| blob | 82bd5eaefc6f02e26ffa3e099a77db3eeabee449 |
1 Release Announcements
2 =====================
4 This is the first pre release of Samba 4.15. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.15 will be the next version of the Samba suite.
12 UPGRADING
13 =========
15 New GPG key
16 -----------
18 The GPG release key for Samba releases changed from:
20 pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
21 Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
22 uid [ full ] Samba Distribution Verification Key <samba-bugs@samba.org>
23 sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
25 to the following new key:
27 pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
28 Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620
29 uid [ultimate] Samba Distribution Verification Key <samba-bugs@samba.org>
30 sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
32 Starting from Jan 21th 2021, all Samba releases will be signed with the new key.
34 See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
37 NEW FEATURES/CHANGES
38 ====================
39 - bind DLZ: Added the ability to set allow/deny lists for zone
40 transfer clients.
41 Up to now, any client could use a DNS zone transfer request
42 to the bind server, and get an answer from Samba.
43 Now the default behaviour will be to deny those request.
44 Two new options have been added to manage the list of
45 authorized/denied clients for zone transfer requests.
46 In order to be accepted, the request must be issued by a client
47 that is in the allow list and NOT in the deny list.
49 Improved command line user experience
50 -------------------------------------
52 Samba utilities did not consistently implement their command line interface. A
53 number of options were requiring to specify values in one tool and not in the
54 other, some options meant different in different tools.
56 These should be stories of the past now. A new command line parser has been
57 implemented with sanity checking. Also the command line interface has been
58 simplified and provides better control for encryption, singing and kerberos.
60 Also several command line options have a smb.conf variable to control the
61 default now.
63 All tools are logging to stderr by default. You can use --debug-stdout to
64 change the behavior.
66 ### Common parser:
68 Options added:
69 --client-protection=off|sign|encrypt
71 Options renamed:
72 --kerberos -> --use-kerberos=required|desired|off
73 --krb5-ccache -> --use-krb5-ccache=CCACHE
74 --scope -> --netbios-scope=SCOPE
75 --use-ccache -> --use-winbind-ccache
77 Options removed:
78 -e|--encrypt
79 -C removed from --use-winbind-ccache
80 -i removed from --netbios-scope
81 -S|--signing
84 ### Duplicates in command line utils
86 ldbadd/ldbsearch/ldbdel/ldbmodify/ldbrename:
87 -e is not available for --editor anymore
88 -s is not used for --configfile anymore
90 ndrdump:
91 -l is not available for --load-dso anymore
93 net:
94 -l is not available for --long anymore
96 sharesec:
97 -V is not available for --viewsddl anymore
99 smbcquotas:
100 --user -> --quota-user
102 nmbd:
103 --log-stdout -> --debug-stdout
105 smbd:
106 --log-stdout -> --debug-stdout
108 winbindd:
109 --log-stdout -> --debug-stdout
111 Scanning of trusted domains and enterpise principals
112 ----------------------------------------------------
114 As an artifact from the NT4 times, we still scanned the list of trusted domains
115 on winbindd startup. This is wrong as we never can get a full picture in Active
116 Directory. It is time to change the default value to No. Also with this change
117 we always use enterprise principals for Kerberos so that the DC will be able
118 to redirect ticket requests to the right DC. This is e.g needed for one way
119 trusts. The options `winbind use krb5 enterprise principals` and
120 `winbind scan trusted domains` will be deprecated in one of the next releases.
123 REMOVED FEATURES
124 ================
126 Tru64 ACL support has been removed from this release. The last
127 supported release of Tru64 UNIX was in 2012.
129 NIS support has been removed from this release. This is not
130 available in Linux distributions anymore.
132 The DLZ DNS plugin is no longer built for Bind versions 9.8 and 9.9,
133 which have been out of support since 2018.
135 smb.conf changes
136 ================
138 Parameter Name Description Default
139 -------------- ----------- -------
140 client use kerberos New desired
141 client protection New default
142 preopen:posix-basic-regex New No
143 preopen:nomatch_log_level New 5
144 preopen:match_log_level New 5
145 preopen:nodigits_log_level New 1
146 preopen:founddigits_log_level New 3
147 preopen:reset_log_level New 5
148 preopen:push_log_level New 3
149 preopen:queue_log_level New 10
150 winbind use krb5 enterprise principals Changed Yes
151 winbind scan trusted domains Changed No
154 KNOWN ISSUES
155 ============
157 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.15#Release_blocking_bugs
160 #######################################
161 Reporting bugs & Development Discussion
162 #######################################
164 Please discuss this release on the samba-technical mailing list or by
165 joining the #samba-technical IRC channel on irc.freenode.net.
167 If you do report problems then please try to send high quality
168 feedback. If you don't provide vital information to help us track down
169 the problem then you will probably be ignored. All bug reports should
170 be filed under the Samba 4.1 and newer product in the project's Bugzilla
171 database (https://bugzilla.samba.org/).
174 ======================================================================
175 == Our Code, Our Bugs, Our Responsibility.
176 == The Samba Team
177 ======================================================================