1 =============================
2 Release Notes for Samba 4.7.7
4 =============================
7 This is the latest stable release of the Samba 4.7 release series.
13 o Jeremy Allison <jra@samba.org>
14 * BUG 13206: s4:auth_sam: Allow logons with an empty domain name.
15 * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on
16 error, we don't own it here.
17 * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
18 OS doesn't support fdopendir().
19 * BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase
20 the number of ACE entries without limit.
21 * BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
23 * BUG 13358: s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE
24 without delete access.
25 * BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd().
26 * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
29 o Ralph Boehme <slow@samba.org>
30 * BUG 13363: s3:smbd: Don't use the directory cache for SMB2/3.
32 o Günther Deschner <gd@samba.org>
33 * BUG 13277: build: Fix libceph-common detection.
35 o David Disseldorp <ddiss@suse.de>
36 * BUG 13250: build: Fix ceph_statx check when configured with libcephfs_dir.
38 o Poornima G <pgurusid@redhat.com>
39 * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
42 o Amitay Isaacs <amitay@gmail.com>
43 * BUG 13359: ctdb-scripts: Drop 'net serverid wipe' from 50.samba event
46 o Lutz Justen <ljusten@google.com>
47 * BUG 13368: s3: lib: messages: Don't use the result of sec_init() before
50 o Volker Lendecke <vl@samba.org>
51 * BUG 13215: smbd can panic if the client-supplied channel sequence number
53 * BUG 13367: dsdb: Fix CID 1034966 Uninitialized scalar variable.
55 o Stefan Metzmacher <metze@samba.org>
56 * BUG 13206: s3:libsmb: Allow -U"\\administrator" to work.
57 * BUG 13328: Windows 10 cannot logon on Samba NT4 domain.
59 o David Mulder <dmulder@suse.com>
60 * BUG 13050: smbc_opendir should not return EEXIST with invalid login
64 * BUG 13338: s3:smbd: map nterror on smb2_flush errorpath.
66 o Dan Robertson <drobertson@tripwire.com>
67 * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
69 o Garming Sam <garming@catalyst.net.nz>
70 * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
72 o Christof Schmitt <cs@samba.org>
73 * BUG 13312: 'wbinfo --name-to-sid' returns misleading result on invalid
76 o Andreas Schneider <asn@samba.org>
77 * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
79 o Eric Vannier <evannier@google.com>
80 * BUG 13302: Allow AESNI to be used on all processor supporting AESNI.
83 #######################################
84 Reporting bugs & Development Discussion
85 #######################################
87 Please discuss this release on the samba-technical mailing list or by
88 joining the #samba-technical IRC channel on irc.freenode.net.
90 If you do report problems then please try to send high quality
91 feedback. If you don't provide vital information to help us track down
92 the problem then you will probably be ignored. All bug reports should
93 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
94 database (https://bugzilla.samba.org/).
97 ======================================================================
98 == Our Code, Our Bugs, Our Responsibility.
100 ======================================================================
103 Release notes for older releases follow:
104 ----------------------------------------
106 =============================
107 Release Notes for Samba 4.7.6
109 =============================
112 This is a security release in order to address the following defects:
114 o CVE-2018-1050 (Denial of Service Attack on external print server.)
115 o CVE-2018-1057 (Authenticated users can change other users' password.)
123 All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
124 service attack when the RPC spoolss service is configured to be run as
125 an external daemon. Missing input sanitization checks on some of the
126 input parameters to spoolss RPC calls could cause the print spooler
129 There is no known vulnerability associated with this error, merely a
130 denial of service. If the RPC spoolss service is left by default as an
131 internal service, all a client can do is crash its own authenticated
135 On a Samba 4 AD DC the LDAP server in all versions of Samba from
136 4.0.0 onwards incorrectly validates permissions to modify passwords
137 over LDAP allowing authenticated users to change any other users'
138 passwords, including administrative users.
140 Possible workarounds are described at a dedicated page in the Samba wiki:
141 https://wiki.samba.org/index.php/CVE-2018-1057
147 o Jeremy Allison <jra@samba.org>
148 * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code.
150 o Ralph Boehme <slow@samba.org>
151 * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
154 o Stefan Metzmacher <metze@samba.org>
155 * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
159 #######################################
160 Reporting bugs & Development Discussion
161 #######################################
163 Please discuss this release on the samba-technical mailing list or by
164 joining the #samba-technical IRC channel on irc.freenode.net.
166 If you do report problems then please try to send high quality
167 feedback. If you don't provide vital information to help us track down
168 the problem then you will probably be ignored. All bug reports should
169 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
170 database (https://bugzilla.samba.org/).
173 ======================================================================
174 == Our Code, Our Bugs, Our Responsibility.
176 ======================================================================
179 ----------------------------------------------------------------------
182 =============================
183 Release Notes for Samba 4.7.5
185 =============================
188 This is the latest stable release of the Samba 4.7 release series.
190 Major enhancements include:
192 o BUG 13228: This is a major issue in Samba's ActiveDirectory domain
193 controller code. It might happen that AD objects have missing or broken
194 linked attributes. This could lead to broken group memberships e.g.
195 All Samba AD domain controllers set up with Samba 4.6 or lower and then
196 upgraded to 4.7 are affected. The corrupt database can be fixed with
197 'samba-tool dbcheck --cross-ncs --fix'.
203 o Jeremy Allison <jra@samba.org>
204 * BUG 13193: smbd tries to release not leased oplock during oplock II
207 o Ralph Boehme <slow@samba.org>
208 * BUG 13181: Fix copying file with empty FinderInfo from Windows client
209 to Samba share with fruit.
211 o Günther Deschner <gd@samba.org>
212 * BUG 10976: build: Deal with recent glibc sunrpc header removal.
213 * BUG 13238: Make Samba work with tirpc and libnsl2.
215 o David Disseldorp <ddiss@samba.org>
216 * BUG 13208: vfs_ceph: Add fs_capabilities hook to avoid local statvfs.
218 o Love Hornquist Astrand <lha@h5l.org>
219 * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
222 o Amitay Isaacs <amitay@gmail.com>
223 * BUG 13188: ctdb-recovery-helper: Deregister message handler in error
226 o Volker Lendecke <vl@samba.org>
227 * BUG 13240: samba: Only use async signal-safe functions in signal handler.
229 o Stefan Metzmacher <metze@samba.org>
230 * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
232 * BUG 13228: repl_meta_data: Fix linked attribute corruption on databases
233 with unsorted links on expunge. dbcheck: Add functionality to fix the
236 o Christof Schmitt <cs@samba.org>
237 * BUG 13189: Fix smbd panic when chdir returns error during exit.
239 o Andreas Schneider <asn@samba.org>
240 * BUG 13238: Make Samba work with tirpc and libnsl2.
242 o Uri Simchoni <uri@samba.org>
243 * BUG 13176: Fix POSIX ACL support on HPUX and possibly other big-endian OSs.
246 #######################################
247 Reporting bugs & Development Discussion
248 #######################################
250 Please discuss this release on the samba-technical mailing list or by
251 joining the #samba-technical IRC channel on irc.freenode.net.
253 If you do report problems then please try to send high quality
254 feedback. If you don't provide vital information to help us track down
255 the problem then you will probably be ignored. All bug reports should
256 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
257 database (https://bugzilla.samba.org/).
260 ======================================================================
261 == Our Code, Our Bugs, Our Responsibility.
263 ======================================================================
266 ----------------------------------------------------------------------
269 =============================
270 Release Notes for Samba 4.7.4
272 =============================
275 This is the latest stable release of the Samba 4.7 release series.
278 smbclient reparse point symlink parameters reversed
279 ===================================================
281 A bug in smbclient caused the 'symlink' command to reverse the
282 meaning of the new name and link target parameters when creating a
283 reparse point symlink against a Windows server.
285 This only affects using the smbclient 'symlink' command against
286 a Windows server, not a Samba server using the UNIX extensions
287 (the parameter order is correct in that case) so no existing
288 user scripts that depend on creating symlinks on Samba servers
291 As this is a little used feature the ordering of these parameters
292 has been reversed to match the parameter ordering of the UNIX
293 extensions 'symlink' command. This means running 'symlink' against
294 both Windows and Samba now uses the same paramter ordering in both
297 The usage message for this command has also been improved to remove confusion.
303 o Jeremy Allison <jra@samba.org>
304 * BUG 13140: s3: smbclient: Implement 'volume' command over SMB2.
305 * BUG 13171: s3: libsmb: Fix valgrind read-after-free error in
306 cli_smb2_close_fnum_recv().
307 * BUG 13172: s3: libsmb: Fix reversing of oldname/newname paths when creating
308 a reparse point symlink on Windows from smbclient.
310 o Timur I. Bakeyev <timur@iXsystems.com>
311 * BUG 12934: Build man page for vfs_zfsacl.8 with Samba.
313 o Andrew Bartlett <abartlet@samba.org>
314 * BUG 13095: repl_meta_data: Allow delete of an object with dangling
316 * BUG 13129: s4:samba: Fix default to be running samba as a deamon.
317 * BUG 13191: Performance regression in DNS server with introduction of
318 DNS wildcard, ldb: Release 1.2.3
320 o Ralph Boehme <slow@samba.org>
321 * BUG 6133: vfs_zfsacl: Fix compilation error.
322 * BUG 13051: "smb encrypt" setting changes are not fully applied until full
324 * BUG 13052: winbindd: Fix idmap_rid dependency on trusted domain list.
325 * BUG 13155: vfs_fruit: Proper VFS-stackable conversion of FinderInfo.
326 * BUG 13173: winbindd: Dependency on trusted-domain list in winbindd in
327 critical auth codepath.
329 o Andrej Gessel <Andrej.Gessel@janztec.com>
330 * BUG 13120: repl_meta_data: Fix removing of backlink on deleted objects.
332 o Amitay Isaacs <amitay@gmail.com>
333 "* BUG 13153: ctdb: sock_daemon leaks memory.
334 * BUG 13154: TCP tickles not getting synchronised on CTDB restart.
336 o Volker Lendecke <vl@samba.org>
337 * BUG 13150: winbindd: winbind parent and child share a ctdb connection.
338 * BUG 13170: pthreadpool: Fix deadlock.
339 * BUG 13179: pthreadpool: Fix starvation after fork.
340 * BUG 13180: messaging: Always register the unique id.
342 o Gary Lockyer <gary@catalyst.net.nz>
343 * 13129: s4/smbd: set the process group.
345 o Stefan Metzmacher <metze@samba.org>
346 * BUG 13095: Fix broken linked attribute handling.
347 * BUG 13132: The KDC on an RWDC doesn't send error replies in some
349 * BUG 13149: libnet_join: Fix 'net rpc oldjoin'.
350 * BUG 13195: g_lock conflict detection broken when processing stale entries.
351 * BUG 13197: s3:smb2_server: allow logoff, close, unlock, cancel and echo
354 o Noel Power <noel.power@suse.com>
355 * BUG 13166: s3:libads: net ads keytab list fails with "Key table name
358 o Christof Schmitt <cs@samba.org>
359 * BUG 13170: Fix crash in pthreadpool thread after failure from pthread_create.
361 o Andreas Schneider <asn@samba.org>
362 * BUG 13129: s4:samba: Allow samba daemon to run in foreground.
363 * BUG 13174: third_party: Link the aesni-intel library with "-z noexecstack".
365 o Niels de Vos <ndevos@redhat.com>
366 * BUG 13125: vfs_glusterfs: include glusterfs/api/glfs.h without relying on
370 #######################################
371 Reporting bugs & Development Discussion
372 #######################################
374 Please discuss this release on the samba-technical mailing list or by
375 joining the #samba-technical IRC channel on irc.freenode.net.
377 If you do report problems then please try to send high quality
378 feedback. If you don't provide vital information to help us track down
379 the problem then you will probably be ignored. All bug reports should
380 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
381 database (https://bugzilla.samba.org/).
384 ======================================================================
385 == Our Code, Our Bugs, Our Responsibility.
387 ======================================================================
390 ----------------------------------------------------------------------
393 =============================
394 Release Notes for Samba 4.7.3
396 =============================
399 This is a security release in order to address the following defects:
401 o CVE-2017-14746 (Use-after-free vulnerability.)
402 o CVE-2017-15275 (Server heap memory information leak.)
410 All versions of Samba from 4.0.0 onwards are vulnerable to a use after
411 free vulnerability, where a malicious SMB1 request can be used to
412 control the contents of heap memory via a deallocated heap pointer. It
413 is possible this may be used to compromise the SMB server.
416 All versions of Samba from 3.6.0 onwards are vulnerable to a heap
417 memory information leak, where server allocated heap memory may be
418 returned to the client without being cleared.
420 There is no known vulnerability associated with this error, but
421 uncleared heap memory may contain previously used data that may help
422 an attacker compromise the server via other methods. Uncleared heap
423 memory may potentially contain password hashes or other high-value
426 For more details and workarounds, please see the security advisories:
428 o https://www.samba.org/samba/security/CVE-2017-14746.html
429 o https://www.samba.org/samba/security/CVE-2017-15275.html
435 o Jeremy Allison <jra@samba.org>
436 * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
437 * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
438 memory when talloc buffer is grown.
441 #######################################
442 Reporting bugs & Development Discussion
443 #######################################
445 Please discuss this release on the samba-technical mailing list or by
446 joining the #samba-technical IRC channel on irc.freenode.net.
448 If you do report problems then please try to send high quality
449 feedback. If you don't provide vital information to help us track down
450 the problem then you will probably be ignored. All bug reports should
451 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
452 database (https://bugzilla.samba.org/).
455 ======================================================================
456 == Our Code, Our Bugs, Our Responsibility.
458 ======================================================================
461 ----------------------------------------------------------------------
464 =============================
465 Release Notes for Samba 4.7.2
467 =============================
470 This is an additional bugfix release to address a possible data corruption
471 issue. Please update immediately! For details, please see
473 https://bugzilla.samba.org/show_bug.cgi?id=13130
475 Samba 4.6.0 and newer is affected by this issue.
481 o Jeremy Allison <jra@samba.org>
482 * BUG 13121: Non-smbd processes using kernel oplocks can hang smbd.
484 o Joe Guo <joeg@catalyst.net.nz>
485 * BUG 13127: python: use communicate to fix Popen deadlock.
487 o Volker Lendecke <vl@samba.org>
488 * BUG 13130: smbd on disk file corruption bug under heavy threaded load.
490 o Stefan Metzmacher <metze@samba.org>
491 * BUG 13130: tevent: version 0.9.34.
493 o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
494 * BUG 13118: s3: smbd: Fix delete-on-close after smb2_find.
497 #######################################
498 Reporting bugs & Development Discussion
499 #######################################
501 Please discuss this release on the samba-technical mailing list or by
502 joining the #samba-technical IRC channel on irc.freenode.net.
504 If you do report problems then please try to send high quality
505 feedback. If you don't provide vital information to help us track down
506 the problem then you will probably be ignored. All bug reports should
507 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
508 database (https://bugzilla.samba.org/).
511 ======================================================================
512 == Our Code, Our Bugs, Our Responsibility.
514 ======================================================================
517 ----------------------------------------------------------------------
520 =============================
521 Release Notes for Samba 4.7.1
523 =============================
526 This is the latest stable release of the Samba 4.7 release series.
532 o Michael Adam <obnox@samba.org>
533 * BUG 13091: vfs_glusterfs: Fix exporting subdirs with shadow_copy2.
535 o Jeremy Allison <jra@samba.org>
536 * BUG 13027: s3: smbd: Currently if getwd() fails after a chdir(), we panic.
537 * BUG 13068: s3: VFS: Ensure default SMB_VFS_GETWD() call can't return a
538 partially completed struct smb_filename.
539 * BUG 13069: sys_getwd() can leak memory or possibly return the wrong errno
541 * BUG 13093: 'smbclient' doesn't correctly canonicalize all local names
544 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
545 * BUG 13095: Fix broken linked attribute handling.
547 o Andrew Bartlett <abartlet@samba.org>
548 * BUG 12994: Missing LDAP query escapes in DNS rpc server.
549 * BUG 13087: replace: Link to -lbsd when building replace.c by hand.
551 o Ralph Boehme <slow@samba.org>
552 * BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.
553 * BUG 7909: Map SYNCHRONIZE acl permission statically in zfs_acl vfs module.
554 * BUG 7933: Samba fails to honor SEC_STD_WRITE_OWNER bit with the
556 * BUG 12991: s3/mdssvc: Missing assignment in sl_pack_float.
557 * BUG 12995: Wrong Samba access checks when changing DOS attributes.
558 * BUG 13062: samba_runcmd_send() leaves zombie processes on timeout
559 * BUG 13065: net: groupmap cleanup should not delete BUILTIN mappings.
560 * BUG 13076: Enabling vfs_fruit results in loss of Finder tags and other
563 o Alexander Bokovoy <ab@samba.org>
564 * BUG 9613: man pages: Properly ident lists.
565 * BUG 13081: smb.conf.5: Sort parameters alphabetically.
567 o Samuel Cabrero <scabrero@suse.de>
568 * BUG 12993: s3: spoolss: Fix GUID string format on GetPrinter info.
570 o Amitay Isaacs <amitay@gmail.com>
571 * BUG 13042: Remote serverid check doesn't check for the unique id.
572 * BUG 13056: CTDB starts consuming memory if there are dead nodes in the
574 * BUG 13070: ctdb-common: Ignore event scripts with multiple '.'s.
576 o Lutz Justen <ljusten@google.com>
577 * BUG 13046: libgpo doesn't sort the GPOs in the correct order.
579 o Volker Lendecke <vl@samba.org>
580 * BUG 13042: Remote serverid check doesn't check for the unique id.
581 * BUG 13090: vfs_catia: Fix a potential memleak.
582 * BUG 12903: Fix file change notification for renames.
584 o Gary Lockyer <gary@catalyst.net.nz>
585 * BUG 12952: Samba DNS server does not honour wildcards.
587 o Stefan Metzmacher <metze@samba.org>
588 * BUG 13079: Can't change password in samba from a Windows client if Samba
589 runs on IPv6 only interface.
591 o Anoop C S <anoopcs@redhat.com>
592 * BUG 13086: vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR.
594 o Christof Schmitt <cs@samba.org>
595 * BUG 13047: Apple client can't cope with SMB2 async replies when creating
598 o Andreas Schneider <asn@samba.org>
599 * BUG 12959: s4:rpc_server:backupkey: Move variable into scope.
600 * BUG 13099: s4:scripting: Fix ntstatus_gen.h generation on 32bit.
601 * BUG 13100: s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd().
602 * BUG 13101: Fix resouce leaks and pointer issues.
605 * BUG 13049: vfs_solarisacl: Fix build for samba 4.7 and up.
608 #######################################
609 Reporting bugs & Development Discussion
610 #######################################
612 Please discuss this release on the samba-technical mailing list or by
613 joining the #samba-technical IRC channel on irc.freenode.net.
615 If you do report problems then please try to send high quality
616 feedback. If you don't provide vital information to help us track down
617 the problem then you will probably be ignored. All bug reports should
618 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
619 database (https://bugzilla.samba.org/).
622 ======================================================================
623 == Our Code, Our Bugs, Our Responsibility.
625 ======================================================================
628 ----------------------------------------------------------------------
631 =============================
632 Release Notes for Samba 4.7.0
634 =============================
637 This is the first stable release of Samba 4.7.
638 Please read the release notes carefully before upgrading.
646 'smbclient' no longer prints a 'Domain=[...] OS=[Windows 6.1] Server=[...]'
647 banner when connecting to the first server. With SMB2 and Kerberos,
648 there's no way to print this information reliably. Now we avoid it at all
649 consistently. In interactive sessions the following banner is now presented
650 to the user: 'Try "help" do get a list of possible commands.'.
652 The default for "client max protocol" has changed to "SMB3_11",
653 which means that 'smbclient' (and related commands) will work against
654 servers without SMB1 support.
656 It's possible to use the '-m/--max-protocol' option to overwrite
657 the "client max protocol" option temporarily.
659 Note that the '-e/--encrypt' option also works with most SMB3 servers
660 (e.g. Windows >= 2012 and Samba >= 4.0.0), so the SMB1 unix extensions
661 are not required for encryption.
663 The change to SMB3_11 as default also means 'smbclient' no longer
664 negotiates SMB1 unix extensions by default, when talking to a Samba server with
665 "unix extensions = yes". As a result, some commands are not available, e.g.
666 'posix_encrypt', 'posix_open', 'posix_mkdir', 'posix_rmdir', 'posix_unlink',
667 'posix_whoami', 'getfacl' and 'symlink'. Using "-mNT1" reenables them, if the
668 server supports SMB1.
670 Note the default ("CORE") for "client min protocol" hasn't changed,
671 so it's still possible to connect to SMB1-only servers by default.
673 'smbclient' learned a new command 'deltree' that is able to do
674 a recursive deletion of a directory tree.
680 Whole DB read locks: Improved LDAP and replication consistency
681 --------------------------------------------------------------
683 Prior to Samba 4.7 and ldb 1.2.0, the LDB database layer used by Samba
684 erroneously did not take whole-DB read locks to protect search
685 and DRS replication operations.
687 While each object returned remained subject to a record-level lock (so
688 would remain consistent to itself), under a race condition with a
689 rename or delete, it and any links (like the member attribute) to it
690 would not be returned.
692 The symptoms of this issue include:
694 Replication failures with this error showing in the client side logs:
695 error during DRS repl ADD: No objectClass found in replPropertyMetaData for
696 Failed to commit objects:
697 WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
699 A crash of the server, in particular the rpc_server process with
700 INTERNAL ERROR: Signal 11
702 LDAP read inconsistency
703 A DN subject to a search at the same time as it is being renamed
704 may not appear under either the old or new name, but will re-appear
705 for a subsequent search.
707 See https://bugzilla.samba.org/show_bug.cgi?id=12858 for more details
708 and updated advise on database recovery for affected installations.
710 Samba AD with MIT Kerberos
711 --------------------------
713 After four years of development, Samba finally supports compiling and
714 running Samba AD with MIT Kerberos. You can enable it with:
716 ./configure --with-system-mitkrb5
718 Samba requires version 1.15.1 of MIT Kerberos to build with AD DC support.
719 The krb5-devel and krb5-server packages are required.
720 The feature set is not on par with the Heimdal build but the most important
721 things, like forest and external trusts, are working. Samba uses the KDC binary
722 provided by MIT Kerberos.
724 Missing features, compared to Heimdal, are:
726 * S4U2SELF/S4U2PROXY support
727 * RODC support (not fully working with Heimdal either)
729 The Samba AD process will take care of starting the MIT KDC and it will load a
730 KDB (Kerberos Database) driver to access the Samba AD database. When
731 provisioning an AD DC using 'samba-tool' it will take care of creating a correct
732 kdc.conf file for the MIT KDC.
734 For further details, see:
735 https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
737 Dynamic RPC port range
738 ----------------------
740 The dynamic port range for RPC services has been changed from the old default
741 value "1024-1300" to "49152-65535". This port range is not only used by a
742 Samba AD DC, but also applies to all other server roles including NT4-style
743 domain controllers. The new value has been defined by Microsoft in Windows
744 Server 2008 and newer versions. To make it easier for Administrators to control
745 those port ranges we use the same default and make it configurable with the
746 option: "rpc server dynamic port range".
748 The "rpc server port" option sets the first available port from the new
749 "rpc server dynamic port range" option. The option "rpc server port" only
750 applies to Samba provisioned as an AD DC.
752 Authentication and Authorization audit support
753 ----------------------------------------------
755 Detailed authentication and authorization audit information is now
756 logged to Samba's debug logs under the "auth_audit" debug class,
757 including in particular the client IP address triggering the audit
758 line. Additionally, if Samba is compiled against the jansson JSON
759 library, a JSON representation is logged under the "auth_json_audit"
762 Audit support is comprehensive for all authentication and
763 authorisation of user accounts in the Samba Active Directory Domain
764 Controller, as well as the implicit authentication in password
765 changes. In the file server and classic/NT4 domain controller, NTLM
766 authentication, SMB and RPC authorization is covered, however password
767 changes are not at this stage, and this support is not currently
768 backed by a testsuite.
770 For further details, see:
771 https://wiki.samba.org/index.php/Setting_up_Audit_Logging
773 Multi-process LDAP Server
774 -------------------------
776 The LDAP server in the AD DC now honours the process model used for
777 the rest of the 'samba' process, rather than being forced into a single
778 process. This aids in Samba's ability to scale to larger numbers of AD
779 clients and the AD DC's overall resiliency, but will mean that there is a
780 fork()ed child for every LDAP client, which may be more resource
781 intensive in some situations. If you run Samba in a
782 resource-constrained VM, consider allocating more RAM and swap space.
784 Improved Read-Only Domain Controller (RODC) Support
785 ---------------------------------------------------
787 Support for RODCs in Samba AD until now has been experimental. With this latest
788 version, many of the critical bugs have been fixed and the RODC can be used in
789 DC environments requiring no writable behaviour. RODCs now correctly support
790 bad password lockouts and password disclosure auditing through the
791 msDS-RevealedUsers attribute.
793 The fixes made to the RWDC will also allow Windows RODC to function more
794 correctly and to avoid strange data omissions such as failures to replicate
795 groups or updated passwords. Password changes are currently rejected at the
796 RODC, although referrals should be given over LDAP. While any bad passwords can
797 trigger domain-wide lockout, good passwords which have not been replicated yet
798 for a password change can only be used via NTLM on the RODC (and not Kerberos).
800 The reliability of RODCs locating a writable partner still requires some
801 improvements and so the 'password server' configuration option is generally
802 recommended on the RODC.
804 Samba 4.7 is the first Samba release to be secure as an RODC or when
805 hosting an RODC. If you have been using earlier Samba versions to
806 host or be an RODC, please upgrade.
808 In particular see https://bugzilla.samba.org/show_bug.cgi?id=12977 for
809 details on the security implications for password disclosure to an
810 RODC using earlier versions.
812 Additional password hashes stored in supplementalCredentials
813 ------------------------------------------------------------
815 A new config option 'password hash userPassword schemes' has been added to
816 enable generation of SHA-256 and SHA-512 hashes (without storing the plaintext
817 password with reversible encryption). This builds upon previous work to improve
818 password sync for the AD DC (originally using GPG).
820 The user command of 'samba-tool' has been updated in order to be able to
821 extract these additional hashes, as well as extracting the (HTTP) WDigest
822 hashes that we had also been storing in supplementalCredentials.
824 Improvements to DNS during Active Directory domain join
825 -------------------------------------------------------
827 The 'samba-tool' domain join command will now add the A and GUID DNS records
828 (on both the local and remote servers) during a join if possible via RPC. This
829 should allow replication to proceed more smoothly post-join.
831 The mname element of the SOA record will now also be dynamically generated to
832 point to the local read-write server. 'samba_dnsupdate' should now be more
833 reliable as it will now find the appropriate name server even when resolv.conf
834 points to a forwarder.
836 Significant AD performance and replication improvements
837 -------------------------------------------------------
839 Previously, replication of group memberships was been an incredibly expensive
840 process for the AD DC. This was mostly due to unnecessary CPU time being spent
841 parsing member linked attributes. The database now stores these linked
842 attributes in sorted form to perform efficient searches for existing members.
843 In domains with a large number of group memberships, a join can now be
844 completed in half the time compared with Samba 4.6.
846 LDAP search performance has also improved, particularly in the unindexed search
847 case. Parsing and processing of security descriptors should now be more
848 efficient, improving replication but also overall performance.
850 Query record for open file or directory
851 ---------------------------------------
853 The record attached to an open file or directory in Samba can be
854 queried through the 'net tdb locking' command. In clustered Samba this
855 can be useful to determine the file or directory triggering
856 corresponding "hot" record warnings in ctdb.
858 Removal of lpcfg_register_defaults_hook()
859 -----------------------------------------
861 The undocumented and unsupported function lpcfg_register_defaults_hook()
862 that was used by external projects to call into Samba and modify
863 smb.conf default parameter settings has been removed. If your project
864 was using this call please raise the issue on
865 samba-technical@lists.samba.org in order to design a supported
866 way of obtaining the same functionality.
868 Change of loadable module interface
869 -----------------------------------
871 The _init function of all loadable modules in Samba has changed
874 NTSTATUS _init(void);
878 NTSTATUS _init(TALLOC_CTX *);
880 This allows a program loading a module to pass in a long-lived
881 talloc context (which must be guaranteed to be alive for the
882 lifetime of the module). This allows modules to avoid use of
883 the talloc_autofree_context() (which is inherently thread-unsafe)
884 and still be valgrind-clean on exit. Modules that don't need to
885 free long-lived data on exit should use the NULL talloc context.
887 SHA256 LDAPS Certificates
888 -------------------------
890 The self-signed certificate generated for use on LDAPS will now be
891 generated with a SHA256 self-signature, not a SHA1 self-signature.
893 Replacing this certificate with a certificate signed by a trusted
894 CA is still highly recommended.
899 * CTDB no longer allows mixed minor versions in a cluster
901 See the AllowMixedVersions tunable option in ctdb-tunables(7) and also
902 https://wiki.samba.org/index.php/Upgrading_a_CTDB_cluster#Policy
904 * CTDB now ignores hints from Samba about TDB flags when attaching to databases
906 CTDB will use the correct flags depending on the type of database.
907 For clustered databases, the smb.conf setting
908 dbwrap_tdb_mutexes:*=true will be ignored. Instead, CTDB continues
909 to use the TDBMutexEnabled tunable.
911 * New configuration variable CTDB_NFS_CHECKS_DIR
913 See ctdbd.conf(5) for more details.
915 * The CTDB_SERVICE_AUTOSTARTSTOP configuration variable has been
918 To continue to manage/unmanage services while CTDB is running:
920 - Start service by hand and then flag it as managed
922 - Mark service as unmanaged and shut it down by hand
924 - In some cases CTDB does something fancy - e.g. start Samba under
925 "nice", so care is needed. One technique is to disable the
926 eventscript, mark as managed, run the startup event by hand and then
927 re-enable the eventscript.
929 * The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed
931 * The example NFS Ganesha call-out has been improved
933 * A new "replicated" database type is available
935 Replicated databases are intended for CTDB's internal use to
936 replicate state data across the cluster, but may find other
937 uses. The data in replicated databases is valid for the lifetime of
938 CTDB and cleared on first attach.
940 Using x86_64 Accelerated AES Crypto Instructions
941 ------------------------------------------------
943 Samba on x86_64 can now be configured to use the Intel accelerated AES
944 instruction set, which has the potential to make SMB3 signing and
945 encryption much faster on client and server. To enable this, configure
946 Samba using the new option --accel-aes=intelaesni.
948 This is a temporary solution that is being included to allow users
949 to enjoy the benefits of Intel accelerated AES on the x86_64 platform,
950 but the longer-term solution will be to move Samba to a fully supported
951 external crypto library.
953 The third_party/aesni-intel code will be removed from Samba as soon as
954 external crypto library performance reaches parity.
956 The default is to build without setting --accel-aes, which uses the
957 existing Samba software AES implementation.
962 The "strict sync" global parameter has been changed from
963 a default of "no" to "yes". This means smbd will by default
964 obey client requests to synchronize unwritten data in operating
965 system buffers safely onto disk. This is a safer default setting
966 for modern SMB1/2/3 clients.
968 The 'ntlm auth' option default is renamed to 'ntlmv2-only', reflecting
969 the previous behaviour. Two new values have been provided,
970 'mschapv2-and-ntlmv2-only' (allowing MSCHAPv2 while denying NTLMv1)
971 and 'disabled', totally disabling NTLM authentication and password
977 Parameter Name Description Default
978 -------------- ----------- -------
979 allow unsafe cluster upgrade New parameter no
980 auth event notification New parameter no
981 auth methods Deprecated
982 client max protocol Effective SMB3_11
984 map untrusted to domain New value/ auto
987 mit kdc command New parameter
988 profile acls Deprecated
989 rpc server dynamic port range New parameter 49152-65535
990 strict sync Default changed yes
991 password hash userPassword schemes New parameter
992 ntlm auth New values ntlmv2-only
998 https://wiki.samba.org/inFdex.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
1001 CHANGES SINCE 4.7.0rc6
1002 ======================
1005 A man in the middle attack may hijack client connections.
1008 A man in the middle attack can read and may alter confidential
1009 documents transferred via a client connection, which are reached
1010 via DFS redirect when the original connection used SMB3.
1013 Client with write access to a share can cause server memory contents to be
1014 written into a file or printer.
1017 CHANGES SINCE 4.7.0rc5
1018 ======================
1020 o Jeremy Allison <jra@samba.org>
1021 * BUG 13003: s3: vfs: catia: compression get/set must act only on base file, and
1022 must cope with fsp==NULL.
1023 * BUG 13008: lib: crypto: Make smbd use the Intel AES instruction set for signing
1026 o Andrew Bartlett <abartlet@samba.org>
1027 * BUG 12946: s4-drsuapi: Avoid segfault when replicating as a non-admin with
1028 GUID_DRS_GET_CHANGES.
1029 * BUG 13015: Allow re-index of newer databases with binary GUID TDB keys
1030 (this officially removes support for re-index of the original pack format 0,
1031 rather than simply segfaulting).
1032 * BUG 13017: Add ldb_ldif_message_redacted_string() to allow debug of redacted
1033 log messages, avoiding showing secret values.
1034 * BUG 13023: ldb: version 1.2.2.
1035 * BUG 13025: schema: Rework dsdb_schema_set_indices_and_attributes() db
1038 o Alexander Bokovoy <ab@samba.org>
1039 * BUG 13030: Install dcerpc/__init__.py for all Python environments.
1041 o Ralph Boehme <slow@samba.org>
1042 * BUG 13024: s3/smbd: Sticky write time offset miscalculation causes broken
1044 * BUG 13037: lib/util: Only close the event_fd in tfork if the caller didn't
1045 call tfork_event_fd().
1047 o Volker Lendecke <vl@samba.org>
1048 * BUG 13006: messaging: Avoid a socket leak after fork.
1050 o Stefan Metzmacher <metze@samba.org>
1051 * BUG 13018: charset: Fix str[n]casecmp_m() by comparing lower case values.
1053 o Gary Lockyer <gary@catalyst.net.nz>
1054 * BUG 13037: util_runcmd: Free the fde in event handler.
1056 o Amitay Isaacs <amitay@gmail.com>
1057 * BUG 13012: ctdb-daemon: Fix implementation of process_exists control.
1058 * BUG 13021: GET_DB_SEQNUM control can cause ctdb to deadlock when databases
1060 * BUG 13029: ctdb-daemon: Free up record data if a call request is deferred.
1061 * BUG 13036: ctdb-client: Initialize ctdb_ltdb_header completely for empty
1064 o Christof Schmitt <cs@samba.org>
1065 * BUG 13032: vfs_streams_xattr: Fix segfault when running with log level 10.
1068 CHANGES SINCE 4.7.0rc4
1069 ======================
1071 o Andrew Bartlett <abartlet@samba.org>
1072 * BUG 12929: smb.conf: Explain that "ntlm auth" is a per-passdb setting.
1073 * BUG 12953: s4/lib/tls: Use SHA256 to sign the TLS certificates.
1075 o Jeremy Allison <jra@samba.org>
1076 * BUG 12932: Get rid of talloc_autofree_context().
1078 o Amitay Isaacs <amitay@gmail.com>
1079 * BUG 12978: After restarting CTDB, it attaches replicated databases with
1082 o Stefan Metzmacher <metze@samba.org>
1083 * BUG 12863: s3:smbclient: Don't try any workgroup listing with
1084 "client min protocol = SMB2".
1085 * BUG 12876: s3:libsmb: Don't call cli_NetServerEnum() on SMB2/3 connections
1086 in SMBC_opendir_ctx().
1087 * BUG 12881: s3:libsmb: Let do_connect() debug the negotiation result
1088 similar to "session request ok".
1089 * BUG 12919: s4:http/gensec: add missing tevent_req_done() to
1090 gensec_http_ntlm_update_done().
1091 * BUG 12968: Fix 'smbclient tarmode' with SMB2/3.
1092 * BUG 12973: 'smbd': Don't use a lot of CPU on startup of a connection.
1094 o Christof Schmitt <cs@samba.org>
1095 * BUG 12983: vfs_default: Fix passing of errno from async calls.
1097 o Andreas Schneider <asn@samba.org>
1098 * BUG 12629: s3:utils: Do not report an invalid range for AD DC role.
1099 * BUG 12704: s3:libsmb: Let get_ipc_connect() use
1100 CLI_FULL_CONNECTION_FORCE_SMB1.
1101 * BUG 12930: Fix build issues with GCC 7.1.
1102 * BUG 12950: s3:script: Untaint user supplied data in modprinter.pl.
1103 * BUG 12956: s3:libads: Fix changing passwords with Kerberos.
1104 * BUG 12975: Fix changing the password with 'smbpasswd' as a local user on
1108 CHANGES SINCE 4.7.0rc3
1109 ======================
1111 o Jeremy Allison <jra@samba.org>
1112 * BUG 12913: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
1114 o Andrew Bartlett <abartlet@samba.org>
1115 * BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
1116 NETLOGON_NT_VERSION_5 when version unspecified.
1117 * BUG 12855: dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7.
1118 * BUG 12904: dsdb: Fix dsdb_next_callback to correctly use ldb_module_done()
1120 * BUG 12939: s4-rpc_server: Improve debug of new endpoints.
1122 o Ralph Boehme <slow@samba.org>
1123 * BUG 12791: Fix kernel oplocks issues with named streams.
1124 * BUG 12944: vfs_gpfs: Handle EACCES when fetching DOS attributes from xattr.
1126 o Bob Campbell <bobcampbell@catalyst.net.nz>
1127 * BUG 12842: samdb/cracknames: Support user and service principal as desired
1130 o David Disseldorp <ddiss@samba.org>
1131 * BUG 12911: vfs_ceph: Fix cephwrap_chdir().
1133 o Gary Lockyer <gary@catalyst.net.nz>
1134 * BUG 12865: Track machine account ServerAuthenticate3.
1136 o Marc Muehlfeld <mmuehlfeld@samba.org>
1137 * BUG 12947: python: Fix incorrect kdc.conf parameter name in kerberos.py.
1139 o Noel Power <noel.power@suse.com>
1140 * BUG 12937: s3/utils: 'smbcacls' failed to detect DIRECTORIES using SMB2
1143 o Arvid Requate <requate@univention.de>
1144 * BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
1146 o Anoop C S <anoopcs@redhat.com>
1147 * BUG 12936: source3/client: Fix typo in help message displayed by default.
1149 o Andreas Schneider <asn@samba.org>
1150 * BUG 12930: Fix building with GCC 7.1.1.
1153 CHANGES SINCE 4.7.0rc2
1154 ======================
1156 o Jeremy Allison <jra@samba.org>
1157 * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
1159 * BUG 12899: s3: libsmb: Reverse sense of 'clear all attributes', ignore
1160 attribute change in SMB2 to match SMB1.
1161 * BUG 12914: s3: smbclient: Add new command deltree.
1163 o Ralph Boehme <slow@samba.org>
1164 * BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
1166 * BUG 12887: Remove SMB_VFS_STRICT_UNLOCK noop from the VFS.
1167 * BUG 12891: Enable TDB mutexes in dbwrap and ctdb.
1168 * BUG 12897: vfs_fruit: don't use MS NFS ACEs with Windows clients.
1169 * BUG 12910: s3/notifyd: Ensure notifyd doesn't return from
1172 o Alexander Bokovoy <ab@samba.org>
1173 * BUG 12905: Build py3 versions of other rpc modules.
1175 o Günther Deschner <gd@samba.org>
1176 * BUG 12840: vfs_fruit: Add "fruit:model = <modelname>" parametric option.
1179 * BUG 12720: idmap_ad: Retry query_user exactly once if we get
1182 o Amitay Isaacs <amitay@gmail.com>
1183 * BUG 12891: dbwrap_ctdb: Fix calculation of persistent flag.
1185 o Thomas Jarosch <thomas.jarosch@intra2net.com>
1186 * BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p.
1188 o Volker Lendecke <vl@samba.org>
1189 * BUG 12925: smbd: Fix a connection run-down race condition.
1191 o Stefan Metzmacher <metze@samba.org>
1192 * tevent: version 0.9.33: make tevent_req_print() more robust against crashes.
1193 * ldb: version 1.2.1
1194 * BUG 12882: Do not install _ldb_text.py if we have system libldb.
1195 * BUG 12890: s3:smbd: consistently use talloc_tos() memory for
1196 rpc_pipe_open_interface().
1197 * BUG 12900: Fix index out of bound in ldb_msg_find_common_values.
1199 o Rowland Penny <rpenny@samba.org>
1200 * BUG 12884: Easily edit a users object in AD, as if using 'ldbedit'.
1202 o Bernhard M. Wiedemann <bwiedemann@suse.de>
1203 * BUG 12906: s3: drop build_env
1205 o Andreas Schneider <asn@samba.org>
1206 * BUG 12882: waf: Do not install _ldb_text.py if we have system libldb.
1208 o Martin Schwenke <martin@meltin.net>
1209 * BUG 12898: ctdb-common: Set close-on-exec when creating PID file.
1212 CHANGES SINCE 4.7.0rc1
1213 ======================
1215 o Jeffrey Altman <jaltman@secure-endpoints.com>
1216 * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
1219 #######################################
1220 Reporting bugs & Development Discussion
1221 #######################################
1223 Please discuss this release on the samba-technical mailing list or by
1224 joining the #samba-technical IRC channel on irc.freenode.net.
1226 If you do report problems then please try to send high quality
1227 feedback. If you don't provide vital information to help us track down
1228 the problem then you will probably be ignored. All bug reports should
1229 be filed under the Samba 4.1 and newer product in the project's Bugzilla
1230 database (https://bugzilla.samba.org/).
1233 ======================================================================
1234 == Our Code, Our Bugs, Our Responsibility.
1236 ======================================================================