1 WHATS NEW IN Samba 2.2.2: 13th October 2001
2 ===========================================
4 This is the latest stable release of Samba. This is the version that all
5 production Samba servers should be running for all current bug-fixes.
7 There are several important oplock logic bugs that have been fixed in
8 this release, so an upgrade is recommended.
10 New daemon included - winbindd
11 ------------------------------
13 Samba 2.2.2 is the first release to include the winbind daemon.
14 This code allows UNIX systems that implement the name service
15 switch (nss) to be entered into a Windows NT/2000 domain and
16 use the Domain controller for all user and group enumeration.
18 This allows a Samba server added to a Windows domain to serve
19 file and print services with *NO* local users needed in /etc/passwd
20 and /etc/group - all users and groups are read directly from the
21 Windows domain controller. In addition with pam_winbind which allows
22 a PAM enabled UNIX system to use a Windows domain for authentication
23 service this allows single sign on and account control across
24 UNIX and Windows systems.
26 The current version of winbindd shipped in 2.2.2 does have some
27 memory leaks, which will be addressed for the next Samba release,
28 so it is advisable to monitor the winbind process. This code is
29 being used in production by several vendors, so the leaks are
30 managable. In addition, this version of winbind does not work
31 correctly against a Samba PDC, due to some missing calls on the
32 PDC side. These problems are being addressed for the next Samba
33 release, but it was thought better to release the code now rather
34 than delay the main Samba code to match the winbind release schedule.
36 For more information on using winbind, see the man pages for
39 Note that winbindd is not installed by default.
41 New/Changed parameters in 2.2.2
42 -------------------------------
44 For more information on these parameters, see the man pages for
47 Added/changed parameters.
48 -------------------------
52 Causes Samba not to create UNIX 'sparse' files, but to follow the
53 Windows behaviour of always allocating on-disk space.
57 Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other
58 UNIX systems that don't have coherent mmap/read-write internal caches.
59 You should not need to set this parameter.
63 This parameter has been changed to a per-share option, and is very
64 useful in enabling Windows 2000 SP2 to load/save profiles from a
67 New printing parameters.
68 ------------------------
72 Setting this parameter causes Samba to go back to the old 2.0.x
73 LANMAN printing behaviour, for people who wish to disable the
78 Causes Windows NT/2000 clients to need have a local printer driver
79 installed and to treat the printer as local.
84 Samba 2.2.2 contains new code to maintain a Samba SAM database
85 on a remote LDAP server. These parameters have been added as
86 part of this code. These parameters are only available when Samba
87 has been compiled with the --with-ldapsam option.
95 The SSL support in Samba has been fixed. These new parameters
96 are part of the changes added. These parameters are only available
97 when Samba has been compiled with the --with-ssl option.
98 Please see the smb.conf man page for details.
104 New winbindd parameters.
105 ------------------------
107 These parameters are used by winbindd. See the man page for
108 winbindd for details.
129 Some new README's have been added in the docs/ directory. These cover
130 using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2),
131 and how to use Samba to help prevent Windows virus spread
132 (docs/README.Win32-Viruses).
134 Quota problems on a Linux 2.4 kernel.
135 -------------------------------------
137 Currently the quota interfaces have diverged between the Linus
138 2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox varients
139 are shipped with RedHat). Running quota-enabled Samba compiled on
140 an Alan Cox kernel works correctly on an Alan Cox kernel (the one
141 shipped by default with RedHat 7.x) but fails on a Linus kernel.
143 This is a mess, and hopefully Alan and Linus will sort it out soon.
144 In the meantime we need to ship.....
149 1). mmap tdb code disabled on HPUX. This should prevent the reports of
150 tdb corruption on HUPX.
151 2). Large file support set to off in Solaris 5.5 and below.
152 3). Better CUPS detection.
153 4). New SAM (password database) backends - smbpasswd (traditional),
154 LDAP, NIS+ and Samba TDB.
155 5). Quota fixups on Linux.
156 6). libsmbclient stand-alone code added. Can be built as a shared library
158 7). Tru64 ACL suppport added.
159 8). winbindd option added.
160 9). Realloc fail tidyup fixes all over the code.
161 10). Large improvement in hash table code efficiency - would be found with
163 11). Error code consistency improved (still needs more work).
164 12). Profile shared memory support added to nmbd.
165 13). New Windows 2000/NT passthrough info levels added.
166 14). readraw/writeraw code rewritten - many bugs fixed.
167 15). UNIX password sync (non pam) code fixed, use correct wildcard matcher.
168 16). Reverse DNS lookup avoided on socket open.
169 17). Bug preventing nmbd re-registering names on WINS server timeout fixed.
170 18). Zero length byte range lock code added. Much closer to Windows semantics.
171 19). Alignment fault fixes for Linux/Alpha.
172 20). Error checking on tdb returns vastly improved.
173 21). Handling of delete on close fixed. No longer possible to leave 'dead'
175 22). Handling of oplock break failure cleanups improved. Should not be
176 able to leave 'dead' entries.
177 23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts.
178 24). Misc. MS-DFS code fixes.
179 25). Ignore logon packets if not a PDC (needed for PDC/BDC failover).
180 26). winbind pam module added.
181 27). Order N^^2 enumeration of printers problem fixed.
182 28). Password backend database code re-ordered to allow different password
183 backends (at compile time currently).
184 29). Improved print driver version detection for Windows 2000.
185 30). Driver DEVMODE initialization fixes.
186 31). Improved SYSV print parse code.
187 32). Fixed enumeration of large numbers of users/groups from Windows clients.
189 33). Fix for buggy NetApp RPC pipe clients.
190 34). Fix for NT sending multiple SetPrinterDataEx calls.
191 35). Fix for logic bug where smbd could delay oplock break request messages
192 from other smbd daemons whilst client kept us busy.
193 36). Fix deadlock problem with connections tdb on enumeration.
194 37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways.
195 38). Removed unused readbmpx/writebmpx code.
196 39). Attempt to fix Linux 2.4.x quota mess.
197 40). Improved ctemp code for Windows 2000 compatibilty.
198 41). Finally understood difference between set EOF and set allocation requests.
199 Added strict allocate parameter to help.
200 42). Correctly return name types on name to SID lookups.
201 43). tdb spinlock code update.
202 44). Use pread/pwrite on systems that have it to fix race condition in tdb code.
204 Older release notes for Samba 2.2.x follow.
206 -----------------------------------------------------------------------------
207 The release notes for 2.2.1a follow :
209 This is a minor bugfix release for 2.2.1, *NOT* security related.
211 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or
212 Windows2000 machine into a Samba hosted PDC would fail due to our
213 stricter user name checking. We were disallowing user names
214 containing '$', which is needed when using smbpasswd to add a
215 machine into a domain. Automatically adding machines (using the
216 native Windows tools) into a Samba domain worked correctly.
218 2.2.1a fixes this single problem.
220 -----------------------------------------------------------------------------
221 The release notes for 2.2.1 follow :
223 New/Changed parameters in 2.2.1
224 -------------------------------
229 obey pam restrictions
231 When Samba is configured to use PAM, turns on or off Samba checking
232 the PAM account restrictions. Defaults to off.
236 When Samba is configured to use PAM, turns on or off Samba passing
237 the password changes to PAM. Defaults to off.
241 New option to allow new Windows 2000 large file (64k) streaming
242 read/write options. Needs a 64 bit underlying operating system
243 (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance
244 by 10% with Windows 2000 clients. Defaults to off. Not as tested
245 as some other Samba code paths.
249 Prevents clients from seeing the existance of files that cannot
250 be read. Off by default.
254 Turn on/off the enhanced Samba browing functionality (*1B names).
255 Default is "on". Can prevent eternal machines in workgroups when
256 WINS servers are not synchronised.
268 1). "find" command removed for smbclient. Internal code now used.
269 2). smbspool updates to retry connections from Michael Sweet.
270 3). Fix for mapping 8859-15 characters to UNICODE.
271 4). Changed "security=server" to try with invalid username to prevent
273 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC.
274 6). Support for Windows 9x Nexus tools to allow security changes from Win9x.
275 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network
276 lock tester tool for distributed databases.
277 8). Preliminary support added for Windows 2000 large file read/write SMBs.
278 9). Changed random number generator in Samba to prevent guess attacks.
279 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb.
280 smbd's clean the tdb files on startup and shutdown.
281 11). Fixes for default ACLs on Solaris.
282 12). Tidyup of password entry caching code.
283 13). Correct shutdowns added for send fails. Helps tdb cleanup code.
284 14). Prevent invalid '/' characters in workgroup names.
285 15). Removed more static arrays in SAMR code.
286 16). Client code is now UNICODE on the wire.
287 17). Fix 2 second timstamp resolution everywhere if dos timestamp set to yes.
288 18). All tdb opens now going through logging function.
289 19). Add pam password changing and pam restrictions code.
290 20). Printer driver management improvements (delete driver).
291 21). Fix difference between NULL security descriptors and empty
292 security descriptors.
293 22). Fix SID returns for server roles.
294 23). Allow Windows 2000 mmc to view and set Samba share security descriptors.
295 24). Allow smbcontrol to forcibly disconnect a share.
296 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent
297 mmap/file read/write cache.
298 26). Fix race condition in returning create disposition for file create/open.
299 27). Fix NT rewriting of security descriptors to their canonical form for
301 28). Fix for Samba running on top of Linux VFAT ftruncate bug.
302 29). Swat fixes for being run with xinetd that doesn't set the umask.
303 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft
304 TCP stack early ack specification error.
305 31). Changed lock & persistant tdb directory to /var/cache/samba by default on
306 RedHat and Mandrake as they clear the /var/lock/samba directory on reboot.
308 -----------------------------------------------------------------------------
309 The release notes for 2.2.0a follow :
314 This is a security bugfix release for Samba 2.2.0. This release provides the
315 following two changes *ONLY* from the 2.2.0 release.
317 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
318 and described in the security advisory below.
319 2). Fix for the hosts allow/hosts deny parameters not being honoured.
321 No other changes are being made for this release to ensure a security fix only.
322 For new functionality (including these security fixes) download Samba 2.2.1
323 when it is available.
325 The security advisory follows :
328 IMPORTANT: Security bugfix for Samba
329 ------------------------------------
337 A serious security hole has been discovered in all versions of Samba
338 that allows an attacker to gain root access on the target machine for
339 certain types of common Samba configuration.
341 The immediate fix is to edit your smb.conf configuration file and
342 remove all occurances of the macro "%m". Replacing occurances of %m
343 with %I is probably the best solution for most sites.
348 A remote attacker can use a netbios name containing unix path
349 characters which will then be substituted into the %m macro wherever
350 it occurs in smb.conf. This can be used to cause Samba to create a log
351 file on top of an important system file, which in turn can be used to
352 compromise security on the server.
354 The most commonly used configuration option that can be vulnerable to
355 this attack is the "log file" option. The default value for this
356 option is VARDIR/log.smbd. If the default is used then Samba is not
357 vulnerable to this attack.
359 The security hole occurs when a log file option like the following is
362 log file = /var/log/samba/%m.log
364 In that case the attacker can use a locally created symbolic link to
365 overwrite any file on the system. This requires local access to the
368 If your Samba configuration has something like the following:
370 log file = /var/log/samba/%m
372 Then the attacker could successfully compromise your server remotely
373 as no symbolic link is required. This type of configuration is very
376 The most commonly used log file configuration containing %m is the
377 distributed in the sample configuration file that comes with Samba:
379 log file = /var/log/samba/log.%m
381 in that case your machine is not vulnerable to this attack unless you
382 happen to have a subdirectory in /var/log/samba/ which starts with the
388 Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
395 While we recommend that vulnerable sites immediately change their
396 smb.conf configuration file to prevent the attack we will also be
397 making new releases of Samba within the next 24 hours to properly fix
398 the problem. Please see http://www.samba.org/ for the new releases.
400 Please report any attacks to the appropriate authority.
405 ---------------------------------------------------------------------------
407 The release notes for 2.2.0 follow :
409 This is the official Samba 2.2.0 release. This version of Samba provides
410 the following new features and enhancements.
412 Integration between Windows oplocks and NFS file opens (IRIX and Linux
413 2.4 kernel only). This gives complete data and locking integrity between
414 Windows and UNIX file access to the same data files.
416 Ability to act as an authentication source for Windows 2000 clients as
417 well as for NT4.x clients.
419 Integration with the winbind daemon that provides a single
420 sign on facility for UNIX servers in Windows 2000/NT4 networks
421 driven by a Windows 2000/NT4 PDC. winbind is not included in
422 this release, it currently must be obtained separately. We are
423 committed to including winbind in a future Samba 2.2.x release.
425 Support for native Windows 2000/NT4 printing RPCs. This includes
426 support for automatic printer driver download.
428 Support for server supported Access Control Lists (ACLs).
429 This release contains support for the following filesystems:
433 Linux Kernel with ACL patch from http://acl.bestbits.at
434 Linux Kernel with XFS ACL support.
437 FreeBSD (with external patch)
439 Other platforms will be supported as resources are
440 available to test and implement the encessary modules. If
441 you are interested in writing the support for a particular
442 ACL filesystem, please join the samba-technical mailing
443 list and coordinate your efforts.
445 On PAM (Pluggable Authentication Module) based systems - better debugging
446 messages and encrypted password users now have access control verified via
447 PAM - Note: Authentication still uses the encrypted password database.
449 Rewritten internal locking semantics for more robustness.
450 This release supports full 64 bit locking semantics on all
451 (even 32 bit) platforms. SMB locks are mapped onto POSIX
452 locks (32 bit or 64 bit) as the underlying system allows.
454 Conversion of various internal flat data structures to use
455 database records for increased performance and
458 Support for acting as a MS-DFS (Distributed File System) server.
460 Support for manipulating Samba shares using Windows client tools
461 (server manager). Per share security can be set using these tools
462 and Samba will obey the access restrictions applied.
464 Samba profiling support (see below).
466 Compile time option for enabling a (Virtual file system) VFS layer
467 to allow non-disk resources to be exported as Windows filesystems
468 (such as databases etc.).
470 The documentation in this release has been updated and converted
471 from Yodl to DocBook 4.1. There are many new parameters since 2.0.7
472 and some defaults have changed.
476 Support for collection of profile information. A shared
477 memory area has been created which contains counters for
478 the number of calls to and the amount of time spent in
479 various system calls, smb transactions and nmbd activity. See
480 the file profile.h for a complete listing of the information
481 collected. Sample code for a samba pmda (collection agent
482 for Performance Co-Pilot) has been included in the pcp
485 To enable the profile data collection code in samba, you must
486 compile samba with profile data support (run configure with
487 the --with-profiling-data option). On startup, collection of
488 data is disabled. To begin collecting data use the smbcontrol
489 program to turn on profiling (see the smbcontrol man page).
490 Profile information collection can be enabled for nmbd, all smbd
491 processes or one or more selected processes. The profiling
492 data collected is the aggragate for all processes that have
495 With samba compiled for profile data collection, you may see
496 a very slight degradation in performance even with profiling
497 collection turned off. On initial tests with NetBench on an
498 SGI Origin 200 server, this degradation was not measureable
499 with profile collection off compared to no profile collection
502 With count profile collection enabled on all clients, the
503 degradation was less than 2%. With full profile collection
504 enabled on all clients, the degradation was about 8.5%.
506 =====================================================================
508 If you think you have found a bug please email a report to :
512 As always, all bugs are our responsibility.