4 This is the first preview release of Samba 4.7. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.7 will be the next version of the Samba suite.
19 Samba AD with MIT Kerberos
20 --------------------------
22 After four years of development, Samba finally supports compiling and
23 running Samba AD with MIT Kerberos. You can enable it with:
25 ./configure --with-system-mitkrb5
27 Samba requires version 1.15.1 of MIT Kerberos to build with AD DC support.
28 The krb5-devel and krb5-server packages are required.
29 The feature set is not on par with with the Heimdal build but the most important
30 things, like forest and external trusts, are working. Samba uses the KDC binary
31 provided by MIT Kerberos.
33 Missing features, compared to Heimdal, are:
35 * S4U2SELF/S4U2PROXY support
36 * RODC support (not fully working with Heimdal either)
38 The Samba AD process will take care of starting the MIT KDC and it will load a
39 KDB (Kerberos Database) driver to access the Samba AD database. When
40 provisioning an AD DC using 'samba-tool' it will take care of creating a correct
41 kdc.conf file for the MIT KDC. Note that 'samba-tool' will overwrite the system
42 kdc.conf by default. It is possible to use a different location during
43 provision. You should consult the 'samba-tool' help and smb.conf manpage for
47 Authentication and Authorization audit support
48 ----------------------------------------------
50 Detailed authentication and authorization audit information is now
51 logged to Samba's debug logs under the "auth_audit" debug class,
52 including in particular the client IP address triggering the audit
53 line. Additionally, if Samba is compiled against the jansson JSON
54 library, a JSON representation is logged under the "auth_json_audit"
57 Audit support is comprehensive for all authentication and
58 authorisation of user accounts in the Samba Active Directory Domain
59 Controller, as well as the implicit authentication in password
60 changes. In the file server and classic/NT4 domain controller, NTLM
61 authentication, SMB and RPC authorization is covered, however password
62 changes are not at this stage, and this support is not currently
63 backed by a testsuite.
68 The "strict sync" global parameter has been changed from
69 a default of "no" to "yes". This means smbd will by default
70 obey client requests to synchronize unwritten data in operating
71 system buffers safely onto disk. This is a safer default setting
72 for modern SMB1/2/3 clients.
77 Parameter Name Description Default
78 -------------- ----------- -------
79 auth event notification New parameter no
80 auth methods Deprecated
81 map untrusted to domain Deprecated
82 strict sync Default changed yes
84 Removal of lpcfg_register_defaults_hook()
85 -----------------------------------------
87 The undocumented and unsupported function lpcfg_register_defaults_hook()
88 that was used by external projects to call into Samba and modify
89 smb.conf default parameter settings has been removed. If your project
90 was using this call please raise the issue on
91 samba-technical@lists.samba.org in order to design a supported
92 way of obtaining the same functionality.
94 Change of loadable module interface
95 -----------------------------------
97 The _init function of all loadable modules in Samba has changed
100 NTSTATUS _init(void);
104 NTSTATUS _init(TALLOC_CTX *);
106 This allows a program loading a module to pass in a long-lived
107 talloc context (which must be guaranteed to be alive for the
108 lifetime of the module). This allows modules to avoid use of
109 the talloc_autofree_context() (which is inherently thread-unsafe)
110 and still be valgrind-clean on exit. Modules that don't need to
111 free long-lived data on exist should use the NULL talloc context.
116 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
119 #######################################
120 Reporting bugs & Development Discussion
121 #######################################
123 Please discuss this release on the samba-technical mailing list or by
124 joining the #samba-technical IRC channel on irc.freenode.net.
126 If you do report problems then please try to send high quality
127 feedback. If you don't provide vital information to help us track down
128 the problem then you will probably be ignored. All bug reports should
129 be filed under the Samba 4.1 and newer product in the project's Bugzilla
130 database (https://bugzilla.samba.org/).
133 ======================================================================
134 == Our Code, Our Bugs, Our Responsibility.
136 ======================================================================