Samba Features added/changed (by release): Difference between revisions
From SambaWiki
(→3.0.25) |
(added link to printjob username) |
||
Line 127: | Line 127: | ||
|1024KB |
|1024KB |
||
|- |
|- |
||
|printjob username |
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#PRINTJOBUSERNAME printjob username ] |
||
|New |
|New |
||
|%U |
|%U |
||
Line 306: | Line 306: | ||
===3.0.10=== |
===3.0.10=== |
||
===3.0.9=== |
===3.0.9=== |
||
==Securty- and bugfixes by version== |
==Securty- and bugfixes by version== |
Revision as of 14:50, 16 May 2007
New features by version
3.0.25
- Significant improvements in the winbind off-line logon support.
- Support for secure DDNS updates as part of the 'net ads join' process.
- Rewritten IdMap interface which allows for TTL based caching and per domain backends.
- New plug-in interface for the "winbind nss info" parameter.
- New file change notify subsystem which is able to make use of inotify on Linux.
- Support for passing Windows security descriptors to a VFS plug-in allowing for multiple Unix ACL implements to running side by side on the Same server.
- Improved compatibility with Windows Vista clients including improved read performance with Linux servers.
- Man pages for IdMap and VFS plug-ins.
3.0.23{a,b,c,d}
- Stability fixes for winbindd
- Portability fixes on FreeBSD and Solaris operating systems.
- New "createupn" option to "net ads join"
- Rewritten Kerberos keytab generation when 'use kerberos keytab = yes'
- Improved 'make test'
- New offline mode in winbindd
- New Kerberos support for pam_winbind.so
- New handling of unmapped users and groups
- New non-root share management tools
- Improved support for local and BUILTIN groups
- Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2
- Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain
3.0.21{a,b,c}
- Complete NTLMv2 support by consolidating authentication mechanism used at the CIFS and RPC layers.
- The capability to manage Unix services using the Win32 Service Control API.
- The capability to view external Unix log files via the Microsoft Event Viewer.
- New libmsrpc share library for application developers.
- Rewrite of CIFS oplock implementation.
- Performance Counter external daemon.
- Winbindd auto-detection query methods when communicating with a domain controller.
- The ability to enumerate long share names in libsmbclient applications.
3.0.20{a,b}
- Support for several new Win32 rpc pipes.
- Improved support for OS/2 clients.
- New 'net rpc service' tool for managing Win32 services.
- Capability to set the owner on new files and directory based on the parent's ownership.
- Experimental, asynchronous IO file serving support.
- Completed Support for Microsoft Print Migrator.
- New Winbind IDmap plugin (ad) for retrieving uid and gid from AD servers which maintain the SFU user and group attributes.
- Rewritten support for POSIX pathnames when utilizing the Linux CIFS fs client.
- New asynchronous winbindd.
- Support for Microsoft Print Migrator.
- New Windows NT registry file I/O library.
- New user right (SeTakeOwnershipPrivilege) added.
- New "net share migrate" options.
3.0.14a
Release 3.0.14a is a pure bugfix release which fixed a "show stopper".
Please note, the release policy has changed at this point.
3.0.14
3.0.13
3.0.12
- Performance enhancements when serving directories containing large number of files.
- MS-DFS support added to smbclient.
- More performance improvements when using Samba/OpenLDAP based DC's via the 'ldapsam:trusted=yes' option.
- Support for the Novell NDS universal password when using the ldapsam passdb backend.
- New 'net rpc trustdom {add,del}' functionality to eventually replace 'smbpasswd {-a,-x} -i'.
- New libsmbclient functionality.
3.0.11
- Winbindd performance improvements.
- More 'net rpc vampire' functionality.
- Support for the Windows privilege model to assign rights to specific SIDs.
- New administrative options to the 'net rpc' command.
3.0.10
Release 3.0.10 is a fix for security issues described in CAN-2004-1154.
3.0.9
Release 3.0.9 is a pure bigfix release which fixes printing problems from Windows 9x, roaming profile updates and unknown symbols for kde
Changes in smb.conf
3.0.025
Parameter Name | Description | Default |
---|---|---|
change notify timeout | Removed | n/a |
change notify | New | Yes |
debug prefix timestamp | New | No |
fam change notify | Removed | n/a |
idmap domains | New | "" |
idmap alloc backend | New | "" |
New | 900 | |
New | 120 | |
kernel change notify | Per share | Yes |
lock spin count | Removed | n/a |
max stat cache size | Modified | 1024KB |
printjob username | New | %U |
winbind normalize names | New | no |
3.0.23{a,b}
Parameter Name | Description | Default |
---|---|---|
acl group control | Deprecated | No |
add port command | New | "" |
change notify timeout | Changed Scope | "" |
dmapi support | New | No |
dos filemode | Modified | No |
enable asu support | Changed default | No |
enable core files | New | Yes |
enable privileges | Changed default | Yes |
enable rid algorithm | Removed | "" |
fam change notify | New | Yes |
hosts equiv | Removed | "" |
host msdfs | Changed default | Yes |
msdfs root | Changed default | Yes |
open files database hash size | New | 10007 |
passdb expand explicit | Changed default | No |
strict locking | Changed default | auto |
usershare allow guests | New | No |
usershare max shares | New | 0 |
usershare owner only | New | Yes |
usershare path | New | ${lockdir} |
usershare prefix allow list | New | "" |
usershare prefix deny list | New | "" |
usershare template share | New | "" |
winbind enum users | Changed default | No |
winbind enum groups | Changed default | No |
winbind nested groups | Changed default | Yes |
winbind offline logon | New | No |
winbind refresh tickets | New | No |
winbind max idle children | Removed | "" |
wins partners | Removed | "" |
3.0.21{a,b,c}
- dfree cache time (New)
- dfree command (Per share)
- eventlog list (New)
- iprint server (New)
- map read only (New)
- passdb expand explicit (New)
- rename user script (New)
- reset on zero vc (New)
- svcctl list (Renamed from 'enable svcctl')
3.0.20{a,b}
- acl check permissions (New)
- acl group control (New)
- acl map full control (New)
- aio read size (New)
- aio write size (New)
- enable asu support (New)
- inherit owner (New)
- ldap filter (Removed)
- map to guest (Modified (new value added))
- max stat cache size (New)
- min password length (Removed)
- printer admin (Deprecated)
- username map script (New)
- winbind enable local accounts (Removed)
- winbindd nss info (New)
3.0.14
- dos filetimes (Enabled by default)
3.0.13
3.0.12
- allocation roundup size (New)
- log nt token command (New)
- write cache (Deprecated)
3.0.11
- afs token lifetime (New)
- enable privileges (New)
- ldap password sync (Alias)
- min password length (Deprecated)
- winbind enable local accounts (Deprecated)
3.0.10
3.0.9
Securty- and bugfixes by version
3.0.25
- CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation
- CVE-2007-2446 Versions: Samba 3.0.0 - 3.0.24 Multiple heap overflows allow remote code execution
- CVE-2007-2447 Versions: Samba 3.0.0 - 3.0.24 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution
3.0.23{c}
- Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords.
- Authorization failures when using smb.conf options such as "valid users" with the smb
3.0.23{b}
- Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users".
- Errors in 'net ads join' caused by bad IP address in the list of domain controllers.
- SMB signing errors in the client and server code.
- Domain join failures when using smbpasswd on a Samba PDC.
3.0.23{a}
- Failure to strip the domain name from groups when 'winbind use default domain = yes'
- Failure in pam_winbind to correctly parse arguments.
- Bad token creation of local users on member servers not running winbindd.
- Failure to add users or groups to ACLs using the Windows object picker.
- Failure in file serving code when 'kernel oplocks = yes'.