s3-secdesc: move all winreg access bits to IDL.

[Samba.git] / WHATSNEW.txt

                   =================================
                   Release Notes for Samba 3.4.0pre1

                   =================================


This is the first preview release of Samba 3.4.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.


Major enhancements in Samba 3.4.0 include:
------------------------------------------

General changes:
o Samba4 and Samba3 sources are included in the tarball

Authentication Changes:
o Changed the way smbd handles untrusted domain names given during user
  authentication

Internal changes:
o The ntsvcs, svcctl, eventlog and spoolss subsystems have been converted
  to IDL.
o Samba3 and Samba4 do now share a common tevent library.


General Changes
===============

On the way towards a standalone Samba AD domain controller, Samba3 and Samba4
branches can be built as "merged" build. That's why Samba3 and Samba4 sources
are included in the tarball. The merged build is possible in Samba 3.4.0, but
disabled by default. To learn more about the merged build,
please see http://wiki.samba.org/index.php/Franky.

According to this one, there is no "source" directory included in the tarball at
all. Samba3 sources are located in "source3", Samba4 sources are located in
"source4". The libraries have been moved to the toplevel directory.

To build plain Samba3, please change to "source3" and start the build as usual.
To build Samba4 as well, please use the "--enable-merged-build" configure
option.


Authentication Changes
======================

Previously, when Samba was a domain member and a client was connecting using an
untrusted domain name, such as BOGUS\user smbd would remap the untrusted
domain to the primary domain smbd was a member of and attempt authentication
using that DOMAIN\user name.  This differed from how a Windows member server
would behave.  Now, smbd will replace the BOGUS name with it's SAM name.  In
the case where smbd is acting as a PDC this will be DOMAIN\user.  In the case
where smbd is acting as a domain member server this will be WORKSTATION\user.
Thus, smbd will never assume that an incoming user name which is not qualified
with the same primary domain, is part of smbd's primary domain.

While this behavior matches Windows, it may break some workflows which depended
on smbd to always pass through bogus names to the DC for verification.  A new
parameter "map untrusted to domain" can be enabled to revert to the legacy
behavior.


Internal Changes
================

The ntsvcs, svcctl, eventlog and spoolss subsystems have been converted to IDL.
So Günther Deschner finally corrected one of the biggest mistakes in the
development of Samba: Hand-marshalled RPC stubs.

Thanks a lot! :-)

Samba3 and Samba4 do now share a common tevent library for fd and timer events.


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 3.4 product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================