4 This is the second release candidate of Samba 4.18. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.18 will be the next version of the Samba suite.
19 More succinct samba-tool error messages
20 ---------------------------------------
22 Historically samba-tool has reported user error or misconfiguration by
23 means of a Python traceback, showing you where in its code it noticed
24 something was wrong, but not always exactly what is amiss. Now it
25 tries harder to identify the true cause and restrict its output to
26 describing that. Particular cases include:
28 * a username or password is incorrect
29 * an ldb database filename is wrong (including in smb.conf)
30 * samba-tool dns: various zones or records do not exist
31 * samba-tool ntacl: certain files are missing
32 * the network seems to be down
33 * bad --realm or --debug arguments
35 Accessing the old samba-tool messages
36 -------------------------------------
38 This is not new, but users are reminded they can get the full Python
39 stack trace, along with other noise, by using the argument '-d3'.
40 This may be useful when searching the web.
42 The intention is that when samba-tool encounters an unrecognised
43 problem (especially a bug), it will still output a Python traceback.
44 If you encounter a problem that has been incorrectly identified by
45 samba-tool, please report it on https://bugzilla.samba.org.
47 Colour output with samba-tool --color
48 -------------------------------------
50 For some time a few samba-tool commands have had a --color=yes|no|auto
51 option, which determines whether the command outputs ANSI colour
52 codes. Now all samba-tool commands support this option, which now also
53 accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
54 and 'tty' and 'if-tty' for 'auto' (this more closely matches
55 convention). With --color=auto, or when --color is omitted, colour
56 codes are only used when output is directed to a terminal.
58 Most commands have very little colour in any case. For those that
59 already used it, the defaults have changed slightly.
61 * samba-tool drs showrepl: default is now 'auto', not 'no'
63 * samba-tool visualize: the interactions between --color-scheme,
64 --color, and --output have changed slightly. When --color-scheme is
65 set it overrides --color for the purpose of the output diagram, but
66 not for other output like error messages.
68 New samba-tool dsacl subcommand for deleting ACES
69 -------------------------------------------------
71 The samba-tool dsacl tool can now delete entries in directory access
72 control lists. The interface for 'samba-tool dsacl delete' is similar
73 to that of 'samba-tool dsacl set', with the difference being that the
74 ACEs described by the --sddl argument are deleted rather than added.
76 No colour with NO_COLOR environment variable
77 --------------------------------------------
79 With both samba-tool --color=auto (see above) and some other places
80 where we use ANSI colour codes, the NO_COLOR environment variable will
81 disable colour output. See https://no-color.org/ for a description of
82 this variable. `samba-tool --color=always` will use colour regardless
85 New wbinfo option --change-secret-at
86 ------------------------------------
88 The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
89 which forces the trust account password to be changed at a specified domain
90 controller. If the specified domain controller cannot be contacted the
91 password change fails rather than trying other DCs.
93 New option to change the NT ACL default location
94 ------------------------------------------------
96 Usually the NT ACLs are stored in the security.NTACL extended
97 attribute (xattr) of files and directories. The new
98 "acl_xattr:security_acl_name" option allows to redefine the default
99 location. The default "security.NTACL" is a protected location, which
100 means the content of the security.NTACL attribute is not accessible
101 from normal users outside of Samba. When this option is set to use a
102 user-defined value, e.g. user.NTACL then any user can potentially
103 access and overwrite this information. The module prevents access to
104 this xattr over SMB, but the xattr may still be accessed by other
105 means (eg local access, SSH, NFS). This option must only be used when
106 this consequence is clearly understood and when specific precautions
107 are taken to avoid compromising the ACL content.
109 Azure Active Directory / Office365 synchronisation improvements
110 --------------------------------------------------------------
112 Use of the Azure AD Connect cloud sync tool is now supported for
113 password hash synchronisation, allowing Samba AD Domains to synchronise
114 passwords with this popular cloud environment.
123 Parameter Name Description Default
124 -------------- ----------- -------
125 acl_xattr:security_acl_name New security.NTACL
128 CHANGES SINCE 4.18.0rc1
129 =======================
131 o Andrew Bartlett <abartlet@samba.org>
132 * BUG 10635: Office365 azure Password Sync not working.
134 o Stefan Metzmacher <metze@samba.org>
135 * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
137 o Noel Power <noel.power@suse.com>
138 * BUG 15293: With clustering enabled samba-bgqd can core dump due to use
145 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs
148 #######################################
149 Reporting bugs & Development Discussion
150 #######################################
152 Please discuss this release on the samba-technical mailing list or by
153 joining the #samba-technical:matrix.org matrix room, or
154 #samba-technical IRC channel on irc.libera.chat
156 If you do report problems then please try to send high quality
157 feedback. If you don't provide vital information to help us track down
158 the problem then you will probably be ignored. All bug reports should
159 be filed under the Samba 4.1 and newer product in the project's Bugzilla
160 database (https://bugzilla.samba.org/).
163 ======================================================================
164 == Our Code, Our Bugs, Our Responsibility.
166 ======================================================================