4 This is the first pre release of Samba 4.16. This is *not*
5 intended for production environments and is designed for testing
6 purposes only. Please report any defects via the Samba bug reporting
7 system at https://bugzilla.samba.org/.
9 Samba 4.16 will be the next version of the Samba suite.
19 New samba-dcerpcd binary to provide DCERPC in the member server setup
20 ---------------------------------------------------------------------
22 In order to make it much easier to break out the DCERPC services
23 from smbd, a new samba-dcerpcd binary has been created.
25 samba-dcerpcd can be used in two ways. In the normal case without
26 startup script modification it is invoked on demand from smbd or
27 winbind --np-helper to serve DCERPC over named pipes. Note that
28 in order to run in this mode the smb.conf [global] section has
29 a new parameter "rpc start on demand helpers = [true|false]".
30 This parameter is set to "true" by default, meaning no changes to
31 smb.conf files are needed to run samba-dcerpcd on demand as a named
34 It can also be used in a standalone mode where it is started
35 separately from smbd or winbind but this requires changes to system
36 startup scripts, and in addition a change to smb.conf, setting the new
37 [global] parameter "rpc start on demand helpers = false". If "rpc
38 start on demand helpers" is not set to false, samba-dcerpcd will
39 refuse to start in standalone mode.
41 Note that when Samba is run in the Active Directory Domain Controller
42 mode the samba binary that provides the AD code will still provide its
43 normal DCERPC services whilst allowing samba-dcerpcd to provide
44 services like SRVSVC in the same way that smbd used to in this
47 The parameters that allowed some smbd-hosted services to be started
48 externally are now gone (detailed below) as this is now the default
51 samba-dcerpcd can also be useful for use outside of the Samba
52 framework, for example, use with the Linux kernel SMB2 server ksmbd or
53 possibly other SMB2 server implementations.
55 Certificate Auto Enrollment
56 ---------------------------
58 Certificate Auto Enrollment allows devices to enroll for certificates from
59 Active Directory Certificate Services. It is enabled by Group Policy.
60 To enable Certificate Auto Enrollment, Samba's group policy will need to be
61 enabled by setting the smb.conf option `apply group policies` to Yes. Samba
62 Certificate Auto Enrollment depends on certmonger, the cepces certmonger
63 plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
64 certmonger paired with cepces to monitor the host certificate templates.
65 Certificates are installed in /var/lib/samba/certs and private keys are
66 installed in /var/lib/samba/private/certs.
68 Ability to add ports to dns forwarder addresses in internal DNS backend
69 -----------------------------------------------------------------------
71 The internal DNS server of Samba forwards queries non-AD zones to one or more
72 configured forwarders. Up until now it has been assumed that these forwarders
73 listen on port 53. Starting with this version it is possible to configure the
74 port using host:port notation. See smb.conf for more details. Existing setups
75 are not affected, as the default port is 53.
80 SMB1 CORE and LANMAN1 protocol wildcard copy, unlink and rename removed
81 =======================================================================
83 In preparation for the removal of the SMB1 server, the unused
84 SMB1 command SMB_COM_COPY (SMB1 command number 0x29) has been
85 removed from the Samba smbd server. In addition, the ability
86 to process file name wildcards in requests using the SMB1 commands
87 SMB_COM_COPY (SMB1 command number 0x2A), SMB_COM_RENAME (SMB1 command
88 number 0x7), SMB_COM_NT_RENAME (SMB1 command number 0xA5) and
89 SMB_COM_DELETE (SMB1 command number 0x6) have been removed.
91 This only affects clients using MS-DOS based versions of
92 SMB1, the last release of which was Windows 98. Users requiring
93 support for these features will need to use older versions
96 No longer using Linux mandatory locks for sharemodes
97 ====================================================
99 smbd mapped sharemodes to Linux mandatory locks. This code in the Linux kernel
100 was broken for a long time, and is planned to be removed with Linux 5.15. This
101 Samba release removes the usage of mandatory locks for sharemodes and the
102 "kernel share modes" config parameter is changed to default to "no". The Samba
103 VFS interface is kept, so that file-system specific VFS modules can still use
104 private calls for enforcing sharemodes.
110 Parameter Name Description Default
111 -------------- ----------- -------
112 kernel share modes New default No
113 dns forwarder Changed
116 rpc start on demand helpers Added true
121 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.16#Release_blocking_bugs
124 #######################################
125 Reporting bugs & Development Discussion
126 #######################################
128 Please discuss this release on the samba-technical mailing list or by
129 joining the #samba-technical IRC channel on irc.freenode.net.
131 If you do report problems then please try to send high quality
132 feedback. If you don't provide vital information to help us track down
133 the problem then you will probably be ignored. All bug reports should
134 be filed under the Samba 4.1 and newer product in the project's Bugzilla
135 database (https://bugzilla.samba.org/).
138 ======================================================================
139 == Our Code, Our Bugs, Our Responsibility.
141 ======================================================================