1 =============================
2 Release Notes for Samba 4.9.1
4 =============================
7 This is the latest stable release of the Samba 4.9 release series.
10 Major enhancements include:
11 ---------------------------
13 o s3: nmbd: Stop nmbd network announce storm (bug #13620).
19 o Andrew Bartlett <abartlet@samba.org>
20 * BUG 13620: s3: nmbd: Stop nmbd network announce storm.
22 o Günther Deschner <gd@samba.org>
23 * BUG 13597: s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool
26 o Martin Schwenke <martin@meltin.net>
27 * BUG 13617: CTDB recovery lock has some race conditions.
29 o Justin Stephenson <jstephen@redhat.com>
30 * BUG 13597: s3-rpc_client: Advertise Windows 7 client info.
32 o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
33 * BUG 13610: ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page.
36 #######################################
37 Reporting bugs & Development Discussion
38 #######################################
40 Please discuss this release on the samba-technical mailing list or by
41 joining the #samba-technical IRC channel on irc.freenode.net.
43 If you do report problems then please try to send high quality
44 feedback. If you don't provide vital information to help us track down
45 the problem then you will probably be ignored. All bug reports should
46 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
47 database (https://bugzilla.samba.org/).
50 ======================================================================
51 == Our Code, Our Bugs, Our Responsibility.
53 ======================================================================
56 Release notes for older releases follow:
57 ----------------------------------------
59 =============================
60 Release Notes for Samba 4.9.0
62 =============================
65 This is the first stable release of the Samba 4.9 release series.
66 Please read the release notes carefully before upgrading.
75 There is a new 'net ads setspn' sub command for managing Windows SPN(s)
76 on the AD. This command aims to give the basic functionality that is
77 provided on windows by 'setspn.exe' e.g. ability to add, delete and list
78 Windows SPN(s) stored in a Windows AD Computer object.
80 The format of the command is:
82 net ads setspn list [machine]
83 net ads setspn [add | delete ] SPN [machine]
85 'machine' is the name of the computer account on the AD that is to be managed.
86 If 'machine' is not specified the name of the 'client' running the command
89 The format of a Windows SPN is
90 'serviceclass/host:port/servicename' (servicename and port are optional)
92 serviceclass/host is generally sufficient to specify a host based service.
94 'net ads keytab' changes
95 ------------------------
97 net ads keytab add no longer attempts to convert the passed serviceclass
98 (e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
99 computer object. By default just the keytab file is modified.
101 A new keytab subcommand 'add_update_ads' has been added to preserve the
102 legacy behaviour. However the new 'net ads setspn add' subcommand should
103 really be used instead.
105 net ads keytab create no longer tries to generate SPN(s) from existing
106 entries in a keytab file. If it is required to add Windows SPN(s) then
107 'net ads setspn add' should be used instead.
109 Local authorization plugin for MIT Kerberos
110 -------------------------------------------
112 This plugin controls the relationship between Kerberos principals and AD
113 accounts through winbind. The module receives the Kerberos principal and the
114 local account name as inputs and can then check if they match. This can resolve
115 issues with canonicalized names returned by Kerberos within AD. If the user
116 tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
117 Kerberos would return ALICE as the username. Kerberos would not be able to map
118 'alice' to 'ALICE' in this case and auth would fail. With this plugin, account
119 names can be correctly mapped. This only applies to GSSAPI authentication,
120 not for getting the initial ticket granting ticket.
125 The vfs_full_audit module has changed its default set of monitored successful
126 and failed operations from "all" to "none". That helps to prevent potential
127 denial of service caused by simple addition of the module to the VFS objects.
129 Also, modules vfs_audit, vfs_ext_audit and vfs_full_audit now accept any valid
130 syslog(3) facility, in accordance with the manual page.
132 Database audit support
133 ----------------------
135 Changes to the Samba AD's sam.ldb database are now logged to Samba's debug log
136 under the "dsdb_audit" debug class and "dsdb_json_audit" for JSON formatted log
139 Transaction commits and roll backs are now logged to Samba's debug logs under
140 the "dsdb_transaction_audit" debug class and "dsdb_transaction_json_audit" for
141 JSON formatted log entries.
143 Password change audit support
144 -----------------------------
146 Password changes in the AD DC are now logged to Samba's debug logs under the
147 "dsdb_password_audit" debug class and "dsdb_password_json_audit" for JSON
148 formatted log entries.
150 Group membership change audit support
151 -------------------------------------
153 Group membership changes on the AD DC are now logged to
154 Samba's debug log under the "dsdb_group_audit" debug class and
155 "dsdb_group_json_audit" for JSON formatted log entries.
157 Log Authentication duration
158 ---------------------------
160 For NTLM and Kerberos KDC authentication, the authentication duration is now
161 logged. Note that the duration is only included in the JSON formatted log
164 JSON library Jansson required for the AD DC
165 -------------------------------------------
167 By default, the Jansson JSON library is required for Samba to build.
168 It is strictly required for the Samba AD DC, and is optional for
169 builds "--without-ad-dc" by specifying "--without-json-audit" at configure
172 New experimental LMDB LDB backend
173 ---------------------------------
175 A new experimental LDB backend using LMDB is now available. This allows
176 databases larger than 4Gb (Currently the limit is set to 6Gb, but this will be
177 increased in a future release). To enable lmdb, provision or join a domain using
178 the "--backend-store=mdb" option.
180 This requires that a version of lmdb greater than 0.9.16 is installed and that
181 samba has not been built with the "--without-ldb-lmdb" option.
183 Please note this is an experimental feature and is not recommended for
184 production deployments.
186 Password Settings Objects
187 -------------------------
189 Support has been added for Password Settings Objects (PSOs). This AD feature is
190 also known as Fine-Grained Password Policies (FGPP).
192 PSOs allow AD administrators to override the domain password policy settings
193 for specific users, or groups of users. For example, PSOs can force certain
194 users to have longer password lengths, or relax the complexity constraints for
195 other users, and so on. PSOs can be applied to groups or to individual users.
196 When multiple PSOs apply to the same user, essentially the PSO with the best
197 precedence takes effect.
199 PSOs can be configured and applied to users/groups using the 'samba-tool domain
200 passwordsettings pso' set of commands.
202 Domain backup and restore
203 -------------------------
205 A new 'samba-tool' subcommand has been added that allows administrators to
206 create a backup-file of their domain DB. In the event of a catastrophic failure
207 of the domain, this backup-file can be used to restore Samba services.
209 The new 'samba-tool domain backup online' command takes a snapshot of the
210 domain DB from a given DC. In the event of a catastrophic DB failure, all DCs
211 in the domain should be taken offline, and the backup-file can then be used to
212 recreate a fresh new DC, using the 'samba-tool domain backup restore' command.
213 Once the backed-up domain DB has been restored on the new DC, other DCs can
214 then subsequently be joined to the new DC, in order to repopulate the Samba
220 Basic support has been added for renaming a Samba domain. The rename feature is
221 designed for the following cases:
222 1). Running a temporary alternate domain, in the event of a catastrophic
223 failure of the regular domain. Using a completely different domain name and
224 realm means that the original domain and the renamed domain can both run at the
225 same time, without interfering with each other. This is an advantage over
226 creating a regular 'online' backup - it means the renamed/alternate domain can
227 provide core Samba network services, while trouble-shooting the fault on the
228 original domain can be done in parallel.
229 2). Creating a realistic lab domain or pre-production domain for testing.
231 Note that the renamed tool is currently not intended to support a long-term
232 rename of the production domain. Currently renaming the GPOs is not supported
233 and would need to be done manually.
235 The domain rename is done in two steps: first, the 'samba-tool domain backup
236 rename' command will clone the domain DB, renaming it in the process, and
237 producing a backup-file. Then, the 'samba-tool domain backup restore' command
238 takes the backup-file and restores the renamed DB to disk on a fresh DC.
240 New samba-tool options for diagnosing DRS replication issues
241 ------------------------------------------------------------
243 The 'samba-tool drs showrepl' command has two new options controlling
244 the output. With --summary, the command says very little when DRS
245 replication is working well. With --json, JSON is produced. These
246 options are intended for human and machine audiences, respectively.
248 The 'samba-tool visualize uptodateness' visualizes replication lag as
249 a heat-map matrix based on the DRS uptodateness vectors. This will
250 show you if (but not why) changes are failing to replicate to some DCs.
252 Automatic site coverage and GetDCName improvements
253 --------------------------------------------------
255 Samba's AD DC now automatically claims otherwise empty sites based on
256 which DC is the nearest in the replication topology.
258 This, combined with efforts to correctly identify the client side in
259 the GetDCName Netlogon call will improve service to sites without a
262 Improved 'samba-tool computer' command
263 --------------------------------------
265 The 'samba-tool computer' command allow manipulation of computer
266 accounts including creating a new computer and resetting the password.
267 This allows an 'offline join' of a member server or workstation to the
270 New 'samba-tool ou' command
271 ---------------------------
273 The new 'samba-tool ou' command allows to manage organizational units.
275 Available subcommands are:
276 create - Create an organizational unit.
277 delete - Delete an organizational unit.
278 list - List all organizational units
279 listobjects - List all objects in an organizational unit.
280 move - Move an organizational unit.
281 rename - Rename an organizational unit.
283 In addition to the ou commands, there are new subcommands for the user
284 and group management, which can make use of the organizational units:
285 group move - Move a group to an organizational unit/container.
286 user move - Move a user to an organizational unit/container.
287 user show - Display a user AD object.
289 Samba performance tool now operates against Microsoft Windows AD
290 ----------------------------------------------------------------
292 The Samba AD performance testing tool 'traffic_reply' can now operate
293 against a Windows based AD domain. Previously it only operated
294 correctly against Samba.
296 DNS entries are now cleaned up during DC demote
297 -----------------------------------------------
299 DNS records are now cleaned up as part of the 'samba-tool domain
300 demote' including both the default and '--remove-other-dead-server'
303 Additionally, DNS records can be automatically cleaned up for a given
304 name with the 'samba-tool dns cleanup' command, which aids in cleaning
305 up partially removed DCs.
307 samba-tool ntacl sysvolreset is now much faster
308 -----------------------------------------------
310 The 'samba-tool ntacl sysvolreset' command, used on the Samba AD DC,
311 is now much faster than in previous versions, after an internal
314 Samba now tested with CI GitLab
315 -------------------------------
317 Samba developers now have pre-commit testing available in GitLab,
318 giving reviewers confidence that the submitted patches pass a full CI
319 before being submitted to the Samba Team's own autobuild system.
321 Dynamic DNS record scavenging support
322 -------------------------------------
324 It is now possible to enable scavenging of DNS Zones to remove DNS
325 records that were dynamically created and have not been touched in
328 This support should however only be enabled on new zones or new
329 installations. Sadly old Samba versions suffer from BUG 12451 and
330 mark dynamic DNS records as static and static records as dynamic.
331 While a dbcheck rule may be able to find these in the future,
332 currently a reliable test has not been devised.
334 Finally, there is not currently a command-line tool to enable this
335 feature, currently it should be enabled from the DNS Manager tool from
336 Windows. Also the feature needs to have been enabled by setting the smb.conf
337 parameter "dns zone scavenging = yes".
339 Improved support for trusted domains (as AD DC)
340 -----------------------------------------------
342 The support for trusted domains/forests has been further improved.
344 External domain trusts, as well a transitive forest trusts,
345 are supported in both directions (inbound and outbound)
346 for Kerberos and NTLM authentication.
348 The following features are new in 4.9 (compared to 4.8):
350 - It's now possible to add users/groups of a trusted domain
351 into domain groups. The group memberships are expanded
353 - foreignSecurityPrincipal objects (FPO) are now automatically
354 created when members (as SID) of a trusted domain/forest
355 are added to a group.
356 - The 'samba-tool group *members' commands allow
357 members to be specified as foreign SIDs.
359 However there are currently still a few limitations:
361 - Both sides of the trust need to fully trust each other!
362 - No SID filtering rules are applied at all!
363 - This means DCs of domain A can grant domain admin rights
365 - Selective (CROSS_ORGANIZATION) authentication is
366 not supported. It's possible to create such a trust,
367 but the KDC and winbindd ignore them.
368 - Samba can still only operate in a forest with just
374 There are many changes to CTDB in this release.
376 * Configuration has been completely overhauled
378 - Daemon and tool options are now specified in a new ctdb.conf
379 Samba-style configuration file. See ctdb.conf(5) for details.
381 - Event script configuration is no longer specified in the top-level
382 configuration file. It can now be specified per event script.
383 For example, configuration options for the 50.samba event script
384 can be placed alongside the event script in a file called
385 50.samba.options. Script options can also be specified in a new
386 script.options file. See ctdb-script.options(5) for details.
388 - Options that affect CTDB startup should be configured in the
389 distribution-specific configuration file. See ctdb.sysconfig(5)
392 - Tunable settings are now loaded from ctdb.tunables. Using
393 CTDB_SET_TunableVariable=<value> in the main configuration file is
394 no longer supported. See ctdb-tunables(7) for details.
396 A example script to migrate an old-style configuration to the new
397 style is available in ctdb/doc/examples/config_migrate.sh.
399 * The following configuration variables and corresponding ctdbd
400 command-line options have been removed and not replaced with
401 counterparts in the new configuration scheme:
403 CTDB_PIDFILE --pidfile
406 CTDB_PUBLIC_ADDRESSES --public-addresses
407 CTDB_EVENT_SCRIPT_DIR --event-script-dir
408 CTDB_NOTIFY_SCRIPT --notification-script
409 CTDB_PUBLIC_INTERFACE --public-interface
410 CTDB_MAX_PERSISTENT_CHECK_ERRORS --max-persistent-check-errors
412 - The compile-time defaults should be used for the first 6 of these.
413 - Use a symbolic link from the configuration directory to specify a
414 different location for nodes or public_addresses (e.g. in the
416 - Executable notification scripts in the notify.d/ subdirectory of
417 the configuration directory are now run by unconditionally.
418 - Interfaces for public IP addresses must always be specified in the
419 public_addresses file using the currently supported format.
421 Some related items that have been removed are:
423 - The ctdb command's --socket command-line option
424 - The ctdb command's CTDB_NODES environment variable
426 When writing tests there are still mechanisms available to change
427 the locations of certain directories and files.
429 * The following ctdbd.conf and ctdbd options have been replaced by new
432 CTDB_LOGGING/--logging logging -> location
433 CTDB_DEBUGLEVEL/-d logging -> log level
434 CTDB_TRANSPORT/--transport cluster -> transport
435 CTDB_NODE_ADDRESS/--listen cluster -> node address
436 CTDB_RECOVERY_LOCK/--reclock cluster -> recovery lock
437 CTDB_DBDIR/--dbdir database -> volatile database directory
438 CTDB_DBDIR_PERSISTENT/--dbdir-persistent database -> peristent database directory
439 CTDB_DBDIR_STATE/--dbdir-state database -> state database directory
440 CTDB_DEBUG_LOCKS database -> lock debug script
441 CTDB_DEBUG_HUNG_SCRIPT event -> debug script
442 CTDB_NOSETSCHED/--nosetsched legacy -> realtime scheduling
443 CTDB_CAPABILITY_RECMASTER/--no-recmaster legacy -> recmaster capability
444 CTDB_CAPABILITY_LMASTER/--no-lmaster legacy -> lmaster capability
445 CTDB_START_AS_STOPPED/--start-as-stopped legacy -> start as stopped
446 CTDB_START_AS_DISABLED/--start-as-disabled legacy -> start as disabled
447 CTDB_SCRIPT_LOG_LEVEL/--script-log-level legacy -> script log level
449 * Event scripts have moved to the scripts/legacy subdirectory of the
450 configuration directory
452 Event scripts must now end with a ".script" suffix.
454 * The "ctdb event" command has changed in 2 ways:
456 - A component is now required for all commands
458 In this release the only valid component is "legacy".
460 - There is no longer a default event when running "ctdb event status"
462 Listing the status of the "monitor" event is now done via:
464 ctdb event status legacy monitor
466 See ctdb(1) for details.
468 * The following service-related event script options have been
480 CTDB_MANAGED_SERVICES
482 Event scripts for services are now disabled by default. To enable
483 an event script and, therefore, manage a service use a command like
486 ctdb event script enable legacy 50.samba
488 * Notification scripts have moved to the scripts/notification
489 subdirectory of the configuration directory
491 Notification scripts must now end with a ".script" suffix.
493 * Support for setting CTDB_DBDIR=tmpfs has been removed
495 This feature has not been implemented in the new configuration
496 system. If this is desired then a tmpfs filesystem should be
497 manually mounted on the directory pointed to by the "volatile
498 database directory" option. See ctdb.conf(5) for more details.
500 * The following tunable options are now ctdb.conf options:
502 DisabledIPFailover failover -> disabled
503 TDBMutexEnabled database -> tdb mutexes
505 * Support for the NoIPHostOnAllDisabled tunable has been removed
507 If all nodes are unhealthy or disabled then CTDB will not host
508 public IP addresses. That is, CTDB now behaves as if
509 NoIPHostOnAllDisabled were set to 1.
511 * The onnode command's CTDB_NODES_FILE environment variable has been
514 The -f option can still be used to specify an alternate node file.
516 * The 10.external event script has been removed
518 * The CTDB_SHUTDOWN_TIMEOUT configuration variable has been removed
520 As with other daemons, if ctdbd does not shut down when requested
521 then manual intervention is required. There is no safe way of
522 automatically killing ctdbd after a failed shutdown.
524 * CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES configuration
525 variable have been removed
527 These should be setup in the systemd unit/system file or, for SYSV
528 init, in the distribution-specific configuration file for the ctdb
531 * CTDB_PARTIALLY_ONLINE_INTERFACES incompatibility no longer enforced
533 11.natgw and 91.lvs will no longer fail if
534 CTDB_PARTIALLY_ONLINE_INTERFACES=yes. The incompatibility is,
535 however, well documented. This option will be removed in future and
536 replaced by sensible behaviour where public IP addresses simply
537 switch interfaces or become unavailable when interfaces are down.
539 * Configuration file /etc/ctdb/sysconfig/ctdb is no longer supported
544 The 'samba_gpoupdate' command (used in applying Group Policies to the
545 Samba machine itself) has been renamed to "samba_gpupdate" and had the
546 syntax changed to better match the same tool on Windows.
557 As the most popular Samba install platforms (Linux and FreeBSD) both
558 support extended attributes by default, the parameters "map readonly",
559 "store dos attributes" and "ea support" have had their defaults changed
560 to allow better Windows fileserver compatibility in a default install.
562 Parameter Name Description Default
563 -------------- ----------- -------
564 map readonly Default changed no
565 store dos attributes Default changed yes
566 ea support Default changed yes
567 full_audit:success Default changed none
568 full_audit:failure Default changed none
570 VFS interface changes
571 =====================
573 The VFS ABI interface version has changed to 39. Function changes
576 SMB_VFS_FSYNC: Removed: Only async versions are used.
577 SMB_VFS_READ: Removed: Only PREAD or async versions are used.
578 SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used.
579 SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used.
580 SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used.
582 Any external VFS modules will need to be updated to match these
583 changes in order to work with 4.9.x.
585 CHANGES SINCE 4.9.0rc5
586 ======================
588 o Björn Baumbach <bb@sernet.de>
589 * BUG 13605: samba_dnsupdate: Honor 'dns zone scavenging' option, only
592 o Andreas Schneider <asn@samba.org>
593 * BUG 13606: wafsamba: Fix 'make -j<jobs>'.
595 CHANGES SINCE 4.9.0rc4
596 ======================
598 o Jeremy Allison <jra@samba.org>
599 * BUG 13565: s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
600 returns absolute pathnames.
602 o Paulo Alcantara <paulo@paulo.ac>
603 * BUG 13578: s3: util: Do not take over stderr when there is no log file.
605 o Ralph Boehme <slow@samba.org>
606 * BUG 13549: Durable Reconnect fails because cookie.allow_reconnect is not
609 o Alexander Bokovoy <ab@samba.org>
610 * BUG 13539: krb5-samba: Interdomain trust uses different salt principal.
612 o Volker Lendecke <vl@samba.org>
613 * BUG 13441: vfs_fruit: Don't unlink the main file.
614 * BUG 13602: smbd: Fix a memleak in async search ask sharemode.
616 o Stefan Metzmacher <metze@samba.org>
617 * BUG 11517: Fix Samba GPO issue when Trust is enabled.
618 * BUG 13539: samba-tool: Add "virtualKerberosSalt" attribute to
619 'user getpassword/syncpasswords'.
621 o Martin Schwenke <martin@meltin.net>
622 * BUG 13589: Fix CTDB configuration issues.
623 * BUG 13592: ctdbd logs an error until it can successfully connect to
627 CHANGES SINCE 4.9.0rc3
628 ======================
630 o Jeremy Allison <jra@samba.org>
631 * BUG 13585: s3: smbd: Ensure get_real_filename() copes with empty
634 o Tim Beale <timbeale@catalyst.net.nz>
635 * BUG 13566: samba domain backup online/rename commands force user to specify
638 o Alexander Bokovoy <ab@samba.org>
639 * BUG 13579: wafsamba/samba_abi: Always hide ABI symbols which must be
642 o Volker Lendecke <vl@samba.org>
643 * BUG 13584: Fix a panic if fruit_access_check detects a locking conflict.
645 o Andreas Schneider <asn@samba.org>
646 * BUG 13567: Fix memory and resource leaks.
647 * BUG 13580: python: Fix print in dns_invalid.py.
649 o Martin Schwenke <martin@meltin.net>
650 * BUG 13588: Aliasing issue causes incorrect IPv6 checksum.
651 * BUG 13589: Fix CTDB configuration issues.
653 o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
654 * BUG 13568: s3: vfs: time_audit: fix handling of token_blob in
655 smb_time_audit_offload_read_recv().
658 CHANGES SINCE 4.9.0rc2
659 ======================
661 o Jeremy Allison <jra@samba.org>
662 * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
663 returns from malicious servers.
665 o Andrew Bartlett <abartlet@samba.org>
666 * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
667 with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
668 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
669 not servicePrincipalName is set on a user.
671 o Tim Beale <timbeale@catalyst.net.nz>
672 * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
675 o Samuel Cabrero <scabrero@suse.de>
676 * BUG 13540: ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler.
678 o Günther Deschner <gd@samba.org>
679 * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
680 is disabled via "ntlm auth".
681 * BUG 13529: s3-tldap: do not install test_tldap.
683 o David Disseldorp <ddiss@samba.org>
684 * BUG 13540: ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals.
686 o Andrej Gessel <Andrej.Gessel@janztec.com>
687 * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
688 ltdb_index_dn_attr().
690 o Amitay Isaacs <amitay@gmail.com>
691 * BUG 13554: ctdb-eventd: Fix CID 1438155.
693 o Volker Lendecke <vl@samba.org>
694 * BUG 13553: Fix CIDs 1438243, (Unchecked return value) 1438244
695 (Unsigned compared against 0), 1438245 (Dereference before null check) and
696 1438246 (Unchecked return value).
697 * BUG 13554: ctdb: Fix a cut&paste error.
699 o Oleksandr Natalenko <oleksandr@redhat.com>
700 * BUG 13559: systemd: Only start smb when network interfaces are up.
702 o Noel Power <noel.power@suse.com>
703 * BUG 13553: Fix quotas don't work with SMB2.
704 * BUG 13563: s3/smbd: Ensure quota code is only called when quota support
707 o Anoop C S <anoopcs@redhat.com>
708 * BUG 13204: s3/libsmb: Explicitly set delete_on_close token for rmdir.
710 o Andreas Schneider <asn@samba.org>
711 * BUG 13561: s3:waf: Install eventlogadm to /usr/sbin.
713 o Justin Stephenson <jstephen@redhat.com>
714 * BUG 13562: Shorten description in vfs_linux_xfs_sgid manual.
717 CHANGES SINCE 4.9.0rc1
718 ======================
720 o Jeremy Allison <jra@samba.org>
721 * BUG 13537: s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin.
723 o Ralph Boehme <slow@samba.org>
724 * BUG 13535: s3: smbd: Fix path check in
725 smbd_smb2_create_durable_lease_check().
727 o Alexander Bokovoy <ab@samba.org>
728 * BUG 13538: samba-tool trust: Support discovery via netr_GetDcName.
729 * BUG 13542: s4-dsdb: Only build dsdb Python modules for AD DC.
731 o Amitay Isaacs <amitay@gmail.com>
732 * BUG 13520: Fix portability issues on freebsd.
734 o Gary Lockyer <gary@catalyst.net.nz>
735 * BUG 13536: DNS wildcard search does not handle multiple labels correctly.
737 o Stefan Metzmacher <metze@samba.org>
738 * BUG 13308: samba-tool domain trust: Fix trust compatibility to Windows
739 Server 1709 and FreeIPA.
741 o Martin Schwenke <martin@meltin.net>
742 * BUG 13520: Fix portability issues on freebsd.
743 * BUG 13545: ctdb-protocol: Fix CTDB compilation issues.
744 * BUG 13546: ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
746 * BUG 13550: ctdb-doc: Provide an example script for migrating old
748 * BUG 13551: ctdb-event: Implement event tool "script list" command.
754 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs
757 #######################################
758 Reporting bugs & Development Discussion
759 #######################################
761 Please discuss this release on the samba-technical mailing list or by
762 joining the #samba-technical IRC channel on irc.freenode.net.
764 If you do report problems then please try to send high quality
765 feedback. If you don't provide vital information to help us track down
766 the problem then you will probably be ignored. All bug reports should
767 be filed under the Samba 4.1 and newer product in the project's Bugzilla
768 database (https://bugzilla.samba.org/).
771 ======================================================================
772 == Our Code, Our Bugs, Our Responsibility.
774 ======================================================================