative GM/ cache entries due to broken connections.
* Fix crash in sync_eventlog_params().
* Fix timeouts when calling 'getgrent'.
* Fix smbd hanging on Solaris when winbindd closes socket.
o Jeremy Allison
* BUG 1254: Fix "write list" in setups using "security = share".
* BUG 5080: Fix access to cups-printers with cups 1.3.4.
* BUG 5737: Fix Winbind crash in an unusual failure mode.
* BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
* BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
disposition.
* BUG 5797: Fix moving of readonly files.
* BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
* BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
* BUG 5825: Fix account locking with LDAP backend.
* BUG 5826: Fix truncated filenames when accessing old servers.
* BUG 5889: Fix "delete veto files = no".
* BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
list".
* BUG 5900: Fix vfs_readonly.
* BUG 5903: Fix vfs_streams_xattr breaking contents of files.
* BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
request.
* BUG 5914: Fix build failure: redefinition of struct name_list.
* BUG 5937: Fix filenames with "*" char hiding other files.
* BUG 5953: Fix smbclient crashes.
* Fix rename_open_files.
* Restructure VFS SMB traffic analyzer VFS module.
* Correctly fix smbclient to terminate on eof from server.
* Unify access checks for lsa server functions.
* Remove the requirement for ldap call made as root.
* Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
* Fix net rpc vampire, based on an *amazing* piece of debugging work by
"Cooper S. Blake" .
* Fix Coverity IDs 456, 574, 592, 606 and 607.
* Fix net rpc vampire.
o Gerald (Jerry) Carter
* Use the same prerequisite for DDNS update as Windows XP.
* Make "lwinet ads dns register" honor the "interfaces" parameter.
o Steven Danneman
* Fix extended DN parse error when AD object does not have a SID.
o Guenther Deschner
* BUG 5888: Fix PNP_GetHwProfInfo().
* BUG 5957: Do not abort rename process on valid rename script.
* BUG 5898: Fix 'net rpc shutdown'.
* Fix duplicate installation of cifs.upcall.
* Fix _srvsvc_NetShareAdd segfault.
* Ensure consistency when reporting password complexity.
* Fix _lsa_GetUserName.
* Fix access check in _samr_QuerySecurity().
* _samr_DeleteUser needs to wipe out the user_handle on success.
* NetGroupEnum_r needs to handle servers with no groups.
o Mathias Dietz
* Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
o Dina Fine
* BUG 5908: Fix internal change notify on shared directory.
o Nils Goroll
* BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
o Henning Henkel
* BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
and GPFS.
o Holger Hetterich
* Add new VFS module to analyze SMB traffic
o Tomasz Krasuski
* BUG 5928: Fix 'testparm --version'.
o Jeff Layton
* Have uppercase_string return success on NULL pointer in mount.cifs.
* Make mount.cifs return codes match the return codes for /bin/mount.
* Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
o Volker Lendecke
* BUG 5691: Fig smbd panic on Solaris.
* BUG 5778: Check if strlcpy and strlcat
[ANNOUNCE] Samba 3.3.0rc2 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Release Announcements = This is the second release candidate of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.3.0 include: Configuration/installation: o Splitting of library directory into library directory and separate modules directory. File Serving: o Extended Cluster support. Winbind: o Simplified idmap configuration. o New idmap backends "adex" and "hash". o Added new parameter "winbind reconnect delay". o Added support for user and group aliasing. o Added support for multiple domains to idmap_ad. Administrative tools: o The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. o The 'net' utility can now use kerberos for joining and authentication. o The 'wbinfo' utility can now add, modify and remove identity mapping entries. Libraries: o NetApi library implements various new calls for User- and Group Account Management. Configure changes = The configure option "--with-libdir" has been removed. The library directory can still be specified by using the existing "--libdir" option. A new option "--with-modulesdir" has been added to allow the specification of a separate directory for the shared modules. Winbind idmap backend changes = The idmap configuration has changed with version 3.3 to something that allows a smoother upgrade path from pre-3.0.25 configurations that use "idmap backend". The reason for this change is that to many, also to Samba developers, the 3.0.25 style configuration with "idmap config" turned out to be very complex. Version 3.3 no longer deprecates the "idmap backend" parameter, instead with "idmap backend" the default idmap backend is specified. Accordingly, the "idmap config : default = yes" setting is no longer being looked at. The alloc backend defaults to the default backend, which should be able to allocate IDs. In the default distribution the tdb and ldap backends can allocate, the ad and rid backends can not. The idmap alloc range is now being set with the "old" parameters "idmap uid" and "idmap gid". The "idmap domains" parameter has been removed. winbind reconnect delay === This is a new parameter which specifies the number of seconds the Winbind daemon will wait between attempts to contact a Domain controller for a domain that is determined to be down or not contactable. Winbind's Name Aliasing === Name aliasing in Winbind is a feature that allows an administrator to map a fully qualified user or group name from a Windows domain to a convenient short name for Unix access. This is similar to the username map functionality supported by smbd but is primary intended for clients and servers making use of Winbind's PAM and NSS libraries. For example, the user "DOMAIN\fred" has been mapped to the Unix name "freddie". $ getent passwd "DOMAIN\fred" freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash $ getent passwd freddie freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash The name aliasing support is provided by individual nss_info plugins. For example, the new "adex" plugin reads the uid attribute from Active Directory to make a short login name to the fully qualified name. While the new "hash" module utilizes a local file to map "short_name = QUALIFIED\name". Both user and group name mapping is supported. Please refer to the "winbind nss info" option in smb.conf(5) and to individual plugin man pages for further details. idmap_hash == The idmap_hash plugin provides similar support as the idmap_rid module. However, uids and gids are generated from the full domain SID using a hashing algorithm that maps the lower 19 bits from the user or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit uid or gid that is consistent across machines and provides support for trusted domains. Please refer to the idmap_hash(8) man page for more details. idmap_adex == The adex idmap/nss_info plugin is an adaptation of the Likewise Enterprise plugin with support for OU based cells removed (since the Windows pieces to manage the cells are not available). This plugin supports * The RFC2307 schema for users and groups. * Connections to trusted domains * Global catalog searches * Cross forest trusts * User and group aliases Prerequisite: Add the following attributes to the Partial Attribute Set in global catalog: * uidNumber * uid * gidNumber A basic config using the current trunk code would look like: [global] idmap backend
[ANNOUNCE] Samba 3.2.7 Available for Download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Release Announcements
=
This is a security release in order to address CVE-2009-0022.
o CVE-2009-0022
In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
access to the root filesystem ("/") is granted
when connecting to a share called "" (empty string)
using old versions of smbclient (before 3.0.28).
The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/
##
Changes
###
Changes since 3.2.6
- ---
o Michael Adam
* Fix for CVE-2009-0022.
##
Reporting bugs & Development Discussion
###
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==
Download Details
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.2.7.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFJXhVRKGi9fisXk1ERAqTvAJ4iQTKVD89WATjuG6go3wXDglTw1ACgiIUe
vJ+ZMc/94JY9cCM1p6RdFGQ=
=/PRE
-END PGP SIGNATURE-
[Announce] Samba 3.0.34 Maintainance Release Available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === "Minds are like parachutes. They only function when they are open." Sir James Dewar === Release Announcements = This is a bug fix release of the Samba 3.0 series. Major enhancements included in Samba 3.0.34 are: o Fix update of machine account passwords. o Fix SMB signing issue on Windows Vista with MS Hotfix KB955302. o Fix Winbind crashes. o Correctly detect if the current dc is the closest one. o Add saf_join_store() function to memorize the dc used at join time. This avoids problems caused by replication delays shortly after domain joins. o Fix write list in setups using "security = share". ## Changes ### Changes since 3.0.33 - o Michael Adam * Fix linking cifs.upcall when nscd_flush_cache() is found. * Fix smbd hanging on Solaris when winbindd closes socket. * Use the reconnect methods instead of the rpc methods directly. o Jeremy Allison * BUG 1254: Fix write list in setups using "security = share". * BUG 5052: Not work cancel inheritance on share. * BUG 5729: Explicitly allow "-valid" parameter. * BUG 5737: Fix Winbind crash in an unusual failure mode. * BUG 5750: Fix SMB signing issue on Windows Vista with MS Hotfix KB955302. * BUG 5751: Backport to fix showing of ACLson DFS with smbclient. * BUG 5790: Fix returning STATUS_OBJECT_NAME_NOT_FOUND on set file disposition call. * BUG 5814: Fix core dump of Winbind while doing "rescan_trusted_domain". * BUG 5873: Fix ACL inheritance. * BUG 5914: Fix build failure (redefinition of struct name_list). * BUG 5937: Fix filenames with "*" char hiding other files. * BUG 6019: File corruption in Clustered SMB/NFS environment managed via CTDB. * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery. * Remove unecessary msync. * Rename cifs.spnego to cifs.upcall. * Fix segfault when execution cifs.upcall without any arguments. * Ensure we emit the notify message before renaming the open files. * Fix use of DLIST_REMOVE. * Cope with bad trans2mkdir requests from System in QNTC IBM SMB client. * Fix memory leak in error path. * Fix logic bug introduced in backport of ccache_regain_all_now. o Kai Blin * Reformat the WBFLAGS defines to prepare for adding a new flag. * Put huge NTLMv2 blobs into extra_data on CRAP auth. o Günther Deschner * BUG 5710: Fix update of machine account passwords. * Define NET_SRVPWSET2 call. * Net should just use machine account creds when changing passwords. * Fix net_io_q_srv_pwset2. o Carsten Dumke * BUG 5892: Fix documentation of net rap printq info. o Dina Fine * BUG 5908: Fix failing of internal change notify on share directory. o Steve French * Fix compile warning in cifs.upcall. * Fix cifs.upcall manpage and comments. o Jeff Layton * Build cifs.upcall by default on Linux. * Fix negatively instantiate keys on error in cifs.upcall. * Handle handle MSKRB5 OID properly in cifs.upcall. * Bump SPNEGO msg version number and don't reject old versions in cifs.upcall. * Fix several problems when mounting subdirectories of shares in mount.cifs. * Don't prompt for password on krb5 mounts in mount.cifs. * Have uppercase_string return success on NULL pointer in mount.cifs. * Make return codes match the return codes for /bin/mount in mount.cifs. * Use lock/unlock_mtab scheme from util-linux-ng mount prog. o Volker Lendecke * BUG 5965: Fix creation of the first share using SWAT. * Fix bug triggered by the RAW-SAMBA3OPLOCKLOGOFF test. o David Leonard * BUG 4516: No IPv6 on Solaris 2.6. o Igor Mammedov * Add support for cifs.spnego helper into configure and Makefile.in. * Add checks for spnego prereq keyutils.h and kerberos in configure.in. * Add helper source for handling cifs kernel module upcall for kerberos authorization. * Add -c option to set service prefix to "cifs" in service principal by default service prefix "host" is used. * Add support for cifs.resolver upcall. o Stefan Metzmacher * Correctly detect if the current dc is the closest one. * For CLDAP we need to use get_sorted_dc_list() to avoid recursion. * Add fallback to return all dcs, when none is available in the requested site. * Add saf_join_store() function to memorize the dc used at join time. * Return an error instead of crashing when no realm is given. * Handle the SMB signing states the same in
[Announce] Samba 4 alpha6 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are proud to finally announce another alpha release of Samba 4. What's new in Samba 4 alpha6 Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. Samba4 alpha6 follows on from the alpha release series we have been publishing since September 2007 WARNINGS Samba4 alpha6 is not a final Samba release. That is more a reference to Samba4's lack of the features we expect you will need than a statement of code quality, but clearly it hasn't seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find many things work, but that other key features you may have relied on simply are not there yet. For example, while Samba 3.0 is an excellent member of a Active Directory domain, Samba4 is happier as a domain controller, and it is in this role where it has seen deployment into production. Samba4 is subjected to an awesome battery of tests on an automated basis, we have found Samba4 to be very stable in it's behaviour. We have to recommend against upgrading production servers from Samba 3 to Samba 4 at this stage, because there may be the features on which you may rely that are not present, or the mapping of your configuration and user database may not be complete. If you are upgrading, or looking to develop, test or deploy Samba4, you should backup all configuration and data. NEW FEATURES Samba4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. The new VFS features in Samba 4 adapts the filesystem on the server to match the Windows client semantics, allowing Samba 4 to better match windows behaviour and application expectations. This includes file annotation information (in streams) and NT ACLs in particular. The VFS is backed with an extensive automated test suite. A new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals. The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports standards compliant LDAP servers (including OpenLDAP), and we are working on modules to map between AD-like behaviours and this backend. We are aiming for Samba 4 to be powerful frontend to large directories. CHANGES SINCE Alpha5 = In the time since Samba4 Alpha5 was released in June 2008, Samba has continued to evolve, but you may particularly notice these areas (in no particular order): The source code for various libraries that are used by both Samba 3 and Samba 4 are now shared between the two rather than duplicated (and being slightly diverged). The tevent library has been split out and is now usable on its own. Several crash bugs and memory leaks in the registry library have been fixed. The Python modules have been extended and are no longer generated using SWIG. Stream renames are now supported. The provision script now has an interactive mode. The (broken) copy of CTDB has been removed. More work towards supporting an OpenLDAP backend. Initial work on using the Microsoft LDAP schema. The storage of schemas in LDB is now much more efficient. Support for extended DNs in LDB has been added. Incoming trusts are now supported. Compatibility of the registry server with several Windows versions has been improved. Improvements to LSA.idl for better functionality in the usrmgr.exe. Improved handling of non-standard characters in passwords. The embedded JavaScript library has been removed in favor of Python. The WMI implementation has been re-added, but does not completely work yet. xpress compression is now supported in the NDR layer. The main binary is now named "samba" rather than "smbd". A simple script for setting the expiration of a user was added. The LDB library is now completely asynchronous internally. Various unknowns and correctness issues in the drsblobs and drsuapi RPC interface implementations have been fixed. It is now possible to connect to an LDAP backend using SASL credentials. Multi-fragment NTtrans request support has been added. The DCE/RPC server can now listen on a separate pipe to allow DCE/RPC connections forwarded from Samba 3. The user credentials are provided by the client. A large number of bugs in the SMB2 implementation have been fixed. Auxiliary cla
[Announce] Samba 3.3.0 Available for Download
tem when connecting with empty service name.
* Fix distclean target and add realdistclean target in the docs build.
* Add manpage for idmap_tdb2.
* Clarify idmap manpages.
o Kai Blin
* BUG 5953: Fix smbclient crashes.
o Gerald (Jerry) Carter
* Fix "allow trusted domain" so it disables trusted domains.
* Return immediately on a failed GC connection in ads_connect.
o SATOH Fumiyasu
* Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
* Fix SIGBUS on non-x86 CPUs in libsmbclient.
* Fix a compile-time warning.
o Holger Hetterich
* Add a simple tdb integrity check to tdbtool.
o Björn Jacke
* Correct the description of the "ldap timeout" parameter.
o Volker Lendecke
* BUG 5913: Fix build error with at least GCC 4.2.2.
* BUG 5933: Fix incrementing/decrementing of num_validated_vuids.
* BUG 5953: Make cli_send_smb_direct_writeX use writev.
* BUG 5965: Fix creation of the first share using SWAT.
* BUG 5969: Optimize smbclient put command.
* BUG 6012: Add "get_real_filename" to full_audit.
* BUG 6014: Fix segfault when calling mget without arguments.
* Fix a spinning smbd when printing.
* Fix a memory leak in cups_pull_comment_location.
* Fix a valgrind error.
* Fix a "ignoring function call result" warning.
* Fix some C++ warnings.
* Fix an ancient uninitialized variable read.
* Fix a bad memleak in vfs_full_audit.
o Derrell Lipman
* BUG 6022: Make smbc_urlencode and smbc_urldecode in libsmbclient.
* Determine case sensitivity based on file system attributes.
o Stefan Metzmacher
* net_status: Use dbwrap to open sessionid.tdb.
* Fix dbwrap_store_uint32() to match dbwrap_store_int32().
* Make marshalling struct samu from and to a buffer more generic.
* Store the next rid counter in passdb.tdb instead of winbind_idmap.tdb.
* Register the client connection via CTDB_CONTROL_TCP_ADD.
* Don't need to call messaging_reinit() twice.
* Raise TDBSAM_VERSION.
* Add manpage for vfs_fileid.
* Rename 'fd_event' to 'winbindd_fd_event' to avoid confusion.
* Recreate the per domain check_online_event without relying on global
state.
* Handle the smb signing states the same in the krb5 and ntlmssp cases.
* Re-add 'fileid:algorithm' option to vfs_fileid.
* Fix CTDB IPv6 support in cluster setups.
* Reinit_after_fork() should reinit the event context before the
messaging context.
* Fix PCAP support in socket_wrapper.
o Lars Müller
* Tweak with pam defines of older Linux versions.
o Tim Prouty
* Fix stream marshalling to return the correct streaminfo status.
* Allow renames of streams via NTRENAME and fix stream error codes on
rename.
* Remove a few unnecessary checks from the streams xattr module.
* Remove a few unnecessary checks from the streams depot module and fix to
work with NTRENAME.
o Andreas Schneider
* Fix a segfault if ? is there but the options are NULL.
* Avoid flooding of syslog with failing pam_putenv messages.
o Karolin Seeger
* BUG 6000: Avoid bashism in perfcount.init.
* Change default value of "ldap ssl" to "start tls".
* Update version number in the manpages.
* Fix several small issues and typos in the manpages.
* Check if Unix account exists before asking for the password in smbpasswd.
o Todd Stecher
* Fix memory leaks and other fixes found by Coverity.
o Bo Yang
* Clean event context after child is forked.
* Fix broken krb5 refresh chain.
* Set entry->refresh_time to make ccache_regain_all_now() work correctly.
* Refresh sequence number as soon as possible.
* Don't set child->requests to NULL in parent after fork.
* Don't send message to any other child in child process.
* Fix bug in get_dc_name_via_netlogon(), null pointer reference.
Download Details
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.3.0.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkl+xKQACgkQKGi9fisXk1FTtACfZmxpMxe+hf3NA3GZSphyIpZV
ePQAn3cVMjNJ4NpZpV/DDP3m3CNu7G9z
=Bf7U
-END PGP SIGNATURE-
[Announce] Samba 3.2.8 Maintainance Release Available
Add vfs_fileid manpage. o Lars Müller * Tweak with pam defines of older Linux versions. * Adjust regex to match variable names including underscores. * Conditional install of the cifs.upcall man page. o Tim Prouty * Fix stream marshalling to return the correct streaminfo status. * Fix a delete on close divergence from Windows. * Allow renames of streams via NTRENAME and fix stream error codes on rename. * Remove a few unnecessary checks from the streams depot module and fix to work with NTRENAME. * Remove a few unnecessary checks from the streams xattr module. * Remove a few unnecessary checks from the streams xattr module. o Andreas Schneider * Fix a segfault if ? is there but the options are NULL. * Avoid flooding of syslog with failing pam_putenv messages. * Document default of the printing config variable. * Use talloc_tos() instead of the talloc NULL context. o Karolin Seeger * BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs. * BUG 6000: Avoid bashism in perfcount.init. * Change default value for "ldap ssl" to "start tls". * Several documentation improvements/typo fixes. * Fix syntax error in samba.spec.tmpl. * Check if Unix account exists before asking for the password in smbpasswd. * Add manpage for vfs_shadow_copy2. o Richard Sharpe * Fix mistake in DEBUG message. o Andrew Tridgell * Keep compatibility with v3-0-ctdb name for fileid:mapping option. o Bo Yang * Clean event context after child is forked. * Refresh sequence number as soon as possible. * Don't set child->requests to NULL in parent after fork. * Backport of the clean event context after fork and krb5 refresh chain fixes. * Fix null pointer refrence in event context. * Don't send message to any other child in child process. * Fix bug in get_dc_name_via_netlogon(), null pointer refrence. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.2 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.8.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmIbvEACgkQKGi9fisXk1FzPQCfaUMOPwenxD6ylu9rXJs1V05/ 4NIAoJHSKXfqyiOKYcJ3P2mD4HoRRBZO =5UHm -END PGP SIGNATURE-
[Announce] Samba 3.3.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = "There are two ways to write error-free programs; only the third one works." Alan J. Perlis = Release Announcements = This is the latest bugfix release release of the Samba 3.3 series. Major enhancements in Samba 3.3.1 include: * Fix net ads join when "ldap ssl = start tls" (bug #6073). * Fix renaming/deleting of files using Windows clients (bug #6082). * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090). * Fix remotely adding a share via the Windows MMC. ## Changes ### smb.conf changes - Parameter Name Description Default -- --- --- ldap ssl adsNew No Changes since 3.3.0: - o Jeremy Allison * BUG 6082: Fix renaming/deleting of files using Windows clients. * BUG 6069: Fix build with too many arguments. * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink. * BUG 6099: Try to fix domain join of Win7 Beta. * BUG 6117: Fix core dump of pdbedit -a. * BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem. * Fix Coverity IDs 115, 116, 117, 602. * Fix warning (bad handler prototype). * Unify the detection of the timespec code in configure.in, and the application of it in time.c. * Correctly use chroot(). * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered" read from the rpc packet in spoolss is under that size. * Backport the semantics of when to delete alternate data streams on a file truncate. * Fix printf warnings. * Fix warnings on Solaris. o Michael Adam * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. * BUG 6073: Prevent ads_connect() from using SSL unless explicitly requested. * Fix 'getent passwd' to allocate new uids. * Fix 'getent group' to allocate new gids. * Remove check for sharename being a username in 'net conf addshare'. o Guenther Deschner * Fix Coverity ID 848. * Remove unused ENUM_HND from 'net'. * Fix getform command asprintf return code in rpcclient. * Fix memleak in get_remote_printer_publishing_data(). * Remove duplicate prototypes for generated rpc server functions. o Holger Hetterich * Enable total anonymization in vfs_smb_traffic_analyzer. o Bjoern Jacke * Fix build with external dns_sd libraries. * Fix configure check "sub-second timestamps without struct timespec". * Add configure check for AIX style sub-second resolution support. * Add configure check for Tru64 sub-second timestamp resolution. * Add Tru64 sub-second resolution timestamp support. * Enable IPv6 support for NetBSD and FreeBSD. * Use correct BSD evironment variable. o Guenter Kukkukk * Don't try and delete a default ACL from a file. o Volker Lendecke * BUG 5798: CFLAGS info lost in configure. * Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880. * Fix remotely adding a share via the Windows MMC. * Avoid valgrind errors. * Fix 'net rpc join' for users with the SeMachineAccountPrivilege. * Fix resume handle for _samr_EnumDomainGroups. * Fix a buffer handling bug when adding lots of registry keys. * Fix a O(n^2) algorithm in regdb_fetch_keys(). o Jeff Layton * Initialize rc to 0 in main in mount.cifs. o Derrell Lipman * BUG 6069: Add a fstatvfs function for libsmbclient. * Eliminate compiler warnings. o Glenn Machin * Don't miss an absolute pathname as a kerberos keytab path. o Stefan Metzmacher * BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. * Make Samba work with older ctdb versions. * Add S-1-22-X-Y sids to the local token. o Lars Mueller * Conditional install of the cifs.upcall man page. * Adjust regex to match variable names including underscores. o Shirish Pargaonkar * BUG 4370: Clean-up entries in /etc/mtab after unmount. * Add fakemount (-f) and nomtab (-n) flags to mount.cifs. o Ted Percival * Fix a crash during name resolution. o Tim Prouty * Fix "assignment discards qualifiers from pointer target type" warnings. * Fix SMB_VFS_RECVFILE/SENDFILE macros. o Karolin Seeger * Change "ldap ssl:ads" parameter to "ldap ssl ads". * Add manpages for vfs_acl_xattr and vfs_acl_tdb. o Dan S
[Announce] Samba 3.3.2 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = "The superfluous, a very necessary thing." Voltaire = Release Announcements = This is the latest bugfix release release of the Samba 3.3 series. Major enhancements in Samba 3.3.2 include: * Fix "force group" (bug #6155). * Fix saving of files on Samba share using MS Office 2007 (bug #6160). * Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. * Fix corruptions of source path in tar mode of smbclient (bug #6161). ## Changes ### Changes since 3.3.1: - o Jeremy Allison * BUG 6082: Fix renaming and deleting of directories using Windows clients. * BUG 6154: Make ZFS honor admin users. * BUG 6155: Fix "force group". * BUG 6160: Fix saving of files on Samba share using MS Office 2007. * BUG 6161: Fix corruptions of source path in tar mode of smbclient. * Fix some NetBSD warnings. * Fix bug in processing of open modes in POSIX open. * Fix use of streams modules with CIFSFS client. * Ensure ACL modules work with POSIX paths. * Use fsp->posix_open in preference if we have it. * Fix more POSIX path lstat calls. o Andrew Tridgell * Fix a bug in message handling for the change notify code. o Steven Danneman * Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. o Steve French * BUG 4640: Fix guest mounts in mount.cifs. * Fix displaying the version string properly when no other parameters passed in in mount.cifs. o Björn Jacke * Prefer gssapi header files from subdirectory. o Volker Lendecke * BUG 6124: Fix the build on IRIX. * BUG 6176: winbindd -n should disable the winbind idmap cache. * Add a vfs_preopen module to hide fs latencies. * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. * Fix a valgrind error / segfault in dns_register_smbd(). o Stefan Metzmacher * Fix build on SLES8. * Decremented by 1 for ntcancel requests. o Tim Prouty * Fix creation of core files. o Dan Sledz * Fix first mapping of uids/gids in Winbind. o Bo Yang * Initialize the id_map status in idmap_ldap to avoid surprise. * Fix initialization of idmap status. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.2.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkm5HukACgkQKGi9fisXk1FlQwCfRKgZX/XSiKcoZMepHzf/fzUE DVkAoIg1Hlk6iOgYkbBq30iaKn8vBMvO =xdpy -END PGP SIGNATURE-
[Announce] Samba 3.2.9 Maintenance Release Available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "In summer, the song sings itself." William Carlos Williams Release Announcements = This is a maintenance release of the Samba 3.2 series. Major enhancements included in Samba 3.2.9 are: o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). o Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. o Fix corruptions of source path in tar mode of smbclient (bug #6161). ## Changes ### Changes since 3.2.8 - --- o Michael Adam * Add script fill-templates. * Make update-pkginfo callable from any directory. o Jeremy Allison * BUG 6099: Samba returns incurrate capabilities list. * BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem. * BUG 6161: smbclient corrupts source path in tar mode. * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly. * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. * Correctly use chroot(). * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered" read from the rpc packet in spoolss is under that size. * Fix Coverity ID 602. * Backport the semantics of when to delete alternate data streams on a file truncate. * Allow set attributes on a stream fnum to be redirected to the base filename. * Fix use of streams modules with CIFSFS client. * Fix more POSIX path lstat calls. * Allow DFS client paths to work when POSIX pathnames have been selected. * Try and fix the build farm RAW-STREAMS errors. * Ensure files starting with multiple dots are hidden. o Steven Danneman * Fix guest auth when Winbind is running. o Günther Deschner * BUG 6102: NetQueryDisplayInformation could return wrong information. * BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif(). * Fix memleak in get_remote_printer_publishing_data(). * Add pidl in order to be able to regenerate librpc functions. * Fix Coverity IDs 722, 762. o Steve French * cifs mount fix for handling -V parameter. * Fix guest mounts. o Holger Hetterich * Enable total anonymization in vfs_smb_traffic_analyzer. o Björn Jacke * Enable IPv6 support for NetBSD and FreeBSD. * Prefer gssapi header files from subdirectory. * Fix build on old Heimdal based systems. * Use parentheses in if condition to make negation clear. o Günter Kukkukk * Don't try and delete a default ACL from a file. o Jeff Layton * Initialize rc to 0 in main. o Volker Lendecke * BUG 6100: Complete fix. * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. * BUG 6097: Fix smbd segfault. * Fix remotely adding a share via MMC. * Fix resume handle for _samr_EnumDomainGroups. * Fix Coverity IDs 742, 744, 745, 879, 880. * Fix a buffer handling bug when adding lots of registry keys. * Fix a O(n^2) algorithm in regdb_fetch_keys(). * Fix an uninitialized variable warning. * Fix a valgrind error / segfault in dns_register_smbd(). * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. * Fix a malloc/talloc mismatch when cli_initialise() fails. * Fix a valgrind error. * Fix two memleaks in the encryption code. * Fix gcc 4.4 compile warning. * Fix a scary "fill_share_mode_lock failed" message. o Derrell Lipman * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. o Stefan Metzmacher * BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. * Add S-1-22-X-Y sids to the local token. * Add idl for netr_LogonGetCapabilities(). * Fix the build on SLES8. * Fix smb signing for fragmented trans/trans2/nttrans requests. o Glenn Machin * Don't miss an absolute pathname as a kerberos keytab path. o Shirish Pargaonkar * Clean-up entries in /etc/mtab after unmount. * Add fakemount (-f) and nomtab (-n) flags to mount.cifs. o Ted Percival * Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg (e.g. Solaris). o Tim Prouty * Fix SMB_VFS_RECVFILE/SENDFILE macros. * Parse_packet can return NULL which is then dereferenced in match_mailslot_name. o Dan Sledz * Fix double free caused by incorrect talloc_steal usage. o Aravind Sriniva
[Announce] Samba 3.2.10 Available for Download
"A life spent making mistakes is not only more honorable, but more useful than a life spent doing nothing." George Bernard Shaw Release Announcements = This is a maintenance release of the Samba 3.2 series. In Samba 3.2.9, there is an issue while migrating passdb.tdb files from older Samba versions (e.g. 3.2.8). That causes panics of smbd child processes until the parent smbd is restarted once after converting the passdb.tdb file. This issue is fixed in Samba 3.2.10. Sorry for the inconveniences! ## Changes ### Changes since 3.2.9 --- o Michael Adam * BUG #6195: Don't let smbd child processes panic. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.10.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpumfoRmWEp3.pgp Description: PGP signature
[Announce] Samba 3.3.3 Available for Download
= "Never refuse any advance of friendship, for if nine out of ten bring you nothing, one alone may repay you." Madame de Tencin = Release Announcements = This is the latest bugfix release release of the Samba 3.3 series. Major enhancements in Samba 3.3.3 include: o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). o Fix serving of files with colons to CIFS/VFS client (bug #6196). o Fix "map readonly" (bug #6186). ## Changes ### Changes since 3.3.2: o Michael Adam * BUG 6195: Don't let smbd child processes panic. * Add backend_requires_messaging() method to libsmbconf. * Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. * Fall back to file backend when no valid backend was found. * Fix a memleak in dbwrap_rbt. * Provide transaction_start|commit|cancel fns for the registry tdb. * Speed up "net conf drop". * Speed up "net conf import". * Add transactions to the libsmbconf API. * Reduce memory usage of "net conf import". * Registry cleanup. * Fix handling of SAMBA_VERSION_VENDOR_PATCH. * Fix build of pam_winbind.so with static linking. * Tidy up some convert_string_internal error cases. o Jeremy Allison * BUG 6186: Fix map readonly. * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly. * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. * Allow DFS client paths to work when POSIX pathnames have been selected. * Try and fix the build farm RAW-STREAMS errors. * Ensure files starting with multiple dots are hidden. o Günther Deschner * BUG 6102: NetQueryDisplayInformation could return wrong information. * BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). * Fix notify_printer_status_byname. * Fix Coverity IDs 722, 762, 774, 775, 776. o Björn Jacke * Fix build on old Heimdal based systems. * Fix compile warning. * Use parentheses in if condition to make negation clear. o Andy Kelk * Add dirsort module. o Steve Langasek * BUG 6147: Fix detection of the GNU ld version. o Volker Lendecke * BUG 6097: Fix smbd segfault. * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. * BUG 6139: Add missing whitespace in mount.cifs error message. * Fix a malloc/talloc mismatch when cli_initialise() fails. * Fix a valgrind error. * Speed up "net conf list". * Add sorted subkey cache. * Use StrCaseCmp in the dirsort module. * Document the dirsort module. * Fix the build on HP/UX. * Disable dns_sd by default. * Add avahi detection to configure. * Add event avahi binding. * Use avahi to register _smb._tcp in smbd. * Fix two memleaks in the encryption code. * Fix a scary "fill_share_mode_lock failed" message. o Derrell Lipman * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. o Stefan Metzmacher * Don't use reserved words in smbconftort. * Fix smb signing for fragmented trans/trans2/nttrans requests. o Tim Prouty * Parse_packet can return NULL which is then dereferenced in match_mailslot_name. o Timur * Format the header check for netinet/ip.h more nicely. * Fix detection of netinet/ip.h on FreeBSD. o Alexander Zagrebin * Missing break in conversion function prevents tdb password database update. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpQOvNTY0521.pgp Description: PGP signature
[Announce] Samba 3.2.11 Maintenance Release Available
"You can't have everything. Where would you put it? Steven Wright Release Announcements = This is a maintenance release of the Samba 3.2 series. Major enhancements in 3.2.11 include: o Fix domain logins for WinXP clients pre SP3 (bug #6263). o Fix samr_OpenDomain access checks (bug #6089). o Fix smbd crash for close_on_completion. ## Changes ### Changes since 3.2.10 o Jeremy Allison * BUG 6089: Fix samr_OpenDomain access checks. * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". * Allow pdbedit to change a user rid/sid. * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. o Günther Deschner * BUG 6205: Correct sample smb.conf share configuration. * BUG 6263: Fix domain logins for WinXP clients pre SP3. * Fix resume command typo for "printing = vlp". o Volker Lendecke * Fix smbd crash for close_on_completion. * Fix a memleak in an unlikely error path in change_notify_create(). o Jim McDonough * Don't look up local user for remote changes, even when root. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.11.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpvKsTu7Todz.pgp Description: PGP signature
[Announce] Samba 3.3.4 Available for Download
= "A banker is a fellow who lends you his umbrella when the sun is shining and wants it back the minute it begins to rain." Mark Twain = Release Announcements = This is the latest bugfix release of the Samba 3.3 series. Major enhancements in Samba 3.3.4 include: o Fix domain logins for WinXP clients pre SP3 (bug #6263). o Fix samr_OpenDomain access checks (bug #6089). o Fix usrmgr.exe creating a user (bug #6243). ## Changes ### Changes since 3.3.3: o Michael Adam * net conf: Save share name as given, not as lower case only. * Prevent creation of registry keys containing the '/' character. o Jeremy Allison * BUG 6089: Fix samr_OpenDomain access checks. * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". * BUG 6279: Fix Winbind crash. * Allow pdbedit to change a user rid/sid. * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. * Don't access a freed structure when logging off and re-using a vuid. o Guenther Deschner * BUG 5329: Add "net rpc service delete/create". * BUG 6238: Make sure wbcLogoffUserParams are properly initialized before freed. * BUG 6263: Fix domain logins for WinXP clients pre SP3. * BUG 6286: Call init function for builtin idmap modules before probing for them as shared modules. * Try to to fix password_expired flag handling. * Make sure to grey out change fields in the netdomjoin-gui when not running as root. o Jim McDonough * Don't look up local user for remote changes, even when root. o Volker Lendecke * BUG 6243: Fix usrmgr.exe creating a user. * Use procid_str in debug messages for better cluster-debuggability. * Use cluster-aware procid_is_me instead of comparing pids. * Fix smbd crash for close_on_completion. * Fix a memleak in an unlikely error path in change_notify_create(). * Do not use the file system GET_REAL_FILENAME for mangled names. o Stefan Metzmacher * Fix a crash bug if we timeout in net rpc trustdom list. * Add '--request-timeout' option to net. o Martin Schwenke * In net_conf_import, start a transaction when importing a single share. o Simo Sorce * Fix writing of roaming profiles with "profile acls" set to "yes". Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.4.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpB5FE6WwHXq.pgp Description: PGP signature
[Announce] Samba 3.4.0pre1 Available for Download
Release Announcements = This is the first preview release of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: -- General changes: o Samba4 and Samba3 sources are included in the tarball Authentication Changes: o Changed the way smbd handles untrusted domain names given during user authentication. Printing Changes: o Various fixes including printer change notificiation for Samba spoolss print servers. Internal changes: o The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. o Samba3 and Samba4 do now share a common tevent library. o The code has been cleaned up and the major basic interfaces are shared with Samba4 now. o An asynchronous API has been added. General Changes === On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky. According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory. To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option. Authentication Changes == Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain. While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy behavior. Printing Changes The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved. Internal Changes The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. So Günther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs. Thanks a lot! :-) Samba3 and Samba4 do now share a common tevent library for fd and timer events. The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between these two versions. An asynchronous API has been added. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- access based share enum New No dedicated keytab file New "" kerberos method New default map untrusted to domain New No max open files Changed Default auto detected perfcount moduleNew "" use kerberos keytab Removed New [sub]commands - net eventlog Import/dump/export native win32 eventlog files. net rpc service create Create a new service. net rpc service delete Delete an existing service. New configure options - --enable-external-libtalloc Enable external talloc --enable-merged-build Build Samba 4 as well --enable-gnutls Turn on gnutls support --with-statedir=DIR Where to put persistent state files --with-cachedir=DIR Where to put
[Announce] Samba 3.4.0pre2 Available for Download
Release Announcements = This is the second preview release of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: -- Configuration changes: o The default passdb backend has been changed to 'tdbsam'! General changes: o Samba4 and Samba3 sources are included in the tarball Authentication Changes: o Changed the way smbd handles untrusted domain names given during user authentication. Printing Changes: o Various fixes including printer change notificiation for Samba spoolss print servers. Internal changes: o The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. o Samba3 and Samba4 do now share a common tevent library. o The code has been cleaned up and the major basic interfaces are shared with Samba4 now. o An asynchronous API has been added. net Command Changes: o Parameter syntax made more consistent. Configuration changes = !!! ATTENTION !!! The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'. The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all. General Changes === On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky. According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory. To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option. Authentication Changes == Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain. While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy behavior. Printing Changes The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved. Internal Changes The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. So Günther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs. Thanks a lot! :-) Samba3 and Samba4 do now share a common tevent library for fd and timer events. The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between these two versions. An asynchronous API has been added. net Command Changes === The net command now accepts the common command line parameters most other Samba command line utilities use, with a couple of remaining differences: -l still gives long output for net commands supporting the --long flag. This was more useful than the common --log-base parameter. -i still tells net to read data from stdin (like --stdin) instead of toggling the common --scope flag. -S still tells net the server to connect to (like --server) instea
[Announce] Samba 3.2.12 Maintenance Release Available for Download
"Your background and environment is with you for life. No question about that." Sean Connery Release Announcements = This is a maintenance release of the Samba 3.2 series. Major enhancements in 3.2.12 include: o Fix SAMR and LSA checks (bug #6089, #6289) o Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). o Fix "force user" (bug #6291). o Fix Winbind crash (bug #6279). o Fix joining of Win7 into Samba domain (bug #6099). ## Changes ### Changes since 3.2.11 o Michael Adam * Prevent creation of keys containing the '/' character. o Jeremy Allison * BUG 6089: Revert the extra SAMR and LSA checks. * BUG 6099: Fix joining of Win7 into Samba domain. * BUG 6279: Fix Winbind crash. * BUG 6289: Revert the extra SAMR and LSA checks. * BUG 6291: Fix "force user". * BUG 6386: Groupdb mapping fix. * Fix bug in processing of open modes in POSIX open. o Guenther Deschner * BUG 6099: Fix joining of Win7 into Samba domain. * BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. * BUG 6372: Fix usermanager only displaying 1024 groups and aliases. * BUG 6465: Fix enumeration of empty aliases (ldb backend). * Protect netlogon_creds_server_step() against NULL creds. o Björn Jacke * Also handle DirX return codes. o Volker Lendecke * BUG 5798: CFLAGS info lost in configure. * BUG 6382: Fix case insensitive access to DFS links. * Fix a race condition in winbind leading to a panic. o Stefan Metzmacher * BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. * Fix a crash bug if we timeout in net rpc trustdom list. o D.L. Meyer * BUG 5832: Fix build on RHEL when ccache is not available. o Sébastien Prud'homme * BUG 5945: Fix out of memory error with Winbind idmap. o Karolin Seeger * BUG 5835: Add keyutils-devel to build requires. o Simo Sorce * Fix profile acls in some corner cases. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.12.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpzlYiB3oWQo.pgp Description: PGP signature
[Announce] Samba 3.3.5 Available for Download
= "I like the dreams of the future better than the history of the past." Thomas Jefferson = Release Announcements = This is the latest bugfix release of the Samba 3.3 series. Major enhancements in Samba 3.3.5 include: o Fix SAMR and LSA checks (bug #6089, #6289) o Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). o Fix joining of Win7 into Samba domain (bug #6099). o Fix joining of Win2000 SP4 clients (bug #6301). ## Changes ### Changes since 3.3.4: o Michael Adam * BUG 6320: Handle registry config source in file_list. * BUG 6415: Filter out of range mappings in default idmap config in idmap_tdb. * BUG 6416: Filter out of range mappings in default idmap config in idmap_tdb2. * BUG 6417: Filter out of range mappings in default idmap config in idmap_ldap. * Prevent infinite include nesting. * Mark registry shares without path unavailable. o Jeremy Allison * BUG 6089: Revert the extra SAMR and LSA checks. * BUG 6099: Fix joining of Win7 into Samba domain. * BUG 6289: Revert the extra SAMR and LSA checks. * BUG 6297: Owner of sticky directory cannot delete files created by others. * BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event. * BUG 6330: Fix DFS on AIX. o Guenther Deschner * BUG 6099: Fix joining of Win7 into Samba domain. * BUG 6157: Fix handling of multi-value attribute "uid". * BUG 6301: Fix joining of Win2000 SP4 clients. * BUG 6309: Support remote unjoining of Windows 2003 or greater. * BUG 6372: Fix usermanager only displaying 1024 groups and aliases. * BUG 6465: Fix enumeration of empty aliases (ldb backend). o Björn Jacke * Also handle DirX return codes. o Volker Lendecke * BUG 6336: Fix 'net groupmap set' segfault. * BUG 6361: Make --rcfile work in smbget. * BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a directory. * BUG 6382: Fix case insensitive access to DFS links. * BUG 6441: Fix the compile with --enable-dnssd. * BUG 6449: 'net rap user add' crashes without -C option. * Fix Coverity ID 897. * Do not crash in ctdbd_traverse if ctdbd is not around. * Fix a race condition in winbind leading to a panic. o TAKAHASHI Motonobu * BUG 5897: Fix shutdown script example in the smb.conf manpage. o Stefan Metzmacher * BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. o D.L. Meyer * BUG 5832: Fix build on RHEL when ccache is not available. o Andreas Schneider * Some man pam_winbind improvements. o Karolin Seeger * BUG 5835: Add keyutils-devel to build requires to fix build on RHEL. o Marc VanHeyningen * Zero an uninitialized array. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.5.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpCiUAgobVhR.pgp Description: PGP signature
[Announce] Samba 3.4.0rc1 Available for Download
Release Announcements = This is the first release candidate of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: -- Configuration changes: o The default passdb backend has been changed to 'tdbsam'! General changes: o Samba4 and Samba3 sources are included in the tarball Authentication Changes: o Changed the way smbd handles untrusted domain names given during user authentication. Printing Changes: o Various fixes including printer change notificiation for Samba spoolss print servers. Internal changes: o The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. o Samba3 and Samba4 do now share a common tevent library. o The code has been cleaned up and the major basic interfaces are shared with Samba4 now. o An asynchronous API has been added. Configuration changes = !!! ATTENTION !!! The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'. The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all. General Changes === On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky. According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory. To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option. Authentication Changes == Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain. While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy behavior. Printing Changes The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved. Internal Changes The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. So Günther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs. Thanks a lot! :-) Samba3 and Samba4 do now share a common tevent library for fd and timer events. The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between these two versions. An asynchronous API has been added. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- access based share enum New No dedicated keytab file New "" kerberos method New default map untrusted to domain New No max open files Changed Default auto detecte
[Announce] Samba 3.0.35 Security Release Available for Download
Release Announcements = This is a security release in order to address CVE-2009-1888. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ## Changes ### Changes since 3.0.34 o Jeremy Allison * Fix for CVE-2009-1888. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.0 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.0.35.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpSvxTJTT5br.pgp Description: PGP signature
[Announce] Samba 3.2.13 Security Release Available for Download
Release Announcements = This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ## Changes ### Changes since 3.2.12 o Jeremy Allison * Fix for CVE-2009-1886. * Fix for CVE-2009-1888. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.13.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpsW6MFolhEy.pgp Description: PGP signature
[Announce] Samba 3.3.6 Security Release Available for Download
Release Announcements = This is a security release in order to address CVE-2009-1888. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ## Changes ### Changes since 3.3.5: o Jeremy Allison * BUG 6488: Fix for CVE-2009-1888. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.6.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpEDUB1aXBxI.pgp Description: PGP signature
[Announce] Samba 3.4.0 Available for Download
= "Always keep an open mind and a compassionate heart." Phil Jackson = Release Announcements = This is the first stable release of Samba 3.4. Major enhancements in Samba 3.4.0 include: -- Configuration changes: o The default passdb backend has been changed to 'tdbsam'! General changes: o Samba4 and Samba3 sources are included in the tarball Authentication Changes: o Changed the way smbd handles untrusted domain names given during user authentication. Printing Changes: o Various fixes including printer change notificiation for Samba spoolss print servers. Internal changes: o The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. o Samba3 and Samba4 do now share a common tevent library. o The code has been cleaned up and the major basic interfaces are shared with Samba4 now. o An asynchronous API has been added. Configuration changes = !!! ATTENTION !!! The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration! Please use 'passdb backend = smbpasswd' if you would like to stick to the 'smbpasswd' backend or convert your smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'. The 'tdbsam' backend is much more flexible concerning per user settings like 'profile path' or 'home directory' and there are some commands which do not work with the 'smbpasswd' backend at all. General Changes === On the way towards a standalone Samba AD domain controller, Samba3 and Samba4 branches can be built as "merged" build. That's why Samba3 and Samba4 sources are included in the tarball. The merged build is possible in Samba 3.4.0, but disabled by default. To learn more about the merged build, please see http://wiki.samba.org/index.php/Franky. According to this one, there is no "source" directory included in the tarball at all. Samba3 sources are located in "source3", Samba4 sources are located in "source4". The libraries have been moved to the toplevel directory. To build plain Samba3, please change to "source3" and start the build as usual. To build Samba4 as well, please use the "--enable-merged-build" configure option. Authentication Changes == Previously, when Samba was a domain member and a client was connecting using an untrusted domain name, such as BOGUS\user smbd would remap the untrusted domain to the primary domain smbd was a member of and attempt authentication using that DOMAIN\user name. This differed from how a Windows member server would behave. Now, smbd will replace the BOGUS name with it's SAM name. In the case where smbd is acting as a PDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server this will be WORKSTATION\user. Thus, smbd will never assume that an incoming user name which is not qualified with the same primary domain, is part of smbd's primary domain. While this behavior matches Windows, it may break some workflows which depended on smbd to always pass through bogus names to the DC for verification. A new parameter "map untrusted to domain" can be enabled to revert to the legacy behavior. Printing Changes The spoolss subsystem was replaced by autogenerated code based on PIDL. That fixes several printing issues including printer change notificiation on Samba print servers and will stabilize the printing functionality generally. The support for spoolss printing with Windows Vista has been improved. Internal Changes The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. So Günther Deschner finally corrected one of the biggest mistakes in the development of Samba: Hand-marshalled RPC stubs. Thanks a lot! :-) Samba3 and Samba4 do now share a common tevent library for fd and timer events. The code has been cleaned up and Samba3 and Samba4 do share the major basic interfaces now. That is why the libraries were moved to the toplevel directory. That is one of the first steps to share code and minimize the gap between these two versions. An asynchronous API has been added. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- access based share enum New No dedicated keytab file New "" kerberos method New default map unt
[Announce] Samba 3.3.7 Available for Download
= "We'll love you just the way you are if you're perfect." Alanis Morissette = Release Announcements = This is the latest bugfix release of the Samba 3.3 series. ## Changes ### Changes since 3.3.6: o Jeremy Allison * BUG 6421: Fix POSIX read-only open on read-only shares. * BUG 6476: Fix smbd zombies in memory when using [x]inetd. * BUG 6487: Add missing DFS call in trans2 mkdir call. * BUG 6520: Fix time stamps when "unix extensions = yes". o Günther Deschner * BUG 6253: Use correct value for password expiry calculation in pam_winbind. * BUG 6340: Fix segfault when cleartext trustdom pwd could not be retrieved. * BUG 6451: Use right access bits in net/libnetapi user rename. * BUG 6484: Fix _lsa_LookupNames2() server implementation which always returned a NULL sid_array. o Björn Jacke * BUG 6497: Fix configure error. o Volker Lendecke * BUG 6498: Add workaround for MS KB932762. o Jim McDonough * BUG 6481: Don't require "Modify property" perms to unjoin. o Stefan Metzmacher * BUG 6526: Let parent_dirname() correctly return toplevel filenames. o Bo Yang * BUG 6560: Fix handling of UPN. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.7.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpzKvfuzPWh4.pgp Description: PGP signature
[Announce] Samba 3.0.36 Maintenance Release Available
"Because things are the way they are, things will not stay the way they are." Bertolt Brecht Release Announcements = This is the latest bugfix release of the Samba 3.0 series. Please note, that the 3.0 series will be DISCONTINUED after this release! There will be neither any bugfix release nor any security release. Updating to the latest release series is strongly recommended. For more information on current Samba releases, please see http://wiki.samba.org/index.php/Samba3_Release_Planning Major enhancements included in Samba 3.0.36 are: o Fix Winbind crash on 'getent group' (bug #5906). o Excel save operation corrupts file ACLs (bug #4308). o Prevent segmentation fault on joining a very long domain name. ## Changes ### Changes since 3.0.35 o Michael Adam * BUG 5906: Fix Winbind crash on 'getent group'. * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. o Jeremy Allison * BUG 4308: Excel save operation corrupts file ACLs. * BUG 6099: In order to allow Win7 to connect to a Samba NT style * BUG 6279: Fix Winbind crash. PDC we set the flags before we know if it's an error or not. * Fix logic error in try_chown. * Correctly use chroot(). * Fix bug in processing of open modes in POSIX open. o Günther Deschner * Don't install the cifs.upcall binary twice. o Steve French * BUG 4640: Fix guest mounts in mount-cifs. * Fix mount.cifs handling of -V option. o Bhaskar Jain (bhajain) * Prevent segmentation fault on joining a very long domain name. o Günter Kukkukk * Don't try and delete a default ACL from a file. o Volker Lendecke * Add workaround for MS KB932762. o Shirish Pargaonkar * BUG 4370: Clean-up entries in /etc/mtab after unmount. * Add fakemount (-f) and nomtab (-n) flags to mount.cifs. o Ted Percival * Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg (eg. Solaris). o Miguel Suarez * BUG 6085: Fix build of vfs_default. o Yasuma Takeda * BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work correctly. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.0 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.0.36.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpfR3Cy3G4RQ.pgp Description: PGP signature
[Announce] Samba 3.2.14 Maintenance Release Available
"I think there is a world market for maybe five computers." Thomas Watson Release Announcements = This is the last maintenance release of the Samba 3.2 series. Please note that this is the last bugfix release of the Samba 3.2 series! There will security releases on demand only. Please see http://wiki.samba.org/index.php/Samba3_Release_Planning for information on current releases. Major enhancements in 3.2.14 include: o Fix SAMR access checks (e.g. bugs #6089 and #6112). o Fix 'force user' (bug #6291). o Improve Win7 support (bug #6099). o Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). ## Changes ### Changes since 3.2.13 o Michael Adam * BUG 6387: Fix Winbind crash when multiple IDmappings exist in the LDAP directory. * BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). * BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. * Prevent creation of keys containing the '/' character. o Jeremy Allison * BUG 6089: Fix SAMR access checks. * BUG 6112: Fix SAMR access checks. * BUG 6279: Fix Winbind crash. * BUG 6291: Fix 'force user'. * BUG 6099: Try to fix domain join of Win7 Beta. * BUG 6386: Groupdb mapping fix. * BUG 6421: Fix POSIX read-only open on read-only shares. * BUG 6476: Fix more smbd-zombies in memory. * BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. * BUG 6504: Fix SAMR server for Winbind access. * BUG 6520: Fix time stamps. * Fix join of Windows 7 RC to a Samba3 DC. * Fix bug in processing of open modes in POSIX open. o Günther Deschner * BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. * BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. * BUG 6372: Fix usermanager only displaying 1024 groups and aliases. * BUG 6465: Fix enum_aliasmem in ldb branch. * BUG 6484: Fix searching for users while adding them to groups via Windows usermanager. * Fix the negotiate flags. * Protect netlogon_creds_server_step() against NULL creds. o Björn Jacke * Also handle DirX return codes. o Stefan Metzmacher * BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. * BUG 6526: Let parent_dirname() correctly return toplevel filenames. * BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. * Fix a crash bug if we timeout in net rpc trustdom list. * Add '--request-timeout' option to 'net'. o Volker Lendecke * BUG 5798: Preserve CFLAGS info in configure. * BUG 6382: Case insensitive access to DFS links broken. * Fix a race condition in Winbind leading to a panic. * Add workaround for MS KB932762. o Jim McDonough * BUG 6481: Don't require "Modify property" perms to unjoin. o Sébastien Prud'homme * 5945: Fix out of memory error with Winbind idmap. o Simo Sorce * BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. * Avoid duplicate ACEs. * Fix profile ACLs in some corner cases. o Marc VanHeyningen * Zero an uninitialized array. o Bo Yang * BUG 6560: Lookupname failed, cannot find domain when attempt to change password. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.14.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpxNuzJH8z4T.pgp Description: PGP signature
[Announce] Samba 3.4.1 Available for Download
= "I don't know anything about music. In my line you don't have to." Elvis Presley = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.1 include: o Fix authentication on member servers without Winbind (bug #6650). o Nautilus fails to copy files from an SMB share (bug #6649). o Fix connections of Win98 clients (bug #6551). o Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). o Fix Winbind authentication issue (bug #6646). ## Changes ### Changes since 3.4.0 --- o Michael Adam * BUG 6650: Fix authentication on member servers without Winbind. o Jeremy Allison * BUG 6437: Make open_udp_socket() IPv6 clean. * BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. * BUG 6551: Fix connections of Win98 clients. * BUG 6564: SetPrinter fails (panics) as non root. * BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. * BUG 6649: Nautilus fails to copy files from an SMB share. * BUG 6651: Fix smbd SIGSEGV when breaking oplocks. * BUG 6673: Fix 'smbpasswd' with "unix password sync = yes". o Yannick Bergeron * Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to allow AIX to call sys_getgrouplist only once. o Günther Deschner * BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. * BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. * BUG 6680: Fix authentication failure from Windows 7 when domain joined. * BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs. o Olaf Flebbe * BUG 6655: Fix 'smbcontrol smbd ping'. o Björn Jacke * BUG 6105: Make linking of rpcclient --as-needed safe. o Matt Kraai * BUG 6630: Fix opening of sockets on QNX. o Robert LeBlanc * BUG 6700: Use dns domain name when needing to guess server principal. o Volker Lendecke * BUG 5886: Fix password change propagation with ldapsam. * BUG 6585: Fix unqualified "net join". * BUG 6611: Fix a valgrind error in chain_reply. * BUG 6646: Fix Winbind authentication issue. * Fix linking on Solaris. o Stefan Metzmacher * BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. * BUG 6532: Fix the build with external talloc. * BUG 6538: Cancel all locks that are made before the first failure. * BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. * BUG 6651: Fix smbd SIGSEGV when breaking oplocks. * BUG 6664: Fix truncation of the session key. o Tim Prouty * BUG 6620: Fix a bug in renames of directories. o Rusty Russell * BUG 6601: Avoid global fd limits. o SATOH Fumiyasu * BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. o Simo Sorce * BUG 6693: Check we read off the complete event from inotify. o Peter Volkov * BUG 6105: Make linking of cifs.upcall --as-needed safe. o TAKEDA Yasuma * BUG 5879: Update LDAP schema for Netscape DS 5. o Bo Yang * BUG 6560: Fix lookupname. * BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. * BUG 6688: Fix crash in 'net usershare list'. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.1.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpKKNEdZDRg1.pgp Description: PGP signature
[Announce] Samba 3.4.2 Security Release Available
Release Announcements = This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. o CVE-2009-2948: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected. o CVE-2009-2906: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. ## Changes ### Changes since 3.4.1 --- o Jeremy Allison * BUG 6763: Fix for CVE-2009-2813. * BUG 6768: Fix for CVE-2009-2906. o Jeff Layton * Fix for CVE-2009-2948. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.4.2.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpgUTC2vHzhK.pgp Description: PGP signature
[Announce] Samba 3.3.8 Security Release Available
Release Announcements = This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. o CVE-2009-2948: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected. o CVE-2009-2906: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. ## Changes ### Changes since 3.3.7 --- o Jeremy Allison * BUG 6763: Fix for CVE-2009-2813. * BUG 6768: Fix for CVE-2009-2906. o Jeff Layton * Fix for CVE-2009-2948. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.8.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpe0aqA3ubGE.pgp Description: PGP signature
[Announce] Samba 3.2.15 Security Release Available
Release Announcements = This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. o CVE-2009-2948: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected. o CVE-2009-2906: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. ## Changes ### Changes since 3.2.14 o Jeremy Allison * BUG 6763: Fix for CVE-2009-2813. * BUG 6768: Fix for CVE-2009-2906. o Jeff Layton * Fix for CVE-2009-2948. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.2.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgppd2D5OiYsY.pgp Description: PGP signature
[Announce] Samba 3.0.37 Security Release Available
Release Announcements = This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. o CVE-2009-2948: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected. o CVE-2009-2906: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. ## Changes ### Changes since 3.0.36 o Jeremy Allison * BUG 6763: Fix for CVE-2009-2813. * BUG 6768: Fix for CVE-2009-2906. o Jeff Layton * Fix for CVE-2009-2948. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.0.37.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpV1NCBMWBpd.pgp Description: PGP signature
[ANNOUNCE] Samba 3.3.9 Maintenance Release Available
== “I found that dance was key to keeping depression out of my life. When you dance, things just go away, things don't seem so bad. There's no better way to take care of health than through something as joyous and beautiful as dance.” Patrick Swayze == Release Announcements = This is the latest bugfix release of the Samba 3.3 series. Major enhancements in Samba 3.3.9 include: o Fix trust relationships to windows 2008 (2008 r2) (bug #6711). o Fix file corruption using smbclient with NT4 server (bug #6606). o Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). o Fix SAMR server for Winbind access (bug #6504). ## Changes ### Changes since 3.3.8 --- o Michael Adam * BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). * BUG 6692: Fix mount.cifs segfault. o Jeremy Allison * BUG 6504: Fix SAMR server for Winbind access. * BUG 6769: Symlink unlink does nothing. * BUG 6776: Fix core dump when running overlapping Byte Lock test. * BUG 6781: Fix renaming of subfolders in Explorer view. o Yannick Bergeron * Increase the max_grp value to 128 (AIX NGROUPS_MAX value). o Guenther Deschner * BUG 6680: Fix Windows 7 share access (which defaults to NTLMv2). * BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs. * BUG 6700: Use DNS domain name when needing to guess server principal. * BUG 6711: Fix trust relationships to windows 2008 (2008 r2). * BUG 6789: Remove unrequired dependency on popt for [u]mount.cifs. o Andrew Klosterman * BUG 6690: Fix error check. o Volker Lendecke * BUG 5886: Fix password change propagation. * BUG 6349: Initialize domain info struct. * BUG 6585: Fix unqualified "net join". * BUG 6606: Fix file corruption using smbclient with NT4 server. * BUG 6646: Correctly chew keepalive packets. * BUG 6785: Only ever handle one event after a select call. * BUG 6797: Fix a memleak in libwbclient. o Derrell Lipman * BUG 6532: Fix domain enumeration if master browser has space in name. o Stefan Metzmacher * BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. * BUG 6664: Make sure we don't truncate the session key to 8 bytes. * BUG 6711: Fix trust relationships to windows 2008 (2008 r2). o Simo Sorce * BUG 6693: Check we read off the complete event from inotify. o TAKEDA Yasuma * BUG 5879: Update LDAP schema for Netscape DS 5. o Kumar Thangavelu * BUG 6420: Fix 'net' crash when attempting to join a domain. o Bo Yang * BUG 6615: Fix browsing DFS when using kerberos in libsmbclient. * BUG 6735: Don't overwrite password in pam_winbind. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.9.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpHG2eFgim4T.pgp Description: PGP signature
[Announce] Samba 3.4.3 Available for Download
= "I never met a chocolate I didn't like." Deanna Troi (Marina Sirtis) in Star Trek: The Next Generation = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.3 include: o Fix trust relationships to windows 2008 (2008 r2) (bug #6711). o Fix file corruption using smbclient with NT4 server (bug #6606). o Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). ## Changes ### Changes since 3.4.2 --- o Jeremy Allison * BUG 6529: Offline files conflict with Vista and Office 2003. * BUG 6726: SIVAL should have been an SVAL. * BUG 6769: Fix symlink unlink. * BUG 6774: smbd crashes if "aio write behind" is set. * BUG 6776: Fix core dump caused by running overlapping Byte Lock test. * BUG 6781: Fix renaming subfolders in Explorer view. * BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". * BUG 6796: Deleting an event context on shutdown can cause smbd to crash. * BUG 6828: Fix infinite timeout when byte lock held outside of Samba. * BUG 6829: Fix displaying of multibyte characters in smbclient. o Günther Deschner * BUG 6711: Fix trust relationships to windows 2008 (2008 r2). * BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. o Olaf Flebbe * BUG 6772: Allow outstanding_aio_calls to be decremented. * BUG 6804: Fix hpux compiler issue. * BUG 6805: Correctly handle aio_error() and errno. o Björn Jacke * BUG 6704: Fix syntax error in avahi configure test. * BUG 6728: BSD needs sys/sysctl.h included to build properly. * BUG 6824: Fix avahi activation. * QNX doesn't know uint - replace with uint_t. o Andrew Klosterman * BUG 6690: Fix wrong error check in profile. o Marc Aurele La France * BUG 6707: Fix an occasional segfault in config file parsing. o Jeff Layton * BUG 6810: Add support for finding alternate credcaches to cifs.upcall. o Volker Lendecke * BUG 6606: Fix file corruption using smbclient with NT4 server. * BUG 6703: Allow smbstatus as non-root. * BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. * BUG 6765: Add a "hidden" parameter "share:fake_fscaps". * BUG 6793: Fix segfault in winbindd_pam_auth. * BUG 6797: Fix a memleak in libwbclient. * BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. * Fix an uninitialized variable. * Only ever handle one event after a select call. o Derrell Lipman * BUG 6532: Fix domain enumeration if master browser has space in name. o Stefan Metzmacher * BUG 6711: Fix trust relationships to windows 2008 (2008 r2). o Buchan Milne * BUG 6791: Fix linking order in cifs.upcall. o Lars Müller * BUG 6710: Adjust regex to match variable names including underscores. * Conditional install of the cifs.upcall man page. o Shirish Pargaonkar * BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. o Karolin Seeger * Fix warning occuring when building the manpages. o Simo Sorce * BUG 6764: Fix timeval calculation. o Bo Yang * BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. * BUG 6811: Fix reference to freed memory in pam_winbind. * BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. * BUG 6840: Fix crash in pam_winbind. == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpiDFJDKGKxh.pgp Description: PGP signature
[Announce] Samba 3.5.0pre1 Available for Download
Release Announcements = This is the first preview release of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution Protocol changes: o Experimental implementation of SMB2 Printing Changes: o Add encryption support for connections to a CUPS server Winbind changes: o Major refactoring o Asynchronous General changes: Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher). Protocol changes An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher. Printing Changes A new parameter "cups encrypt" has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections. Winbind changes === The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'wbinfo -g' or 'wbinfo -u'. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- create krb5 confNew yes ctdb timeoutNew 0 cups encryptNew no debug hires timestamp Changed Default yes ldap follow referralNew auto New configure options - --enable-external-libtalloc Enable external tdb --enable-netapi Turn on netapi support --enable-pthreadpoolEnable pthreads pool helper support --with-cifsumount Include umount.cifs (Linux only) support --with-codepagedir=DIR Where to put codepages Commit Highlights = o Björn Jacke * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. o Volker Lendecke * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. o Stefan Metzmacher * Implement the new SMB2 protocol (experimental). ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == pgpGh6hvpjv9v.pgp Description: PGP signature
[Announce] Samba 3.5.0pre2 Available for Download
Release Announcements = This is the second preview release of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution Protocol changes: o Experimental implementation of SMB2 Printing Changes: o Add encryption support for connections to a CUPS server Winbind changes: o Major refactoring o Asynchronous General changes: Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher). Protocol changes An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher. Printing Changes A new parameter "cups encrypt" has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections. Winbind changes === The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'wbinfo -g' or 'wbinfo -u'. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- create krb5 confNew yes ctdb timeoutNew 0 cups encryptNew no debug hires timestamp Changed Default yes ldap deref New auto ldap follow referralNew auto New configure options - --enable-external-libtalloc Enable external tdb --enable-netapi Turn on netapi support --enable-pthreadpoolEnable pthreads pool helper support --with-cifsumount Include umount.cifs (Linux only) support --with-codepagedir=DIR Where to put codepages Commit Highlights = o Björn Jacke * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. o Volker Lendecke * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. o Stefan Metzmacher * Implement the new SMB2 protocol (experimental). Changes since 3.5.0pre1 --- o Michael Adam * Fix the build when no external talloc and tdb are installed. * Fix detection of CTDB headers on systems without system-libtalloc. o Jeremy Allison * BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. * BUG 6837: "Too many open files" when trying to access large number of files from Windows 7. * BUG 6938 : No hook exists to check creation rights when using acl_xattr module. * Fix vfs_acl_xattr which was failing to call the NEXT connect function. * Restructure the ACL code. * Refactor reply_rmdir to use handle based code. o Dan Cox * BUG 2350: Add LDAP Alias Dereferencing support. o Günther Deschner * BUG 6929: Fix build with recent heimdal. * Fix several printing issues. * Fix the build on Mac OS X 10.6.2. * Fix net and rpcclient after setprinterdataex changes. * Add full support for level 8 printer drivers. * Add more spoolss architectures to IDL. * Fix enumprinter key client and server. * Fix crash in EnumPrinterDataEx. o Björn Jacke * Prefer posix_fallocate for doing "strict allocate". o Matt Kraai * BUG 6860: Fix shared library build on QNX. o Volker Lendecke * BUG 6288: SWAT adds a second share when changing parameters of an existing share. * BUG 6435: Fix minor memory corruption. * Restore "fake directory create times" as a share parameter. * Fix explicit stat64 support. * Add support for NetWkstaGetInfo 101 and 102. * Add rpcclient wkssvc_enumerateusers. * De-deprecate "write cache size" to prevent its removal without a proper alternative. * Allow more than 1000 users in BUILTIN\Users. o Jim McDonough * BUG 6967: Prevent glibc error on 'net ads join'. o Lars Müller * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. o Ian Puleston * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. o Karolin Seeger * Fix the build o
[Announce] Samba 3.4.4 Available for Download
= "If there is no struggle, there is no progress." Frederick Douglass = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.4 include: o Fix interdomain trust relationships with Win2008R2 (bug #6697). o Fix Winbind crashes when queried from nss (bug #6889). o Fix Winbind crash when retrieving empty group members (bug #7014). o Fix "UID range full" error in Winbind (bug #6901). o Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). ## Changes ### Changes since 3.4.3 --- o Michael Adam * BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. * BUG 6901: Fix "UID range full" error in Winbind. * BUG 6910: Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend". o Jeremy Allison * BUG 6828: Fix infinite timeout when byte lock held outside of samba. * BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7. * BUG 6841: Fix "map acl inherit = yes". * BUG 6867: Fix listing of directories with a lot of files. * BUG 6875: Fix DOS attributes on OS/2 clients. * BUG 6880: Fix listing of workgroup servers in libsmbclient. * BUG 6898: Samba duplicates file content on appending. * BUG 6939: Fix long filenames with "mangling method = hash". * BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. o Kai Blin * BUG 4832: Fix iconv checks. o Günther Deschner * BUG 6697: Fix interdomain trust relationships with Win2008R2. * BUG 6868: Support building with Heimdal we well as with MIT. * BUG 6889: Fix Winbind crashes when queried from nss. * BUG 6929: Fix build with recent heimdal. * Fix the build of the winbind krb5 locator plugin. * Fix enumprinter key client and server. o Volker Lendecke * BUG 6338: Do not always display "none" in 'net rpc trustdom list'. * BUG 6850: Fix shadow copy display on Windows 7. * BUG 6981: Fix paged search with DirX LDAP server. * BUG 6982: Remove erroneous out of memory error path in lookup_sid. * BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. o Jim McDonough * BUG 6967: Fix 'net ads join' with OU. * BUG 7014: Fix Winbind crash when retrieving empty group members. o Andrew Tridgell * BUG 6918: Fix krb5 build problem on Ubuntu karmic. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.4.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.5.0rc1 Available for Download
Release Announcements = This is the first release candidate of Samba 3.5. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution Protocol changes: o Experimental implementation of SMB2 Printing Changes: o Add encryption support for connections to a CUPS server Winbind changes: o Major refactoring o Asynchronous General changes: Support for full Windows timestamp resolution has been added. This effectively makes us use Windows' full 100ns timestamp resolution if supported by the kernel (2.6.22 and higher) and the glibc (2.6 and higher). Protocol changes An EXPERIMENTAL implementation of the SMB2 protocol has been added. SMB2 can be enabled by setting "max protocol = smb2". SMB2 is a new implementation of the SMB protocol used by Windows Vista and higher. Printing Changes A new parameter "cups encrypt" has been added to control whether connections to CUPS servers will be encrypted or not. The default is to use unencrypted connections. Winbind changes === The Winbind daemon has been refactored internally to be asynchronous. The new Winbind will not be blocked by running 'wbinfo -g' or 'wbinfo -u'. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- create krb5 confNew yes ctdb timeoutNew 0 cups encryptNew no debug hires timestamp Changed Default yes ldap deref New auto ldap follow referralNew auto New configure options - --enable-external-libtdbEnable external tdb --enable-netapi Turn on netapi support --enable-pthreadpoolEnable pthreads pool helper support --with-cifsumount Include umount.cifs (Linux only) support --with-codepagedir=DIR Where to put codepages Commit Highlights = o Björn Jacke * Add support for full Windows timestamp resolution. * Add encryption support for connections to a CUPS server. o Volker Lendecke * Major internal refactoring of the Winbind daemon. * Make Winbind asynchronous. o Stefan Metzmacher * Implement the new SMB2 protocol (experimental). Changes since 3.5.0pre2 --- o Jeremy Allison * BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7. * BUG 6939: Fix long filenames when "mangling method" is set to "hash". * BUG 7020: Fix smbd using 2G memory. * Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. * Vector correctly through reply_openerror() (which uses the same logic). * Fix bugs with the full Windows ACL support. o Kai Blin * Add a few missing gettext calls to the 'net' command. * Fix up a share type translation and translate some more strings in 'net'. o Günther Deschner * Allow to call "pdbedit -N description -u user" without specifiyng "-r". * Add spoolss_DriverInfo7. * Fix rpcclient after setprinter IDL fixes. * Use generated krb5.conf in 'net ads testjoin'. o Jonas Gorski * BUG 6992: make test for getgrouplist cacheable. o André Hentschel * Add some German translations for the 'net' command. o Suresh Jayaraman * Update mount.cifs man page with nounix option. o Volker Lendecke * Fix _samr_GetAliasMembership for results with 0 rids. * Fix an error case in cli_negprot. * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. * Restore correct timeouts for SMB requests. * Fix a 64-bit error in libsmb. * Replace IS_DOMAIN_OFFLINE by a function in Winbind. * Simplify/cleanup Winbind code. o Kamen Mazdrashki * Fix write behind memory block in libtalloc. * Fix result check for getaddrinfo(). o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Brian Lu * BUG 6991: Create symbol links to shared libraries. o Stefan Metzmacher * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. * Fix standalone 'make installdocs'. o Peter Rosin * Output %p as unsigned in snprintf replacement. o Ronnie Sahlb
Samba 3.3.10 Available for Download
=== "If you’re ridin’ ahead of the herd, take a look back every now and then to make sure it’s still there with ya." Cowboy Proverb === Release Announcements = This is the latest bugfix release of the Samba 3.3 series. Major enhancements in Samba 3.3.10 include: o Fix changing of ACLs on writable file with "dos filemode=yes" (bug #5202). o Fix smbd crashes in dns_register_smbd_reply (bug #6696). o Fix Winbind crashes when queried from nss (bug #6889). o Fix Winbind crash when retrieving empty group members (bug #7014). o Fix interdomain trusts with Win2008R2 (bug #6697). ## Changes ### Changes since 3.3.9 --- o Michael Adam * BUG 6910: Fix "idmap backend" with multiple LDAP servers specified. o Jeremy Allison * BUG 5202: Fix changing of ACLs on writable file with "dos filemode=yes". * BUG 6696: Fix smbd crashes (signal 11) in dns_register_smbd_reply. * BUG 6828: Fix infinite timeout when byte lock held outside of Samba. * BUG 6829: Fix special characters in smbclient output. * BUG 6867: trans2findnext returns reply_nterror(req, ntstatus) in a directory with a lot of files. * BUG 6875: Fix operations on OS/2 clients. * BUG 6880: Fix listing of workgroup servers. * BUG 6939: Fix long filenames when "mangling method = hash" is set. * BUG 7005: "mangling method = hash" truncates files with dot '. ' character. o Olaf Flebbe * BUG 6805: Correctly handle aio_error() and errno. o Günther Deschner * BUG 6697: Fix interdomain trusts with Win2008R2. * BUG 6868: Support building of cifs.upcall with Heimdal as well with MIT. * BUG 6889: Fix Winbind crashes when queried from nss. * BUG 6929: Fix build with recent Heimdal. * Fix the build of the winbind krb5 locator plugin. * Fix compile of winbind_krb5_locator with recent Heimdal versions. * Fix the build on Mac OS X 10.6.2. o Jeff Layton * BUG 6810: Backport support for finding alternate credcaches. * Use pid value from kernel to determine KRB5CCNAME to use in cifs.upcall. o Volker Lendecke * BUG 6338: 'net rpc trustdom list' always displays "none". * BUG 6793: Fix segfault in winbindd_pam_auth. * BUG 6850: Fix shadow copy display on Windows 7. * BUG 6973: Fix a segfault in 'net'. * Fix the build of cifs.upcall. o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Stefan Metzmacher * BUG 6157: Restore Samba 3.0.x behavior and use the first "uid" value. * BUG 6642: Fix opening the quota magic file. * BUG 6856: Fix the build of the GPFS VFS module with headers only. * BUG 6919: Fix remote quota management. o Timothy Miller * BUG 6696: Fix smbd crashes when using mdns (not avahi) support. o Andrew Tridgell * BUG 6918: Fix krb5 build problem on Ubuntu Karmic. o Jelmer Vernooij * 6918: Fix the build with krb5-client-1.7-6.1. o Bo Yang * BUG 6811: pam_winbind references freed memory. * BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. * BUG 6840: Fix crash in pam_winbind. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.10.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpSPbEILrFAd.pgp Description: PGP signature
[Announce] Samba 3.4.5 Available for Download
= "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.5 include: o Fix memory in leak in smbd (bug #7020). o Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). ## Changes ### Changes since 3.4.4 --- o Jeremy Allison * BUG 5202: Fix changing of ACLs on writable files with "dos filemode=yes". * BUG 7020: Fix memory leak in smbd. * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. * BUG 7045: Fix bad (non memory copying) interfaces in smbc_set calls. o Günther Deschner * BUG 7043: Fix crash bug in "SMBC_parse_path". o Volker Lendecke * BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server. o Stefan Metzmacher * BUG 6642: Fix opening the quota magic file. * BUG 6919: Fix remote quota management. o SASAJIMA Toshihiro * BUG 7034: Fix internal error caused by vfs_cap. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.5.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpL8BRt3EwSo.pgp Description: PGP signature
[Announce] Samba 3.5.0rc2 Available for Download
uot;strict allocate".
o Matt Kraai
* BUG 6860: Fix shared library build on QNX.
o Volker Lendecke
* BUG 6288: SWAT adds a second share when changing parameters of an existing
share.
* BUG 6435: Fix minor memory corruption.
* Restore "fake directory create times" as a share parameter.
* Fix explicit stat64 support.
* Add support for NetWkstaGetInfo 101 and 102.
* Add rpcclient wkssvc_enumerateusers.
* De-deprecate "write cache size" to prevent its removal without a proper
alternative.
* Allow more than 1000 users in BUILTIN\Users.
o Jim McDonough
* BUG 6967: Prevent glibc error on 'net ads join'.
o Lars Müller
* BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
set while configure.
o Ian Puleston
* Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
o Karolin Seeger
* Fix the build of the example VFS modules.
o Bo Yang
* BUG 6879: Fix crash in Winbind.
* Fix crash in free_file_list().
* Give the user a chance to change password when password will expire soon.
##
Reporting bugs & Development Discussion
###
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.5 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==
pgpCKtujMq0Qj.pgp
Description: PGP signature
[Announce] Samba 3.5.0rc3 Available for Download
ntschel * Add some German translations for the 'net' command. o Suresh Jayaraman * Update mount.cifs man page with nounix option. o Volker Lendecke * Fix _samr_GetAliasMembership for results with 0 rids. * Fix an error case in cli_negprot. * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. * Restore correct timeouts for SMB requests. * Fix a 64-bit error in libsmb. * Replace IS_DOMAIN_OFFLINE by a function in Winbind. * Simplify/cleanup Winbind code. o Kamen Mazdrashki * Fix write behind memory block in libtalloc. * Fix result check for getaddrinfo(). o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Brian Lu * BUG 6991: Create symbol links to shared libraries. o Stefan Metzmacher * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. * Fix standalone 'make installdocs'. o Peter Rosin * Output %p as unsigned in snprintf replacement. o Ronnie Sahlberg * New attempt at TDB transaction nesting allow/disallow. o Kirill Smelkov * Remove swig stuff from libtdb. * Reset tdb->fd to -1 in tdb_close() in libtdb. o Simo Sorce * Change the way mksysms work in libtalloc. o Jelmer Vernooij * Also build and install tdb manpages from standalone tdb. o Bo Yang * Fix infinite loop in NCACN_IP_TCP as there is no timeout. * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. * List trusted domains from wcache when domain is offline. Changes since 3.5.0pre1 --- o Michael Adam * Fix the build when no external talloc and tdb are installed. * Fix detection of CTDB headers on systems without system-libtalloc. o Jeremy Allison * BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. * BUG 6837: "Too many open files" when trying to access large number of files from Windows 7. * BUG 6938 : No hook exists to check creation rights when using acl_xattr module. * Fix vfs_acl_xattr which was failing to call the NEXT connect function. * Restructure the ACL code. * Refactor reply_rmdir to use handle based code. o Dan Cox * BUG 2350: Add LDAP Alias Dereferencing support. o Günther Deschner * BUG 6929: Fix build with recent heimdal. * Fix several printing issues. * Fix the build on Mac OS X 10.6.2. * Fix net and rpcclient after setprinterdataex changes. * Add full support for level 8 printer drivers. * Add more spoolss architectures to IDL. * Fix enumprinter key client and server. * Fix crash in EnumPrinterDataEx. o Björn Jacke * Prefer posix_fallocate for doing "strict allocate". o Matt Kraai * BUG 6860: Fix shared library build on QNX. o Volker Lendecke * BUG 6288: SWAT adds a second share when changing parameters of an existing share. * BUG 6435: Fix minor memory corruption. * Restore "fake directory create times" as a share parameter. * Fix explicit stat64 support. * Add support for NetWkstaGetInfo 101 and 102. * Add rpcclient wkssvc_enumerateusers. * De-deprecate "write cache size" to prevent its removal without a proper alternative. * Allow more than 1000 users in BUILTIN\Users. o Jim McDonough * BUG 6967: Prevent glibc error on 'net ads join'. o Lars Müller * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. o Ian Puleston * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. o Karolin Seeger * Fix the build of the example VFS modules. o Bo Yang * BUG 6879: Fix crash in Winbind. * Fix crash in free_file_list(). * Give the user a chance to change password when password will expire soon. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == pgpmJlzs1c5l4.pgp Description: PGP signature
[Announce] Samba 3.4.6 Available for Download
= "I have not failed. I've just found 10,000 ways that won't work." Thomas A. Edison = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.6 include: o "wide links" and "unix extensions" are incompatible (bug #7104). o Fix printing with 64 bit clients (bug #6888). o Fix core dump on Ubuntu 8.04 64 bit (bug #7063). o Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067). o Fix string buffer overflow causing heap corruption in smbd (bug #7096). ## Changes ### Changes since 3.4.5 --- o Michael Adam * Make idmap cache persistent for "ldapsam:trusted". * Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not only the persistent idmap cache. * Shortcut uid_to_sid when "ldapsam:trusted = yes". o Jeremy Allison * BUG 6557: Fix vfs_full_audit. * BUG 7063: Fix core dump on Ubuntu 8.04 64 bit. * BUG 7067: Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio). * BUG 7072: Fix unlocking of accounts from ldap. * BUG 7081: Fix vfs_expand_msdfs. * BUG 7104: "wide links" and "unix extensions" are incompatible. * BUG 7122: Fix reading of large browselist. * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'. * BUG 7155: Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash". o Steven Danneman * BUG 7096: Fix string buffer overflow causing heap corruption in smbd. o Günther Deschner * BUG 6888: Fix printing with 64 bit clients. * BUG 7130: Fix listing of printjobs in Windows 7. * BUG 7136: Spoolss getprinterdriver2 level 101 marshalling is bad. o William Jojo * BUG 7052: Fix DFS on AIX (maybe others). o Jeff Layton * BUG 6868: Fix crash bug in 'cifs.upcall'. o Volker Lendecke * BUG 5885: Fix bogus ip address in SWAT. * BUG 6981: Fix large paged search with DirX LDAP servers. * BUG 7068: Fix pdb_search crash as non-root user. * Make pdb_copy_sam_account also copy the group sid. o Stefan Metzmacher * BUG 6157: Use the first "uid" value. * BUG 6888: Fix printing with 64 bit clients. * BUG 7098: Fix results of 'smbclient -L' with a large browse list. * Shortcut gid_to_sid when "ldapsam:trusted = yes". * Speed up pdb_get_group_sid(). * Try to build the full unix_pw structure with ldapsam:trusted support. * Optimize ldapsam_alias_memberships() and cache ldap searches. o Lars Müller * BUG 7047: Add cross option to samba_cv_linux_getgrouplist_ok. * BUG 7102: Normalize "Changing password for" msg IDs and STRs. o Bo Yang * BUG 7106: Fix malformed require_membership_of_sid. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.6.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpNKppFqQ1f3.pgp Description: PGP signature
[Announce] Samba 3.3.11 Available for Download
=== "I'm very serious about no alcohol, no drugs. Life is too beautiful." Jim Carrey === Release Announcements = This is the latest bugfix release of the Samba 3.3 series. Major enhancements in Samba 3.3.11 include: o "wide links" and "unix extensions" are incompatible (bug #7104). o Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067). ## Changes ### Changes since 3.3.10 o Jeremy Allison * BUG 6557: Fix vfs_full_audit. * BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. * BUG 7045: Fix bad (non memory copying) interfaces in smbc_set calls. * BUG 7067: Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio). * BUG 7072: Fix unlocking of accounts from ldap. * BUG 7104: "wide links" and "unix extensions" are incompatible. * BUG 7122: Fix reading of large browselist. * BUG 7154: "mangling method = hash" can crash storing a name containing a '.'. * BUG 7155: Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash". o Günther Deschner * BUG 7043: Fix crash bug in "SMBC_parse_path". o Volker Lendecke * BUG 5626: Fix build on AIX. * BUG 5885: Fix bogus ip address in SWAT. * BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server. o Stefan Metzmacher * BUG 7098: Fix results of 'smbclient -L' with a large browse list. * BUG 7170: Fix handling of external domains in setups with one way trusts. o William Jojo * BUG 7052: Fix DFS on AIX (maybe others). o Bo Yang * BUG 7106: Fix malformed require_membership_of_sid. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.11.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpeBmrLfQJPR.pgp Description: PGP signature
[Announce] Samba 3.5.0 Available for Download
ull Windows ACL support. o Kai Blin * Add a few missing gettext calls to the 'net' command. * Fix up a share type translation and translate some more strings in 'net'. o Günther Deschner * Allow to call "pdbedit -N description -u user" without specifiyng "-r". * Add spoolss_DriverInfo7. * Fix rpcclient after setprinter IDL fixes. * Use generated krb5.conf in 'net ads testjoin'. o Jonas Gorski * BUG 6992: make test for getgrouplist cacheable. o André Hentschel * Add some German translations for the 'net' command. o Suresh Jayaraman * Update mount.cifs man page with nounix option. o Volker Lendecke * Fix _samr_GetAliasMembership for results with 0 rids. * Fix an error case in cli_negprot. * Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. * Restore correct timeouts for SMB requests. * Fix a 64-bit error in libsmb. * Replace IS_DOMAIN_OFFLINE by a function in Winbind. * Simplify/cleanup Winbind code. o Kamen Mazdrashki * Fix write behind memory block in libtalloc. * Fix result check for getaddrinfo(). o Jim McDonough * BUG 7014: Fix Winbind crash when retrieving empty group members. o Brian Lu * BUG 6991: Create symbol links to shared libraries. o Stefan Metzmacher * Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. * Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. * Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. * Fix standalone 'make installdocs'. o Peter Rosin * Output %p as unsigned in snprintf replacement. o Ronnie Sahlberg * New attempt at TDB transaction nesting allow/disallow. o Kirill Smelkov * Remove swig stuff from libtdb. * Reset tdb->fd to -1 in tdb_close() in libtdb. o Simo Sorce * Change the way mksysms work in libtalloc. o Jelmer Vernooij * Also build and install tdb manpages from standalone tdb. o Bo Yang * Fix infinite loop in NCACN_IP_TCP as there is no timeout. * Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. * List trusted domains from wcache when domain is offline. Changes since 3.5.0pre1 --- o Michael Adam * Fix the build when no external talloc and tdb are installed. * Fix detection of CTDB headers on systems without system-libtalloc. o Jeremy Allison * BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. * BUG 6837: "Too many open files" when trying to access large number of files from Windows 7. * BUG 6938 : No hook exists to check creation rights when using acl_xattr module. * Fix vfs_acl_xattr which was failing to call the NEXT connect function. * Restructure the ACL code. * Refactor reply_rmdir to use handle based code. o Dan Cox * BUG 2350: Add LDAP Alias Dereferencing support. o Günther Deschner * BUG 6929: Fix build with recent heimdal. * Fix several printing issues. * Fix the build on Mac OS X 10.6.2. * Fix net and rpcclient after setprinterdataex changes. * Add full support for level 8 printer drivers. * Add more spoolss architectures to IDL. * Fix enumprinter key client and server. * Fix crash in EnumPrinterDataEx. o Björn Jacke * Prefer posix_fallocate for doing "strict allocate". o Matt Kraai * BUG 6860: Fix shared library build on QNX. o Volker Lendecke * BUG 6288: SWAT adds a second share when changing parameters of an existing share. * BUG 6435: Fix minor memory corruption. * Restore "fake directory create times" as a share parameter. * Fix explicit stat64 support. * Add support for NetWkstaGetInfo 101 and 102. * Add rpcclient wkssvc_enumerateusers. * De-deprecate "write cache size" to prevent its removal without a proper alternative. * Allow more than 1000 users in BUILTIN\Users. o Jim McDonough * BUG 6967: Prevent glibc error on 'net ads join'. o Lars Müller * BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. o Ian Puleston * Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. o Karolin Seeger * Fix the build of the example VFS modules. o Bo Yang * BUG 6879: Fix crash in Winbind. * Fix crash in free_file_list(). * Give the user a chance to change password when password will expire soon. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenod
[Announce] Samba 3.5.2 Available for Download
= "Why don't we save time and you just tell me what I want?" Mr. Big to Carie, Sex and the City = Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.2 include: o Fix smbd segfaults in _netr_SamLogon for clients sending null domain (bug #7237). o Fix smbd segfaults in "waiting for connections" message (bug #7251). o Fix an uninitialized variable read in smbd (bug #7254). o Fix a memleak in Winbind (bug #7278). o Fix Winbind reconnection to it's own domain (bug #7295). Changes since 3.5.1 --- o Michael Adam * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are present. * BUG 7232: Fix race conditions in CTDB persistent transactions. * BUG 7313: Make 'net conf addshare' atomic. * BUG 7314: Eliminate race condition in creating/scanning sorted subkeys in the registry backend. o Jeremy Allison * BUG 7075: Fix bug in vfs_scannedonly rmdir implementation. * BUG 7159: Fix handling of bad server data returns in client rpc_transport. * BUG 7234: Symlink delete fails but incorrectly reports success to client. * BUG 7255: Fix "printer admin" functionality. * BUG 7283: Fix smbd segfault if using vfs_acl_tdb. * BUG 7297: Fix smbd crashes with CUPS printers and no [printers] share defined. * BUG 7310: Fix DOS attribute inconsistency with MS Office. o Kai Blin * BUG 7290: Fix core dump in 'ntlm_auth' with "gss-spnego" helper. o Günther Deschner * BUG 6727: Fix several printing issues. * BUG 7237: Fix smbd segfaults in _netr_SamLogon for clients sending null domain. * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData(). * BUG 7258: Fix _winreg_QueryValue crash bugs and implement Windows behavior. o Holger Hetterich * BUG 7203: Fix 'net share' command. o Michael Karcher * BUG 7269: Fix job management commands for CUPS queues. o Jeff Layton * BUG 6853: Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink. o Volker Lendecke * BUG 5198: Fix parsing of the gecos field. * BUG 7202: Fix access by multi-threaded applications. * BUG 7212: Fix returning of group members with 'getent group'. * BUG 7216: Fix the build of net_afs.c with --fake-kaserver=yes. * BUG 7229: Fix a NULL pointer dereference in smbd. * BUG 7232: Fix race conditions in CTDB persistent transactions. * BUG 7254: Fix an uninitialized variable read in smbd. * BUG 7278: Fix a memleak in Winbind. o Roel van Meer * BUG 6814: Fix valgrind warning. o Stefan Metzmacher * BUG 7170: Never mark external domains as internal in Winbind. * BUG 7225: Make Winbind logs more verbose for troubleshooting. * BUG 7251: Fix smbd segfault in "waiting for connections" message. * BUG 7295: Fix Winbind reconnection to it's own domain. * BUG 7316: Winbind possibly segfaults when trying a trusted domain without inbound trust. o SATOH Fumiyasu * BUG 1206: Fix segfault if hide files or veto files has no ".AppleDouble". o Simo Sorce * BUG 7204: Fix DN parsing name was always null. o Andrew Tridgell * BUG 7312: Many disconnecting clients render clustered Samba unusuable for some time. o Bo Yang * BUG 7206: Signals are processed twice in child. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.2.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/)
[Announce] Samba 3.4.8 Available for Download
= "Dogs never bite me. Just humans." Marilyn Monroe = Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.8 include: o Fix Winbind reconnection to it's own domain (bug #7295). o Fix an uninitialized variable read in smbd (bug #7254). o Fix smbd crash with CUPS printers and no [printers] share defined (bug #7297). o Fix NULL pointer dereference in smbd (bug #7229). Changes since 3.4.7 --- o Michael Adam * BUG 7231: Fix automatic building of vfs_tsmsm if gpfs and dmapi are present. o Jeremy Allison * BUG 7159: Fix handling of bad server data returns in client rpc_transport. * BUG 7255: Fix "printer admin" functionality. * BUG 7288: Fix SMB job IDs in CUPS job names. * BUG 7297: Fix smbd crash with CUPS printers and no [printers] share defined. * BUG 7310: Fix DOS attribute inconsistency with MS Office. o Kai Blin * BUG 7290: Fix core dump in 'ntlm_auth'. o Günther Deschner * BUG 6727: Fix printing issues. * BUG 7176: Fix incorrect format of device mode strings. * BUG 7256: Fix value-needed calculation in_spoolss_EnumPrinterData(). * BUG 7277: Fix exporting printers via 'cupsaddsmb' command. o Björn Jacke * BUG 7352: Fix different definitions of TIME_T_MAX. o Michael Karcher * BUG 7269: Fix job management commands for CUPS queues. o Jeff Layton * BUG 6853: Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink. o Volker Lendecke * BUG 5198: Fix parsing of the gecos field. * BUG 5626: Fix build on AIX. * BUG 7229: Fix NULL pointer dereference in smbd. * BUG 7254: Fix an uninitialized variable read in smbd found by Laurent Gaffié from Stratsec. * BUG 7326: Fix writing with vfs_full_audit. o Derrell Lipman * BUG 7345: Fix incomplete description of function return values in libsmbclient.h. o Jim McDonough * BUG 7378: Display an error on 'net conf import' failures. o Roel van Meer * BUG 6814: Fix valgrind warning. o Stefan Metzmacher * BUG 7159: Fix handling of bad server data returns in client rpc_transport. * BUG 7170: Never mark external domains as internal. * BUG 7295: Fix Winbind reconnection to it's own domain. * BUG 7316: Make sure we don't try rpc requests against unaccessable domains. * BUG 7317: Fix problems with SIGCHLD handling in Winbind. o SATOH Fumiyasu * BUG 1206: Fix segfault in vfs_netatalk. o Bo Yang * BUG 7206: Fix duplicate signal handler. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.8.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpBKWMcRMgWx.pgp Description: PGP signature
[Announce] Samba 3.5.3 Available for Download
== "Design can be art. Design can be aesthetics. Design is so simple, that's why it is so complicated." Paul Rand == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.3 include: o Fix MS-DFS functionality (bug #7339). o Fix a Winbind crash when scanning trusts (bug #7389). o Fix problems with SIGCHLD handling in Winbind (bug #7317). Changes since 3.5.2 --- o Jeremy Allison * BUG 7288: Fix SMB job IDs in CUPS job names. * BUG 7339: Fix MS-DFS functionality. o Andrew Bartlett * BUG 7354: Fix CLDAP tsocket problem on Solaris. o Ira Cooper * BUG 7384: Fix bitmap leak in dptr_Close. o Günther Deschner * BUG 7277: Fix exporting printers via 'cupsaddsmb' command. * BUG 7417: Fix setting of passwords via 'net rpc user password' command. * BUG 7418: Fix 'net rpc printer list' command. o Olaf Flebbe * BUG 7421: Rename mod_name to module_name. o Björn Jacke * BUG 7352: Make TIME_T_MAX defines consistent. * BUG 7385: Fix building with Solaris' gcc. o Jeff Layton * BUG 7315: Fix segfault in mount.cifs. o Volker Lendecke * BUG 7357: Re-fix a bug with smbd serving a windows terminal server. * BUG 7389: Fix a Winbind crash when scanning trusts. * BUG 7398: Fix rename problems with full_audit VFS module. o Jim McDonough * BUG 7378: Display an error on 'net conf import' failures. o Stefan Metzmacher * BUG 7196: Add replacement for IPV6_V6ONLY on linux systems with broken headers. * BUG 7317: Fix problems with SIGCHLD handling in Winbind. * BUG 7354: Fix CLDAP tsocket problem on Solaris. o Luca Olivetti * BUG 7263: Fix cups encryption setting. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpL5O7m73I9X.pgp Description: PGP signature
Samba 3.3.13 Security Release Available for Download
Release Announcements = This is a security release in order to address CVE-2010-2063. o CVE-2010-2063: In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code. Changes since 3.3.12 o Jeremy Allison * BUG 7494: Fix for CVE-2010-2063. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.3 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.13.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team pgpix3vRFvLGe.pgp Description: PGP signature
[Announce] Samba 3.5.4 Available for Download
==
"Your brain commands your body to "Run forward!
Bend! Scoop up the ball! Peg it to the infield!"
Then your body says, "Who, me?" "
Joe DiMaggio
==
Release Announcements
=
This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.4 include:
o Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
from ldap (bug #7448).
o Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
Changes since 3.5.3
---
o Michael Adam
* BUG 7507: Fix init_sam_from_ldap storing group in sid2uid cache.
o Jeremy Allison
* BUG 7188: Make ea data checks identical for trans2open and trans2mkdir.
* BUG 7410: Samba sends "raw" inode number as uniqueid with unix extensions.
* BUG 7449: Fix spnego returning incorrect mechListMIC string.
o Günther Deschner
* BUG 7341: Fix Winbind over IPv6.
* BUG 7459: Fix some crash bugs and missing error codes in AddDriver paths.
* BUG 7479: Fix crash bug in _samr_QueryUserInfo{2} level 18.
* BUG 7517: Fix session setup from linux kernel cifs clients with
"sec=ntlmv2".
o Olaf Flebbe
* BUG 7209: Fix build on RHEL5.
o Björn Jacke
* BUG 7427: Using IBM xl_C compiler produces wrong results in configure.
* BUG 7503: Fix calculation of st_blocks in vfs_streams_xattr.
* BUG 7504: Fix numerous build issues.
o Volker Lendecke
* BUG 7253: Fix Samba login cache problem on Sparc Architecture.
* BUG 7262: Fix editing users' groups via UsrMgr.
o Buchan Milne
* BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui.
o Matthieu Patou
* BUG 7099: Allow previous password to be stored and use it to check
tickets.
o Andreas Schneider
* BUG 7423: Fix printing large formats.
o Roel van Meer
* BUG 7448: Fix smbd crash when sambaLMPassword and sambaNTPassword entries
missing from ldap.
##
Reporting bugs & Development Discussion
###
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 3.5 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
==
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==
Download Details
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/stable
The release notes are available online at:
http://www.samba.org/samba/history/samba-3.5.4.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
pgpA2LCVzB7S4.pgp
Description: PGP signature
[Announce] Samba 3.6.0pre1 Available for Download
Release Announcements - This is the first preview release of Samba 3.6. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: SMB2 support SMB2 support in 3.6.0 is fully functional (with one ommission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. SMB Traffic Analyzer Added the new SMB Traffic Analyzer (SMBTA) VFS module protocol 2 featuring encryption, multiple arguments, and easier parseability. A new tool 'smbta-util' has been created to control the encryption behaviour of SMBTA. For compatibility, SMBTA by default operates on version 1. There are programs consuming the data that the module sends. More information can be found on http://holger123.wordpress.com/smb-traffic-analyzer/ ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- log writeable files on exit New No ctdb locktime warn thresholdNew 0 smb2 max read New 1048576 smb2 max write New 1048576 smb2 max trans New 1048576 username map cache time New 0 async smb echo handler New No ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.6 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have
[Announce] Samba 3.5.5, 3.4.9 and 3.3.14 Security Releases Available
Release Announcements = These are a security releases in order to address CVE-2010-3069. o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. Changes --- o Jeremy Allison * BUG 7669: Fix for CVE-2010-3069. o Andrew Bartlett * BUG 7669: Fix for CVE-2010-3069. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.3.14.html http://www.samba.org/samba/ftp/history/samba-3.4.9.html http://www.samba.org/samba/ftp/history/samba-3.5.5.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.5.6 Available for Download
== "When one teaches, two learn." Robert Half == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.6 include: o Fix smbd panic on invalid NetBIOS session request (bug #7698). o Fix smbd crash caused by "%D" in "printer admin" (bug #7541). o Fix crash bug with invalid SPNEGO token (bug #7694). o Fix Winbind internal error (bug #7636). Changes since 3.5.5 --- o Jeremy Allison * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant. * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates. * BUG 7581: Fix "admin users" when using vfs_acl_xattr. * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using Kerberos. * BUG 7589: Fix using cached credentials in ntlm_auth. * BUG 7590: Fix Winbind offline login. * BUG 7617: Fix smbd coredump due to uninitialized variables in the performance counter code. * BUG 7636: Fix Winbind internal error. * BUG 7651: Fix mknod and mkfifo failing with "No such file or directory". * BUG 7693: Fix smbd changing mode of files on rename. * BUG 7694: Fix crash bug with invalid SPNEGO token. * BUG 7698: Fix smbd panic on invalid NetBIOS session request. o Günther Deschner * BUG 7541: Fix smbd crash caused by "%D" in "printer admin". * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel. * BUG 7658: Fix "dereferencing type-punned pointer will break strict-aliasing rules" warnings). * BUG 7665: Fix memory leak in netapi connection manager. o Björn Jacke * BUG 7244: Fall back to cups-config for underlinked libs. * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat struct members. o Volker Lendecke * BUG 7336: Enable idmap_passdb module build as shared. * BUG 7531: Fix the charset_pull routine. * BUG 7635: Fix 'smbclient -M'. * BUG 7656: Fix scalability problem with hundreds of printers. * BUG 7684: Fix fd leak in libwbclient.so. * BUG 7688: Fix crash bug in rpcclient. * BUG 7470: Standardize S_IREAD and S_IWRITE. * BUG 7715: Fix file corruption when setting Samba "write wache wize". o Jim McDonough * BUG 7280: Fix auto printers with registry config. o Andreas Schneider * BUG 7538: Fix GUID_from_data_blob() with length of 32. o Chere Zhou * BUG 7662: Align change notify replies on 4-byte boundary. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.6.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.4.10 Available for Download
== "Each day provides its own gifts." Marcus Aurelius == Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.10 include: o Fix smbd coredump (bug #7617). o Fix Winbind internal error (bug #7636). o Fix flaky Winbind against w2k8 (bug #7881). Changes since 3.4.9 --- o Michael Adam * BUG 7507: init_sam_from_ldap stores group in sid2uid cache. o Jeremy Allison * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant. * BUG 7590: Fix offline login in Winbind. * BUG 7617: Fix smbd coredump. * BUG 7636: Fix Winbind internal error. * BUG 7892: Fix stale lock in open_file_fchmod(). o Andrew Bartlett * BUG 7356: Fix 'net ads dns register' in Win 2008 R2 domains. o Björn Baumbach * BUG 7875: Fix 'nmbd --port'. * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures. o Günther Deschner * BUG 7341: Fix Winbind over IPv6. * BUG 7417: Fix 'net rpc user password' command. * BUG 7418: Fix 'net rpc printer list' command. * BUG 7500: Fix 'not a string literal' warning in netdomjoin-gui. * BUG 7541: Fix smbd crash caused by "%D" in "printer admin" option. * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel. o Olaf Flebbe * BUG 7421: Fix build on AIX 6.1. o Björn Jacke * BUG 7821: Set Tru64 cc's PIC switch right. o Volker Lendecke * BUG 7066: Fix "Your Password expires today" message for users from trusted domains. * BUG 7262: Fix EnumDomainAliases when no aliases are in LDAP. * BUG 7336: Enable idmap_passdb module build as shared. * BUG 7715: Stop using the write cache after an oplock break: Stop using the write cache after an oplock break. * BUG 7800: Make winbind recover from a signing error. * BUG 7881: Fix flaky Winbind against w2k8. o Jim McDonough * BUG 7280: Fix loading of auto printers with registry config. o Stefan Metzmacher * BUG 7607: Fix buffer over-read in pidl generated client code. * BUG 7896: Fix 'net rpc user rename'. o Andreas Schneider * BUG 7423: Add EN ISO 216, A0 and A1 to builtin forms. * BUG 7538: Backport fixes for GUID_from_data_blob. o Andrew Tridgell * BUG 7538: Backport fixes for GUID_from_data_blob. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.10.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.4.11 Available for Download
== "Storms make trees take deeper roots." Dolly Parton == Release Announcements = This is the latest stable release of Samba 3.4. It addresses the following issue introduced with Samba 3.4.10: o Fix connecting to port-139 only servers (bug 7881). Changes since 3.4.10 o Volker Lendecke * BUG 7881: Fix connecting to port-139 only servers. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.11.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Release Announcements = Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. Changes --- o Jeremy Allison * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.5.7.html http://www.samba.org/samba/ftp/history/samba-3.4.12.html http://www.samba.org/samba/ftp/history/samba-3.3.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.5.8 Available for Download
=== "Food is for eating, and good food is to be enjoyed... I think food is, actually, very beautiful in itself." Delia Smith == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.8 include: o Fix Winbind crash bug when no DC is available (bug #7730). o Fix finding users on domain members (bug #7743). o Fix memory leaks in Winbind (bug #7879). o Fix printing with Windows 7 clients (bug #7567). Changes since 3.5.7: o Michael Adam * BUG 7594: Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'. * BUG 7871: Fix 'net ads dns register' in cluster setups. * BUG 7894: Fix sporadic Winbind panic in rpc query_user_list. o Jeremy Allison * BUG 7409: Raise debug level for "reduce_name: couldn't get realpath" messages. * BUG 7716: Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules. * BUG 7733: Fix incorrect unix mode_t caused by invalid client DOS attributes on create. * BUG 7734: Apply appropriate create masks when creating files with "inherit ACLs" set to true. * BUG 7743: Fix finding users on domain members. * BUG 7744: Fix "dfree cache time" parameter. * BUG : Fix requesting lookups for BUILTIN sids. * BUG 7785: Fix atime limit. * BUG 7791: Fix copying files from a SMB share using Gnome vfs and SMB signing. * BUG 7812: ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb. * BUG 7835: vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on. * BUG 7843: Expand the local SAMs aliases. * BUG 7892: Fix stale lock in open_file_fchmod(). * BUG 7950: Revalidate the pathname once re-constructed from a root fsp. o Andrew Bartlett * BUG 7356: Fix 'net ads dns register' in Windows 2008 R2 domains. o Björn Baumbach * BUG 7875: Fix 'nmbd --port'. * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures. o Günther Deschner * BUG 7567: Fix printing with Windows 7 clients. * BUG 7641: Handle Windows 9x adddriver calls without config file. * BUG 7945: Let Winbind try to use samlogon validation level 6. o Holger Hetterich * BUG 3185: Fix 'testparm' return code when EOF in encountered in param name. o Björn Jacke * BUG 7821: Fix build of shared libraries on Tru64. o Volker Lendecke * BUG 7066: Fix "Your Password expires today" message for users of trusted domains. * BUG 7262: Fix maintaining of users' groups via UsrMgr. * BUG 7656: Fix scalability problem with hundreds of printers. * BUG 7665: Fix memory leak in the netapi routines. * BUG 7730: Fix Winbind crash bug when no DC is available. * BUG 7774: Fix a getgrent crash with many groups. * BUG 7779: Fix smbd crash caused by expand_msdfs. * BUG 7800: Make Winbind recover from a signing error. * BUG 7817: Fix "force group" with ntlmssp guest session setup. * BUG 7841: Make WINBINDD_LOOKUPRIDS asking the right domain. * BUG 7842: Make WINBINDD_LOOKUPRIDS returning the domain name. * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't support. * BUG 7879: Fix memory leaks in Winbind. * BUG 7881: Fix flaky Winbind against Windows 2008. * BUG 7917: Fix connections from WinCE. * BUG 7940: Fix opening MS Powerpoint files. o Stefan Metzmacher * BUG 7567: Fix printing with Windows 7 clients. * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't support. * BUG 7883: Fix SMB session setups with Kerberos against some closed source SMB servers. * BUG 7896: Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name. * BUG 7899: Don't return "-1" on success in 'net rpc vampire keytab'. * BUG 7942: Fix endless loops caused by inotify. * BUG 7944: Catch lookup_names/sids schannel errors over ncacn_ip_tcp. o Jonathan Nieder * BUG 6837: Make "rlimit_max below minimum Windows limit" notification less scary. o olivier * BUG 7789: vfs_scannedonly: Switch from mtime to ctime which is more reliable. o Rusty Russell * BUG 7498: Fix updating the time on close in vfs_gpfs. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you w
[Announce] Samba 3.6.0pre2 Preview Release Available for Download
Release Announcements - This is the second preview release of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that we may be able to use Kerberos to communicate with a server less often in smbclient, winbind and other Samba client tools. We may fall back to NTLMSSP in more situations where we would previously rely on the insecure indication from the 'NegProt' CIFS packet. This mostly occursed when connecting to a name alias not recorded as a servicePrincipalName for the server. This indication is not available from Windows 2008 or later in any case, and is not used by modern Windows clients, so this makes Samba's behaviour consistent with other clients and against all servers. The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the heart of the id mapping system: The se
[Announce] Samba 3.4.13 Available for Download
= "Everybody gets so much information all day long that they lose their common sense." Gertrude Stein == Release Announcements = This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.13 include: o Fix Winbind crash caused by null pointer reference (bug #8086). o Fix incorrect timeout handling in ncacn_ip_tcp client code (bug #8085). Changes since 3.4.12 o Günther Deschner * BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code. o Volker Lendecke * BUG 8086: Fix Winbind crash caused by null pointer reference. o Sergey Korsak * BUG 8099: setpwent() actually does endpwent() on FreeBSD. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.13.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.0pre3 Available for Download
Release Announcements - This is the third preview release of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that we may be able to use Kerberos to communicate with a server less often in smbclient, winbind and other Samba client tools. We may fall back to NTLMSSP in more situations where we would previously rely on the insecure indication from the 'NegProt' CIFS packet. This mostly occursed when connecting to a name alias not recorded as a servicePrincipalName for the server. This indication is not available from Windows 2008 or later in any case, and is not used by modern Windows clients, so this makes Samba's behaviour consistent with other clients and against all servers. The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the heart of the id mapping system: The sep
[Announce] Samba 3.6.0rc1 Available for Download
Release Announcements - This is the first release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that we may be able to use Kerberos to communicate with a server less often in smbclient, winbind and other Samba client tools. We may fall back to NTLMSSP in more situations where we would previously rely on the insecure indication from the 'NegProt' CIFS packet. This mostly occursed when connecting to a name alias not recorded as a servicePrincipalName for the server. This indication is not available from Windows 2008 or later in any case, and is not used by modern Windows clients, so this makes Samba's behaviour consistent with other clients and against all servers. The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the heart of the id mapping system: The s
[Announce] Samba 3.6.0rc2 Available for Download
Release Announcements - This is the second release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that we may be able to use Kerberos to communicate with a server less often in smbclient, winbind and other Samba client tools. We may fall back to NTLMSSP in more situations where we would previously rely on the insecure indication from the 'NegProt' CIFS packet. This mostly occursed when connecting to a name alias not recorded as a servicePrincipalName for the server. This indication is not available from Windows 2008 or later in any case, and is not used by modern Windows clients, so this makes Samba's behaviour consistent with other clients and against all servers. The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the heart of the id mapping system: The
[Announce] Samba 3.5.9 Available for Download
=== "There can't be a crisis next week. My schedule is already full." Henry A. Kissinger == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.9 include: o Sgid bit lost on folder rename (bug #7996). o ACL can get lost when files are being renamed (bug #7987). o Respect "allow trusted domains = no" in Winbind (bug #6966). Changes since 3.5.8: o Jeremy Allison * BUG 6911: Kerberos authentication from Vista to Samba fails when security blob size is greater than 16 kB. * BUG 7080: Quota only shown when logged as root. * BUG 7528: Fix Solaris with NIS autohome. * BUG 7987: ACL can get lost when files are being renamed. * BUG 7996: sgid bit lost on folder rename. * BUG 8040: Fix 'smbclient' segfaults when a Cyrillic netbios name or workgroup is configured. * BUG 8072: Fix panic in create_file_acl_common. * BUG 8038: Fix is_myname_or_ipaddr() to be robust against strange DNS setups. * BUG 8083: "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. * BUG 8088: Fix segfault in rpccli_samr_chng_pswd_auth_crap if any input blobs are null. * BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. * BUG 8157: Fix parsing CUPS printcap files in std_pcap_cache_reload(). * BUG 8163: Fix our asn.1 parser to handle negative numbers. * BUG 8211: "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes". o Christian Ambach * BUG 8008: Fix a segfault in the krb5 locator plugin. * BUG 8012: Use getgrset() instead of initgroups() + getgroups() when getgrouplist() is not defined. * BUG 8031: Convert gpfs:sharemodes and gpfs:leases parameters from a global setting to a per share setting. o Andrew Bartlett * BUG 7893: Don't ever ask for machine$ principals as a target. o Björn Baumbach * BUG 8074: Fix debug message. o Dmitry Butskoy * BUG 6966: Respect "allow trusted domains = no" in Winbind. o Marc A. Dahlhaus * BUG 8047: Fix mdns registration if "interfaces=" is used. o Günther Deschner * BUG 7993: Make sure we don't crash when publishing a single printer. * BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code. * BUG 8132: Fix filling printers location field when using CUPS. o David Disseldorp * BUG 7836: Make newly added printers visible to clients. * BUG 7994: Use printcap IDL for IPC. o Björn Jacke * BUG 7825: Fix GNU ld version detection with old gcc releases. * BUG 8033: Add explicit configure option whether to enable dmapi support or not. o Sergey Korsak * BUG 8099: setpwent() actually does endpwent() on FreeBSD. o Volker Lendecke * BUG 8009: Fix getting username in 'net rap session'. * BUG 8011: Fix memory corruption in shadow_copy2. * BUG 8016: Fix gpfs_get_xattr. * BUG 8042: File creation on OS/X. * BUG 8054: Winbind cache stores/retrieves wrong sizes for 16-bit ints. * BUG 8066: Fix wrong output in 'smbget'. * BUG 8087: Fix wbcChangeUserPasswordEx in RESPONSE mode. o Nikolay Martynov * BUG 8010: Fix inode generation so nautilus can count total dir size correctly. o Jim McDonough * BUG 6364: Pull realm from supplied username on libnet join. * BUG 8166: Don't lockout users when offline. o Stefan Metzmacher * BUG 7383: Normalize IPv4 mapped IPv6 addresses in both directions. * BUG 8034: SEC_STD_DELETE is always granted to the owner of a file. o Larry Reid * BUG 8055: Can't see Parts of DFS CIFS share. o Simo Sorce * BUG 7610: winbindd_cache.tdb grows too large when scaled. o Martin Vogt * BUG 6762: Fix ctdb on gpfs error with MS Office. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and
Re: [Announce] Samba 3.5.9 Available for Download
Please note that the Samba 3.5.9 release notes have been extended after the release. The following paragraph on the changed Kerberos behaviour has been added for clarification: -8<--snip--8<-- New Kerberos behaviour -- A new parameter 'client use spnego principal' defaults to 'no' and mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting more like Windows when using Kerberos against a CIFS server in smbclient, winbind and other Samba client tools. This will change which servers we will successfully negotiate kerberos connections to. This is due to Samba no longer trusting a server-provided hint which is not available from Windows 2008 or later. For correct operation with all clients, all aliases for a server should be recorded as a as a servicePrincipalName on the server's record in AD. ->8--snap-->8-- You can find the complete updated release notes at http://samba.org/samba/history/samba-3.5.9.html. Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org
[Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Release Announcements = Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability. Please note that SWAT must be enabled in order for these vulnerabilities to be exploitable. By default, SWAT is *not* enabled on a Samba install. Changes --- o Kai Blin * BUG 8289: SWAT contains a cross-site scripting vulnerability. * BUG 8290: CSRF vulnerability in SWAT. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.10.html http://www.samba.org/samba/history/samba-3.4.14.html http://www.samba.org/samba/history/samba-3.3.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.0rc3 Available for Download
Release Announcements - This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that Samba will use CIFS/hostname to obtain a kerberos ticket, acting more like Windows when using Kerberos against a CIFS server in smbclient, winbind and other Samba client tools. This will change which servers we will successfully negotiate kerberos connections to. This is due to Samba no longer trusting a server-provided hint which is not available from Windows 2008 or later. For correct operation with all clients, all aliases for a server should be recorded as a as a servicePrincipalName on the server's record in AD. (For this reason, this behavior change and parameter was also made in Samba 3.5.9) The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the h
[Announce] Samba 3.5.11 Available for Download
=== "Birthdays are nature's way of telling us to eat more cake." Source Unknown == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to Samba shares when Windows security patch KB2536276 is installed (bug #7460). o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949). o Fix Winbind panics if verify_idpool() fails (bug #8253). Changes since 3.5.10: o Jeremy Allison * BUG 7462: Make SA_RESETHAND conditional on its existance. * BUG 8254: Make "acl check permissions = no" working in all cases. o Gregor Beck * BUG 8253: Fix Winbind panics if verify_idpool() fails. o David Disseldorp * BUG 8269: Stop spamming log with "Could not find child X -- ignoring" messages in smbd. o Björn Jacke * BUG 7460: Include sys/file.h only when available. o Volker Lendecke * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). * BUG 8238: Fix access to Samba shares when Windows security patch KB2536276 is installed. * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR. o Stefan Metzmacher * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain. * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. * BUG 8276: Close all sockets attached to a subnet in close_subnet(). ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.11.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
Re: [Announce] Samba 3.5.11 Available for Download - correction
Hey folks, please note, that I listed "Fix DoS in Winbind and smbd with many file descriptors open (bug #7949)" by accident in the release notes of Samba 3.5.11. This one was already fixed with Samba 3.5.7. Many thanks to Vincent Danen for reporting! http://samba.org/samba/history/samba-3.5.11.html has been updated accordingly. Cheers, Karolin On Thu, Aug 04, 2011 at 10:34:06AM +0200, Karolin Seeger wrote: > === > "Birthdays are nature's way of >telling us to eat more cake." > >Source Unknown > == > > > Release Announcements > = > > This is the latest stable release of Samba 3.5. > > Major enhancements in Samba 3.5.11 include: > > o Fix access to Samba shares when Windows security patch KB2536276 is > installed >(bug #7460). > o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949). > o Fix Winbind panics if verify_idpool() fails (bug #8253). > > > Changes since 3.5.10: > > > > o Jeremy Allison > * BUG 7462: Make SA_RESETHAND conditional on its existance. > * BUG 8254: Make "acl check permissions = no" working in all cases. > > > o Gregor Beck > * BUG 8253: Fix Winbind panics if verify_idpool() fails. > > > o David Disseldorp > * BUG 8269: Stop spamming log with "Could not find child X -- ignoring" > messages in smbd. > > > o Björn Jacke > * BUG 7460: Include sys/file.h only when available. > > > o Volker Lendecke > * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). > * BUG 8238: Fix access to Samba shares when Windows security patch > KB2536276 is installed. > * BUG 8322: Add HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR. > > > o Stefan Metzmacher > * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain. > * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. > * BUG 8276: Close all sockets attached to a subnet in close_subnet(). > > > ## > Reporting bugs & Development Discussion > ### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the Samba 3.5 product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > == > == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > == > > > > Download Details > > > The uncompressed tarballs and patch files have been signed > using GnuPG (ID 6568B7EA). The source code can be downloaded > from: > > http://download.samba.org/samba/ftp/stable > > The release notes are available online at: > > http://www.samba.org/samba/history/samba-3.5.11.html > > Binary packages will be made available on a volunteer basis from > > http://download.samba.org/samba/ftp/Binary_Packages/ > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > --Enjoy > The Samba Team > > > > -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org
[Announce] Samba 3.6.0 Available for Download
=== "Forgiveness is the economy of the heart... Forgiveness saves the expense of anger, the cost of hatred, the waste of spirits." Hannah More == Release Announcements = This is the first release of Samba 3.6.0. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that Samba will use CIFS/hostname to obtain a kerberos ticket, acting more like Windows when using Kerberos against a CIFS server in smbclient, winbind and other Samba client tools. This will change which servers we will successfully negotiate kerberos connections to. This is due to Samba no longer trusting a server-provided hint which is not available from Windows 2008 or later. For correct operation with all clients, all aliases for a server should be recorded as a as a servicePrincipalName on the server's record in AD. (For this reason, this behavior change and parameter was also made in Samba 3.5.9) The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to "the spec", it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more
[Announce] Samba 3.4.15 Available for Download
= "Some cause happiness wherever they go; others whenever they go." Oscar Wilde == Release Announcements = This is the latest stable release of Samba 3.4. Changes since 3.4.14 o David Disseldorp * BUG 7836: Make newly added printers visible to clients, * BUG 7994: Make cups async printcap retrieval notify parent smbd of error status. * BUG 8269: Stop spamming log with "Could not find child X -- ignoring" messages. o Björn Jacke * BUG 8362: Fix build issue on old glibc systems. o Jim McDonough * BUG 6364: Pull realm from supplied username on libnet join. o Stefan Metzmacher * BUG 8276: Return the used number of sockets in create_listen_fdset(). * BUG 8347: Fix CVE-2011-2522 regression for HP-UX, AIX and OSF. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.4.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.1 Available for Download
=== "I'm desperately trying to figure out why kamikaze pilots wore helmets." Dave Edison == Release Announcements = This is the latest stable release of Samba 3.6. Major enhancements in Samba 3.6.1 include: o Fix smbd crashes triggered by Windows XP clients (bug #8384). o Fix a Winbind race leading to 100% CPU load (bug #8409). o Several SMB2 fixes. o The VFS ACL modules are no longer experimental but production-ready. Changes since 3.6.0: o Michael Adam * BUG 8368: Fix the fallback to the deprecated spelling idmap:script. o Jeremy Allison * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument). * BUG 8229: Fix 'widelinks' regression. * BUG 8370: Fix vfs_chown_fsp. * BUG 8412: Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with SMB2. * BUG 8422: Fix infinite loop in ACL module code. * BUG 8429: Compound SMB2 requests on an IPC connection can corrupt the reply stream. * BUG 8443: Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. * BUG 8453: Fix smbclient segfaults when dialect option -m is used for legacy dialects. * BUG 8458: IE9 on Windows 7 cannot download files to samba 3.5.11 share. * BUG 8473: smb2_find uses a hard coded max reply size of 0x1 instead of smb2_max_trans. * BUG 8474: SMB2 create doesn't cope with an Apple client using NULL blob in create. * BUG 8476: Samba asserts when SMB2 client breaks the crediting rules. * BUG 8477: Map to guest can return uninitialized blob of data. * BUG 8493: DFS breaks zip file extracting unless "follow symlinks = no" set. * BUG 8494: Remove "experimental" label on VFS ACL modules. * BUG 8507: smbd doesn't correctly honor the "force create mode" bits from a cifsfs create. * BUG 8509: Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER. * BUG 8521: Winbind cache timeout expiry test was reversed. o Christian Ambach * BUG 8428: Fix wrong reply to DHnC (durable handle reconnect). * BUG 8518: SMB2 create call returns incorrect file allocation size. o Björn Baumbach * BUG 8364: Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4. o Bram * BUG 7551: Return error of cli_push when 'put - /some/file' is used. o Ira Cooper * BUG 8395: Optimize serverid_exists() for Solaris. * BUG 8442: NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames. o Günther Deschner * BUG 8401: registry/reg_format.c must include includes.h. * BUG 7465: Fix 'net ads join -k' when KRB5CCNAME is not set. o David Disseldorp * BUG 8480: acl_xattr can free an invalid pointer if no blob is loaded. * BUG 8520: Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements. o Wilco Baan Hofman * BUG 8455: Fix uninitialized memory problem in group_sids_to_info3. o Björn Jacke * BUG 8256: Add man vfs_aio_fork. * BUG 8363: Fix build of vfs_prealloc on SLES8. o Volodymyr Khomenko * BUG 8515: Disallow "." in can_set_delete_on_close(). o Volker Lendecke * BUG 7864: Fix usage of cli_errstr(). * BUG 8334: smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes. * BUG 8338: Add a fallback for missing open&x support in MAC OS/X Lion. * BUG 8360: OS/2 sends an unexpected write&x/read&x chain. * BUG 8385: Fix smbclient access to NT4 shares. * BUG 8409: Fix a Winbind race leading to 100% CPU load. * BUG 8420: Fix 'getent group' if trusted domains are not reachable. * BUG 8433: Fix segfault in iconv.c. * BUG 8455: Samba PDC is looking up only primary user group. o Herb Lewis * BUG 8365: Fix warning messages on Freebsd 4.6.2. o Stefan Metzmacher * BUG 8407: SMB2 server can return requests out-of-order when processing a compound request. * BUG 8452: Check the wct of the incoming SMBnegprot responses. * BUG 8473: smb2_find uses a hard coded max reply size of 0x1 instead of smb2_max_trans. * BUG 8476: Don't call smbd_terminate_connection in smb2_validate_message_id(). * BUG 8503: SMB2_OP_CANCEL requests don't have to be signed. * BUG 8520: Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements. o SATOH Fumiyasu * BUG 8390: Fix the build of vfs_aixacl2.c. o Andreas Schneider * BUG 8236: Empty notify servername. * BUG 8351: While migrating forms, don't fail if the form already exists. o Andrew Tridgell * BUG 8384: Fix smbd crashes triggered by Windows XP clients. ## R
[Announce] Samba 3.5.12 Available for Download
=== "I am not an economist. I am an honest man!" Paul McCracken == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.12 include: o Fix race condition in Winbind (bug 7844). o The VFS ACL modules are no longer experimental but production-ready. Changes since 3.5.11: o Jeremy Allison * BUG 7509: smb_acl_to_posix: ACL is invalid for set (Invalid argument). * BUG 7551: Return error of cli_push when 'put - /some/file' is used. * BUG 8156: 'net ads join' fails to use the user's kerberos ticket. * BUG 8370: Fix vfs_chown_fsp. * BUG 8422: Fix infinite loop in ACL module code. * BUG 8443: Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. * BUG 8458: IE9 on Windows 7 cannot download files to samba 3.5.11 share. * BUG 8493: DFS breaks zip file extracting unless "follow symlinks = no" set. * BUG 8507: Make smbd correctly honor the "force create mode" bits from a cifsfs create. * BUG 8541: Fix readlink() on Linux clients if the symlink target is outside of the share. * BUG 8542: smbclient posix_open command fails to return correct info on open file. o Pierre Carrier * BUG 8186: Allow changing the maximum number of simultaneous clients in Winbind through an smb.conf option. o Günther Deschner * BUG 7465: Fix 'net ads join -k' when KRB5CCNAME is not set. * BUG 7888: Deal with buggy 3.0 based PDCs. * BUG 8491: Fix some coverity issues. o David Disseldorp * BUG 8480: acl_xattr can free an invalid pointer if no blob is loaded. o Björn Jacke * BUG 8256: Add man vfs_aio_fork. * BUG 8362: Fix SWAT build issue on old glibc systems. * BUG 8531: Make DSO_EXPORTS_CMD more portable. o Volodymyr Khomenko * BUG 8515: Disallow "." in can_set_delete_on_close(). o Volker Lendecke * BUG 7844: Fix race condition in Winbind. * BUG 8338: Add a fallback for missing open&x support in OS/X Lion. * BUG 8420: Fix getent group if trusted domains are not reachable. o Stefan Metzmacher https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.12.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.2 Available for Download
vice tickets. * BUG 8643: Add an update function for Winbind cache. * BUG 8678: Fix Winbind segfault if we can't map the last user. o Karolin Seeger * BUG 7705: Fix some RHEL packaging issues. o Richard Sharpe * BUG 8607: Improve configure.in so it can be used outside the Samba source tree. o Brad Smith * BUG 8525: Fix bug with sys_fseek() wrapper on *BSD / OS X). o Henry Wong * BUG 8384: Fix Windows XP clients crashing smbd process every once in a while. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.6 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.6.2.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.3 Security Release Available
Release Announcements = This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). o CVE-2012-0817: The Samba File Serving daemon (smbd) in Samba versions 3.6.0 to 3.6.2 is affected by a memory leak that can cause a server denial of service. Changes since 3.6.2: o Jeremy Allison * BUG 8724: Fix memory leak in parent smbd on connection. o Ira Cooper * BUG 8724: Fix memory leak in parent smbd on connection. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.6 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.6.3.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[ANNOUNCE] Samba 3.5.13 Available for Download
Please note that the tarball is available, but the v3-6-stable git branch and the websites cannot be updated right now because of technical problems. Thank you for your understanding. === "A great artist is always before his time or behind it." George Edward Moore == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.13 include: o Fix a crash bug in cldap_socket_recv_dgram() (bug #8593). o Fully observe password change settings (bug #8561). o Fix NT ACL issue (bug #8673). o Fix segfault in Winbind if we can't map the last user (bug #8678). Changes since 3.5.12: o Michael Adam * BUG 8327: Fix config reload to reload shares from registry. o Jeremy Allison * BUG 8139: Ignore SMBecho errors. * BUG 8521: Fix Winbind cache timeout expiry test. * BUG 8561: Fully observe password change settings. * BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL. * BUG 8636: When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. * BUG 8644: Make sure that vfs_acl_xattr and vfs_acl_tdb modules add inheritable entries on a directory with no stored ACL. * BUG 8663: Fix deleting a symlink if the symlink target is outside of the * share. * BUG 8664: Fix renaming a symlink if the symlink target is outside of the share. * BUG 8673: Fix NT ACL issue. * BUG 8679: Make sure that recvfile code path using splice() on Linux does not leave data in the pipe on short write. * BUG 8687: Fix typo in 'net memberships' usage. o Christian Ambach * BUG 8658: Add timeouts to Winbind cache. o Andrew Bartlett * BUG 8727: Do not limit read replies to NBT packet sizes. o Günther Deschner * BUG 8176: Fix perl path. * BUG 8692: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(). o Björn Jacke * BUG 8652: Document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb. o Jeff Layton * BUG 8648: Document more undocumented mount.cifs options. o Volker Lendecke * BUG 8639: Fix the vfs_commit module. * BUG 8686: Packet validation checks can be done before length validation causing uninitialized memory read. o Stefan Metzmacher * BUG 5326: Fix cli_write_and_x() against OS/2 print shares. * BUG 8562: Fix double free error (talloc). * BUG 8593: Fix a crash bug in cldap_socket_recv_dgram(). * BUG 8684: Try ctdbd_init_connection() as root. o Masafumi Nakayama * BUG 563: Fix 'smbclient tar' for files greater than 8GB on BE machines. o Matthieu Patou * BUG 8599: Make WINBINDD_PAM_AUTH_CRAP return valid user session key. * BUG 8771: Make Winbind change faster from DC1 to DC2. o Andreas Schneider * BUG 8608: Don't fail on users without a uid (Winbind). * BUG 8628: Don't duplicate Kerberos service tickets. * BUG 8645: Add missing prefixpath options for mount.cifs manpage. * BUG 8658: Add an update function for Winbind cache. * BUG 8678: Fix segfault in Winbind if we can't map the last user. o Karolin Seeger * BUG 7705: Fix rpm build issues on RHEL4. o Richard Sharpe * BUG 8607: Simplify building modules outside the Samba source tree. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.13.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Release Announcements = Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: o Stefan Metzmacher *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182). ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.4.html http://www.samba.org/samba/ftp/history/samba-3.5.14.html http://www.samba.org/samba/ftp/history/samba-3.4.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
Re: [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Further information can be found in the security advisory: http://www.samba.org/samba/security/CVE-2012-1182 Patches for older versions are available at http://www.samba.org/samba/history/security.html. This defect has been tracked in the following bug report: https://bugzilla.samba.org/show_bug.cgi?id=8815. On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote: > Release Announcements > = > > Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to > address CVE-2012-1182. > > o CVE-2012-1182: >Samba 3.0.x to 3.6.3 are affected by a >vulnerability that allows remote code >execution as the "root" user. > > > Changes: > > > > o Stefan Metzmacher > *BUG 8815: PIDL based autogenerated code allows overwriting beyond of > allocated array (CVE-2012-1182). > > > ## > Reporting bugs & Development Discussion > ### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the Samba corresponding product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > == > == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > == > > > > Download Details > > > The uncompressed tarballs and patch files have been signed > using GnuPG (ID 6568B7EA). The source code can be downloaded > from: > > http://download.samba.org/samba/ftp/ > > The release notes are available online at: > > http://www.samba.org/samba/ftp/history/samba-3.6.4.html > http://www.samba.org/samba/ftp/history/samba-3.5.14.html > http://www.samba.org/samba/ftp/history/samba-3.4.16.html > > Binary packages will be made available on a volunteer basis from > > http://download.samba.org/samba/ftp/Binary_Packages/ > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > --Enjoy > The Samba Team > > -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org
[Announce] Samba 3.6.5, 3.5.15 and 3.4.17 Security Releases Available
Release Announcements = Samba 3.6.5, 3.5.15 and 3.4.17 are security releases in order to address CVE-2012-2111. o CVE-2012-2111: Samba 3.4.x to 3.6.4 are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Changes: o Jeremy Allison * Fix incorrect permission checks when granting/removing privileges (CVE-2012-2111). The original Security Advisory is available at http://www.samba.org/samba/security/CVE-2012-2111. Patches for older versions are available at http://www.samba.org/samba/history/security.html. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.5.html http://www.samba.org/samba/ftp/history/samba-3.5.15.html http://www.samba.org/samba/ftp/history/samba-3.4.17.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.6 Available for Download
"Your body hears everything your mind says." Naomi Judd === Release Announcements = This is is the latest stable release of Samba 3.6. Major enhancements in Samba 3.6.6 include: o Fix possible memory leaks in the Samba master process (bug #8970). o Fix uninitialized memory read in talloc_free(). o Fix joining of XP Pro workstations to 3.6 DCs (bug #8373). Changes since 3.6.5: o Michael Adam * BUG 8738: SMB2 server will not release unused shares. * BUG 8749: Sign non guest sessions in SessionSetup. * BUG 8921: Fix race writing registry values. o Jeremy Allison * BUG 8373: Fix joining of XP Pro workstations to 3.6 DCs. * BUG 8627: Fix crash bug in dns_create_probe when dns_create_update fails. * BUG 8723: Add pthread-based aio VFS module. * BUG 8784: When calculating the share security mask, take priviliges into account for the connecting user. * BUG 8811: sd_has_inheritable_components segfaults on an SD that se_access_check accepts. * BUG 8837: Fix crash in smbd when deleting directory and veto files are enabled. * BUG 8857: Setting traverse rights fails to enable directory traversal when acl_xattr in use. * BUG 8882: Broken processing of %U with vfs_full_audit when force user is set. * BUG 8897: Make winbind_krb5_locator not only returning one IP address. * BUG 8910: resolve_ads() code can return zero addresses and miss valid DC IP addresses. * BUG 8922: smbclient's tarmode insists on listing excluded directories. * BUG 8953: Winbind can hang as nbt_getdc() has no timeout. * BUG 8957: Typo in pam_winbindd code MUST fix. * BUG 8970: Fix possible memory leaks in the Samba master process. * BUG 8971: cleanup_timeout_fn() is called too often, on exiting when an smbd is idle. * BUG 8972: Directory group write permission bit is set if unix extensions are enabled. o Christian Ambach * BUG 8406: Fix a return code check in Winbind. * BUG 8807: Fix crash in dcerpc_lsa_lookup_sids_noalloc() crashes when groups has more than 1000 groups. o Andrew Bartlett * BUG 8599: Only use SamLogonEx when we can get unencrypted session keys. * BUG 8727: Fix smbclients with posix large reads. * BUG 8943: Slow but responsive DC can lock up Winbind for > 10 minutes at a time. o Björn Baumbach * BUG 7564: Fix default name resolve order in the manpage. * BUG 8554, 8612, 8748: Add new printers to registry. * BUG 8789: Remove whitespace in example samba.ldif. o Alexander Bokovoy * BUG 8988: Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(). o Alejandro Escanero Blanco * BUG 8798: The primary rid should be in the groups rid array. o Ira Cooper * BUG 8729: Fix getpass regressions on Solaris/Illumos. * BUG 8743: Fix configure.developer builds on Solaris. * BUG 8910: Fix bad bugfix for bug #8910. * BUG 8952: Fix negative SID->uid/gid cache handling. * BUG 8995: Use fsp_persistent_id() as persistent_file_id part for SMB2. o David Disseldorp * BUG 8762: Fix crash in printer_list_set_printer(). o Olaf Flebbe * BUG 8859: Fix assertion in reg_parse. o Björn Jacke * BUG 8732: Fix compile of krb5 locator on Solaris. * BUG 8869: Remove outdated netscape ds 5 schema file. * BUG 8978: Remove dependency on automake for 'make everything'. o Steve Langasek * BUG 8920: Fix null dereference in pdb_interface. o Volker Lendecke * Fix uninitialized memory read in talloc_free(). * BUG 8567: Fix segfault in dom_sid_compare. * BUG 8733: Delete streams on directories (streams_depot). * BUG 8760: Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY. * BUG 8836: Fix segfaults on "smbcontrol close-share" in aio_fork. * BUG 8861: Fix a segfault with debug level 3 on Solaris. * BUG 8904: Fix Winbind crash triggered by 'wbinfo --lookup-sids ""'. * BUG 8998: Notify code can miss a ChDir. o Stefan Metzmacher * BUG 8139: Ignore SMBecho errors (the server may not support it). * BUG 8527: db_ctdb_traverse fails to traverse records created within the current transaction. * BUG 8311: Winzip occasionally can not read files out of an open winzip dialog. * BUG 8739: Fill the sids array of the info in wbcAuthUserInfo_to_netr_SamInfo3(). * BUG 8749: Sign non guest sessions in SessionSetup. * BUG 8995: Use fsp_persistent_id() as persistent_file_id part for SMB2. o Matthieu Patou * BUG 8599: Set the can_do_validation6 also for trusted domain. * BUG 8714: Catch with pid filename's change when config file is not smb.conf. * BUG 8734: Don't try to do clever thing if the username is n
[Announce] Samba 3.5.16 Available for Download
=== "Information's pretty thin stuff unless mixed with experience." Clarence Day == Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.16 include: o Fix possible memory leaks in the Samba master process (bug #8970). o Fix uninitialized memory read in talloc_free(). o Fix smbd crash with unknown user (bug #8314). Changes since 3.5.15: - o Jeremy Allison * BUG 8314: Fix smbd crash with unknown user. * BUG 8831: Fix inconsistent (with manpage) command-line switch for "help" in smbtree. * BUG 8882: Fix processing of %U with vfs_full_audit when "force user" is set. * BUG 8897: winbind_krb5_locator only returns one IP address. * BUG 8910: resolve_ads() code can return zero addresses and miss valid DC IP addresses. * BUG 8957: Fix typo in pam_winbindd code. * BUG 8972: Directory group write permission bit is set if unix extensions are enabled. * BUG 8974: Kernel oplocks are broken when uid(file) != uid(process). * BUG 8989: Send correct responses to NT Transact Secondary when no data and no params. * BUG 8994: Fix "winbind normalize names". o Andrew Bartlett * BUG 8599: Only use SamLogonEx when we can get unencrypted session keys. * BUG 8943: Slow but responsive DC can lock up winbindd for > 10 minutes at a time. o Björn Baumbach * BUG 7564: Fix default name resolve order in the manpage. o John Bradshaw * BUG 7938: Fix typo (overrided -> overridden) in Samba3-HOWTO. o Olaf Flebbe * BUG 8552: Correct documentation of "case sensitive". o Björn Jacke * BUG 8869: Remove outdated netscape ds 5 schema file. * BUG 9011: Fix build on HP-UX. o Volker Lendecke * Fix uninitialized memory read in talloc_free(). * BUG 8338: OS/X can not deal with a 10-vwv read on normal files. * BUG 8998: Notify code can miss a ChDir. * BUG 9000: Fix a Winbind race leading to 100% CPU. * BUG 9003: Fix posix acl on gpfs. o Matthieu Patou * BUG 8975: Make sure that Winbind can coredump. o Karolin Seeger * BUG 7930: Add hint that setting "profile acls = yes" on normal shares can cause trouble. o Richard Sharpe * BUG 8822: Fix building out-of-tree vfs modules. * BUG 8970: Fix possible memory leaks in the Samba master process. o Simo Sorce * BUG 8915: Fix pam_winbind build against newer iniparser library. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.16.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.6.7 Available for Download
=== "Change is such hard work." Billy Crystal === Release Announcements = This is is the latest stable release of Samba 3.6. Major enhancements in Samba 3.6.7 include: o Fix resolving our own "Domain Local" groups (bug #9052). o Fix migrating printers while upgrading from 3.5.x (bug #9026). Changes since 3.6.6: o Jeremy Allison * BUG 8974: Fix kernel oplocks when uid(file) != uid(process). * BUG 8989: Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set. * BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in configure. o David Binderman * BUG 9062: rpcclient: Fix bad call to data_blob_const. o Günther Deschner * BUG 9026: Fix migrating printers while upgrading from 3.5.x. o David Disseldorp * BUG 8719: Printing fails in function cups_job_submit. * BUG 9026: Fix migrating printers while upgrading from 3.5.x. o Olaf Flebbe * BUG 8552: Correct documentation of "case sensitive". o Björn Jacke * BUG 8996: Fix build without ads support. o Volker Lendecke * BUG 9003: Fix posix acl on gpfs. * BUG 9040: Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT. o Stefan Metzmacher * BUG 9002: Don't turn negative cache entries into valid idmappings. * BUG 9022: Make vfs_gpfs less verbose in get/set_xattr functions. * BUG 9057: Fix bugs in SMB2 credit handling code. o Jiri Popelka * BUG 9055: Fix build against CUPS 1.6. o Jura Sasek * BUG 9037: Fix 'net ads join' on T4 (sun4v) systems on Solaris 10. o Andreas Schneider * BUG 9052: Fix resolving our own "Domain Local" groups. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.7.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.5.17 Available for Download
= "Sing like no one's listening, love like you've never been hurt, dance like nobody's watching, and live like it's heaven on earth." Mark Twain = Release Announcements = This is the latest stable release of Samba 3.5. Changes since 3.5.16: - o Jeremy Allison * BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in configure. o Björn Jacke * BUG 8996: Fix build without ads support. * BUG 9011: Second part of a fix for bug #9011 (Build on HP-UX broken). o Stefan Metzmacher * BUG 9022: Make vfs_gpfs less verbose in get/set_xattr functions. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.17.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 4.0.0rc1 Available for Download
Release Announcements - This is the first release candidate of Samba 4.0.0! This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. What's new in Samba 4.0.0rc1 = Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 alpha series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. WARNINGS Samba 4.0.0rc1 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. Samba 4.0 is subjected to an awesome battery of tests on an automated basis, we have found Samba 4.0 to be very stable in it's behaviour. However, as with all our pre-releases we still recommend against upgrading production servers from Samba 3.x release to Samba 4.0.0rc1 at this stage. If you are upgrading, or looking to develop, test or deploy Samba 4.0.0 release candidates, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting Samba. Users upgrading from earlier alpha releases should contact the team for advice. Users upgrading an AD DC from any previous release should run 'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share with those matching the GPOs in LDAP and the defaults from an initial provision. This will set an underlying POSIX ACL if required (eg not using the NTVFS file server). If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. NEW FEATURES Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous alpha releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. CHANGES SINCE beta8 === For a list of changes since beta8, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git $ git log samba-4.0.0beta8..samba-4.0.0rc1 Some major user-visible changes include: - The smbd file server now offers SMB3 as the maximum protocol by de
Re: [Announce] Samba 4.0.0rc1 Available for Download
Hi Scott, On Thu, Sep 13, 2012 at 10:55:55PM -0400, Scott Lovenberg wrote: > On Thu, Sep 13, 2012 at 6:40 AM, Karolin Seeger wrote: > [...] > > - Domain member support in the 'samba' binary is in it's infancy, and > > is not comparable to the support found in winbindd. As such, do not > > use the 'samba' binary (provided for the AD server) on a member > > server. > > Stupid "bug" report, "its" should be used above, not "it's". You want > the possessive, not the contraction. > Just for future RC release notes (it's been bothering me since the > later beta release notes). :) right, thanks for reporting! A patch has been pushed to autobuild. Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org
Re: [Announce] Samba 4.0.0rc1 Available for Download
Hi Ricky, On Thu, Sep 13, 2012 at 11:48:44PM -0500, Ricky Nance wrote: > Maybe this will help ;) I also cleaned up references to 'beta'. thanks for reporting and providing the patch! Your changes have been pushed to autobuild (together with other fixes). Thanks! Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org
[Announce] Samba 3.6.8 Available for Download
"Laughter is inner jogging." Norman Cousins Release Announcements = This is is the latest stable release of Samba 3.6. Major enhancements in Samba 3.6.8 include: o Fix crash bug in smbd caused by a blocking lock followed by close (bug #9084). o Fix Winbind panic if we couldn't find the domain (bug #9135). Changes since 3.6.7: o Jeremy Allison * BUG 9058: Fix smbstatus code dump when a file entry has delete tokens. * BUG 9098: Fix refreshing of Kerberos tickets in Winbind. * BUG 9124: Fix setting of "inherited" bit on inherited ACE's. o Christian Ambach * BUG 9137: Make 'smbclient allinfo' show the snapshot list. o Andrew Bartlett * BUG 9066: "Domain Users" incorrectly added as additional group on domain members. * BUG 9067: Use correct RID for "Domain Guests" primary group. o David Binderman * BUG 9065: Fix bad call to memcpy source3/registry/regfio.c. o David Disseldorp * BUG 9123: Fix lprng job tracking errors. o Salvador I. Gonzalez * BUG 9088: Fix smbclient/tarmode panic when connecting to Windows 2000 clients. o Hargagan * BUG 9085: Fix NMB registration for a duplicate workstation. o Björn Jacke * BUG 9037: Open and netbsd have the md5 symbols in libc. * BUG 9144: Fix nfs quota support with Linux nfs4 mounts. o Volker Lendecke * BUG 9037: Fix name clash in MD5 causing the "net ads join" to fail on T4 (sun4v) systems on Solaris 10. * BUG 9058: Backport FSCTL codes from master. * BUG 9084: Fix crash bug in smbd caused by a blocking lock followed by close. * BUG 9150: Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests. o Herb Lewis * BUG 9104: Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors. o Stefan Metzmacher * BUG 9058: Fix segfault in smbstatus. o Andreas Schneider * BUG 9111: Fix compilation with newer MIT Kerberos which hides internal symbols. * BUG 9112: Fix flooding the logs with records we don't find in pcap. * BUG 9122: Initialize the print backend after we setup winreg. * BUG 9135: Fix Winbind panic if we couldn't find the domain. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.6.8.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 3.5.18 Available for Download
= "When you are courting a nice girl an hour seems like a second. When you sit on a red-hot cinder a second seems like an hour. That's relativity. Albert Einstein = Release Announcements = This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.18 include: o Fix a smbd crash in reply_lockingX_error (bug #9084). o Fix Winbind crashes caused by mis-identified idle clients (bug #9104). o Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in _pam_winbind_change_pwd() when password is expiring (bug #9013). Changes since 3.5.17: - o Michael Adam * BUG 7788: Clarify the idmap_rid manpage. o Jeremy Allison * BUG 9098: Winbind does not refresh Kerberos tickets. * BUG 9147: Winbind can't fetch user or group info from AD via LDAP. * BUG 9150: Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests. o Neil R. Goldberg * BUG 9100: Winbind doesn't return "Domain Local" groups from own domain. o Hargagan * BUG 9085: NMB registration for a duplicate workstation fails with registration refuse. o Björn Jacke * BUG 7814: Fix build of sysquote_xfs. * BUG 8402: Winbind log spammed with idmap messages. o Volker Lendecke * BUG 9084: Fix a smbd crash in reply_lockingX_error. o Herb Lewis * BUG 9104: Fix Winbind crashes caused by mis-identified idle clients. o Luca Lorenzetto * BUG 9013: Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in _pam_winbind_change_pwd() when password is expiring. ## Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 3.5 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable The release notes are available online at: http://www.samba.org/samba/history/samba-3.5.18.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
[Announce] Samba 4.0.0rc2 Available for Download
Release Announcements - This is the second release candidate of Samba 4.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. If you are upgrading, or looking to develop, test or deploy Samba 4.0 releases candidates, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO. Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting Samba. Users upgrading from earlier alpha releases should contact the team for advice. Users upgrading an AD DC from any previous release should run 'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share with those matching the GPOs in LDAP and the defaults from an initial provision. This will set an underlying POSIX ACL if required (eg not using the NTVFS file server). If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. NEW FEATURES Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0.0rc2 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. ## Changes ### smb.conf changes Parameter Name Description -- --- allow dns updatesNew announce as Removed announce version Removed cldap port New client max protocol New client min protocol New client signing Changed default dcerpc endpoint servers New dgram port New display charset Removed dns forwarderNew dns update command New homedir map
[Announce] Samba 4.0.0rc3 Available for Download
* BUG 9112: Increase debug level for info that the db is empty. * BUG 9244: Build pam_smbpass module only if enabled. * BUG 9245: Make sure the registry is set up before we init printing. * BUG 9276: Add config for systemd-tmpfiles. * BUG 9280: Add support for reloading systemd services. o Karolin Seeger * BUG 7826: Remove link to Using Samba. * BUG 8802: Add basic manpages for 'samba' and 'samba-tool'. * BUG 9165: Fix makerpms.sh on RHEL. * BUG 9243: Remove duplicate synonym min protocol. * BUG 9271: Several samba-tool fixes. o Jelmer Vernooij * BUG 9243: Add basic documentation for 'server min protocol'. * BUG 9271: Several samba-tool fixes. * BUG 9274: Add documentation for several parameters. o Matthias Dieter Wallnöfer * BUG 9183: Introduce the wildcard binding feature to allow DNS to listen on localhost. CHANGES SINCE 4.0.0rc1 == o Michael Adam * BUG 9173: Make the SMB2 compound request create/delete_on_close/ close work as Windows. o Jeremy Allison * BUG 9161: Re-add the vfs_Chdir() cache. * BUG 9189: SMB2 Create doesn't return correct MAX ACCESS access mask in blob. * BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free. o Christian Ambach * BUG 9162: Fix the build of the GPFS VFS module. * BUG 9197: Only do 'printing_subsystem_update' when printing is enabled. o Andrew Bartlett * BUG 9228: Fix build on systems without ldap development headers. o Alexander Bokovoy * BUG 9157: Cleanup idmap_ldap build dependencies. * BUG 9228: Make smbldaphelper subsystem an internal library. * BUG 9229: Fix build of winbindd- and krb5 locator-related manpages. o Sumit Bose * BUG 9185: Allow DNS resolution of trusted domains if DNS name is available. o Ira Cooper * BUG 9162: Fix build on Illumos/Solaris using '--with-acl'. * BUG 9173: Compound requests should continue processing. o Günther Deschner * BUG 9185: Winbind cannot resolve AD DC in a different subnet. o Björn Jacke * BUG 9162: Fix the build of the ACL VFS modules. * BUG 9172: Fix reporting of gfs2 quotas. o Volker Lendecke * BUG 9217: CreateFile with FILE_DIRECTORY_FILE can create directories on read-only shares. o Vladimir Marek * BUG 9192: Fix service control for non-internal services. o Stefan Metzmacher * BUG 9173: Make the SMB2 compound request create/delete_on_close/ close work as Windows. * BUG 9184: Fix receiving of UDP packets from 0 bytes. * BUG 9191: Release the share mode lock before calling exit_server(). * BUG 9193: Fix usage of invalid memory in smb2_signing_check_pdu(). * BUG 9194: Disallow '--prefix=/usr' and '--prefix=/usr/local' without '--enable-fhs'. * BUG 9198: Fix RHEL-CTDB packaging. o Matthieu Patou * BUG 9199: Fix usage of "panic action". * BUG 9233: Fix a non handled memory out of memory. o Andreas Schneider * BUG 8632: Fix builtin forms order to match Windows again. * BUG 9159: Fix generating idmap manpages. * BUG 9218: Don't segfault if user specified ports out for range. * BUG 9231: Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry. KNOWN ISSUES - 'samba-tool domain classicupgrade' will fail when setting ACLs on the GPO folders with NT_STATUS_INVALID_ONWER in the default configuration. This happens if, as is typical a 'domain admins' group (-512) is mapped in the passdb backend being upgraded. This is because the group mapping to a GID only prevents Samba from allocating a uid for that group. The uid is needed so the 'domain admins' group can own the GPO file objects. To work around this issue, remove the 'domain admins' group before upgrade, as it will be re-created automatically. You will of course need to fill in the group membership again. A future release will make this automatic, or find some other workaround. - This release makes the s3fs file server the default, as this is the file server combination we will use for the Samba 4.0 release. - For similar reasons, sites with ACLs stored by the ntvfs file server may wish to continue to use that file server implementation, as a posix ACL will similarly not be set in this case. - Replication of DNS data from one AD server to another may not work. The DNS data used by the internal DNS server and bind9_dlz is stored in an application partition in our directory. The replication of this partition is not yet reliable. - Replication may fail on FreeBSD due to getaddrinfo() rejecting names containing _. A workaround will be in a future release. - samba_upgradeprovision should not be run when upgrading to this release from a recent
