Samba Features added/changed (by release): Difference between revisions

From SambaWiki
(Added the different Samba Versions)
(19 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==New features by version==
==New features in Samba by the different versions==


This page is a new try to collect the important information from the changelog in on page.
* all information in one page
* searchable in the wiki
* direct access to the bugzilla


*[[Samba 3.5 Features added/changed]]
*[[Samba 3.4 Features added/changed]]
*[[Samba 3.3 Features added/changed]]
*[[Samba 3.2 Features added/changed]]
*[[Samba 3.0 Features added/changed]]


===[[Samba 4.12 Features added/changed]]===
===3.0.26a===
===[[Samba 4.11 Features added/changed]]===
===[[Samba 4.10 Features added/changed]]===
===[[Samba 4.9 Features added/changed]]===
===[[Samba 4.8 Features added/changed]]===
===[[Samba 4.7 Features added/changed]]===
===[[Samba 4.6 Features added/changed]]===
===[[Samba 4.5 Features added/changed]]===
===[[Samba 4.4 Features added/changed]]===
===[[Samba 4.3 Features added/changed]]===
===[[Samba 4.2 Features added/changed]]===
===[[Samba 4.1 Features added/changed]]===
===[[Samba 4.0 Features added/changed]]===
===[[Samba 3.6 Features added/changed]]===
===[[Samba 3.5 Features added/changed]]===
===[[Samba 3.4 Features added/changed]]===
===[[Samba 3.3 Features added/changed]]===
===[[Samba 3.2 Features added/changed]]===
===[[Samba 3.0 Features added/changed]]===


==New features in Samba in a summary page==
* Memory leaks in Winbind's IDMap manager.


===3.0.25 {a/b/c}===
===[[Samba Features added/changed]]===
* 3.0.25c
** File sharing with Widows 9x clients.
** Winbind running out of file descriptors due to stalled child processes.
** MS-DFS inter-operability issues.


* 3.0.25b
** Offline caching of files with Windows XP/Vista clients.
** Improper cleanup of expired or invalid byte range locks on files.
** Crashes is idmap_ldap and idmap_rid.


====Changes to 'net idmap dump'====
***A change in command line syntax and behavior was introduced in the 3.0.25 release series where the command <nowiki>$ net idmap dump /.../path/to/idmap.tdb</nowiki> would overwrite the tdb instead of dumping its contents to standard output as was the case in releases prior to Samba 3.0.25. The changed has been reverted in 3.0.25b and the semantics from 3.0.24 and earlier releases have been restored.

* 3.0.25a
** Missing supplementary Unix group membership when using "force group".
** Premature expiration of domain user passwords when using a Samba domain controller.
** Failure to open the Windows object picker against a server configured to use "security = domain".
** Authentication failures when using security = server.
====Changes to MS-DFS Root Share Behavior====

***Please be aware that the initial value for the "msdfs root" share parameter was changed in the 3.0.25 release series and that this option is now disabled by default. Windows clients frequently require a reboot in order to clear any cached information about MS-DFS root shares on a server and you may experience failures accessing file services on Samba 3.0.25 servers until the client reboot is performed. Alternately, you may explicitly re-enable the parameter in smb.conf. Please refer to the smb.conf(5) man page for more details.

* 3.0.25
** Significant improvements in the winbind off-line logon support.
** Support for secure DDNS updates as part of the 'net ads join' process.
** Rewritten IdMap interface which allows for TTL based caching and per domain backends.
** New plug-in interface for the "winbind nss info" parameter.
** New file change notify subsystem which is able to make use of inotify on Linux.
** Support for passing Windows security descriptors to a VFS plug-in allowing for multiple Unix ACL implements to running side by side on the Same server.
** Improved compatibility with Windows Vista clients including improved read performance with Linux servers.
** Man pages for IdMap and VFS plug-ins.

===3.0.23{a,b,c,d}===
* Stability fixes for winbindd
* Portability fixes on FreeBSD and Solaris operating systems.
* New "createupn" option to "net ads join"
* Rewritten Kerberos keytab generation when 'use kerberos keytab = yes'
* Improved 'make test'
* New offline mode in winbindd
* New Kerberos support for pam_winbind.so
* New handling of unmapped users and groups
* New non-root share management tools
* Improved support for local and BUILTIN groups
* Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2
* Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain

===3.0.21{a,b,c}===
* Complete NTLMv2 support by consolidating authentication mechanism used at the CIFS and RPC layers.
* The capability to manage Unix services using the Win32 Service Control API.
* The capability to view external Unix log files via the Microsoft Event Viewer.
* New libmsrpc share library for application developers.
* Rewrite of CIFS oplock implementation.
* Performance Counter external daemon.
* Winbindd auto-detection query methods when communicating with a domain controller.
* The ability to enumerate long share names in libsmbclient applications.
===3.0.20{a,b}===
* Support for several new Win32 rpc pipes.
* Improved support for OS/2 clients.
* New 'net rpc service' tool for managing Win32 services.
* Capability to set the owner on new files and directory based on the parent's ownership.
* Experimental, asynchronous IO file serving support.
* Completed Support for Microsoft Print Migrator.
* New Winbind IDmap plugin (ad) for retrieving uid and gid from AD servers which maintain the SFU user and group attributes.
* Rewritten support for POSIX pathnames when utilizing the Linux CIFS fs client.
* New asynchronous winbindd.
* Support for Microsoft Print Migrator.
* New Windows NT registry file I/O library.
* New user right (SeTakeOwnershipPrivilege) added.
* New "net share migrate" options.

===3.0.14a===
Release 3.0.14a is a pure bugfix release which fixed a "show stopper".

<b>Please note, the release policy has changed at this point.</b>

===3.0.14===
===3.0.13===
===3.0.12===
* Performance enhancements when serving directories containing large number of files.
* MS-DFS support added to smbclient.
* More performance improvements when using Samba/OpenLDAP based DC's via the 'ldapsam:trusted=yes' option.
* Support for the Novell NDS universal password when using the ldapsam passdb backend.
* New 'net rpc trustdom {add,del}' functionality to eventually replace 'smbpasswd {-a,-x} -i'.
* New libsmbclient functionality.

===3.0.11===
* Winbindd performance improvements.
* More 'net rpc vampire' functionality.
* Support for the Windows privilege model to assign rights to specific SIDs.
* New administrative options to the 'net rpc' command.

===3.0.10===
Release 3.0.10 is a fix for security issues described in CAN-2004-1154.
===3.0.9===
Release 3.0.9 is a pure bigfix release which fixes printing problems from Windows 9x, roaming profile updates and unknown symbols for kde

==Changes in smb.conf==
===3.0.025===
{| {{Prettytable}}
!Parameter Name
!Description
!Default
|-
|change notify timeout
|Removed
| n/a
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#CHANGENOTIFY change notify]
|New
|Yes
|-
|debug prefix timestamp
|New
|No
|-
|fam change notify
|Removed
|n/a
|-
|idmap domains
|New
|""
|-
|idmap alloc backend
|New
|""
|-
|idmap cache time
|New
|900
|-
|idmap negative cache time
|New
|120
|-
|kernel change notify
|Per share
|Yes
|-
|lock spin count
|Removed
|n/a
|-
|max stat cache size
|Modified
|1024KB
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#PRINTJOBUSERNAME printjob username ]
|New
|%U
|-
|winbind normalize names
|New
|no
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDENUMGROUPS winbind enum groups ]
|changed default
|off
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDENUMUSERS winbind enum users ]
|changed default
|off
|}

===3.0.23{a,b}===
{| {{Prettytable}}
!Parameter Name
!Description
!Default
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#ACLGROUPCONTROL acl group control]
|Deprecated
|No
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#ADDPORTCOMMAND add port command]
|New
|""
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#CHANGENOTIFYTIMEOUT change notify timeout]
|Changed Scope
|""
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#DMAPISUPPORT dmapi support]
|New
|No
|-
|dos filemode
|Modified
|No
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#ENABLEASUSUPPORT enable asu support]
|Changed default
|No
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#ENABLECOREFILES enable core files]
|New
|Yes
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#ENABLEPRIVILEGES enable privileges]
|Changed default
|Yes
|-
|enable rid algorithm
|Removed
|""
|-
|fam change notify
|New
|Yes
|-
|hosts equiv
|Removed
|""
|-
|host msdfs
|Changed default
|Yes
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#MSDFSROOT msdfs root]
|Changed default
|Yes
|-
|open files database hash size
|New
|10007
|-
|passdb expand explicit
|Changed default
|No
|-
|strict locking
|Changed default
|auto
|-
|usershare allow guests
|New
|No
|-
|usershare max shares
|New
|0
|-
|usershare owner only
|New
|Yes
|-
|usershare path
|New
|${lockdir}
|-
|usershare prefix allow list
|New
|""
|-
|usershare prefix deny list
|New
|""
|-
|usershare template share
|New
|""
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDENUMUSERS winbind enum users]
|Changed default
|No
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDENUMGROUPS winbind enum groups]
|Changed default
|No
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDNESTEDGROUPS winbind nested groups]
|Changed default
|Yes
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDOFFLINELOGON winbind offline logon]
|New
|No
|-
|[http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDREFRESHTICKETS winbind refresh tickets]
|New
|No
|-
|winbind max idle children
|Removed
|""
|-
|wins partners
|Removed
|""
|}

===3.0.21{a,b,c}===
* dfree cache time (New)
* dfree command (Per share)
* eventlog list (New)
* iprint server (New)
* map read only (New)
* passdb expand explicit (New)
* rename user script (New)
* reset on zero vc (New)
* svcctl list (Renamed from 'enable svcctl')

===3.0.20{a,b}===
* [http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#ACLCHECKPERMISSIONS acl check permissions] (New)
* acl group control (New)
* acl map full control (New)
* aio read size (New)
* aio write size (New)
* enable asu support (New)
* inherit owner (New)
* ldap filter (Removed)
* map to guest (Modified (new value added))
* max stat cache size (New)
* min password length (Removed)
* printer admin (Deprecated)
* username map script (New)
* winbind enable local accounts (Removed)
* winbindd nss info (New)

===3.0.14===
* dos filetimes (Enabled by default)
===3.0.13===
===3.0.12===
* allocation roundup size (New)
* log nt token command (New)
* write cache (Deprecated)
===3.0.11===
* afs token lifetime (New)
* enable privileges (New)
* ldap password sync (Alias)
* min password length (Deprecated)
* winbind enable local accounts (Deprecated)
===3.0.10===
===3.0.9===

==Securty- and bugfixes by version==
===3.0.25===

* CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation

* CVE-2007-2446 Versions: Samba 3.0.0 - 3.0.24 Multiple heap overflows allow remote code execution
* CVE-2007-2447 Versions: Samba 3.0.0 - 3.0.24 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution

===3.0.23{c}===
* Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords.
* Authorization failures when using smb.conf options such as "valid users" with the smb
===3.0.23{b}===
* Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users".
* Errors in 'net ads join' caused by bad IP address in the list of domain controllers.
* SMB signing errors in the client and server code.
* Domain join failures when using smbpasswd on a Samba PDC.

===3.0.23{a}===
* Failure to strip the domain name from groups when 'winbind use default domain = yes'
* Failure in pam_winbind to correctly parse arguments.
* Bad token creation of local users on member servers not running winbindd.
* Failure to add users or groups to ACLs using the Windows object picker.
* Failure in file serving code when 'kernel oplocks = yes'.

==Upgrade issues by version==
----
----
[[Category:Category Documentation]]
[[Category:Release Notes]]

Revision as of 20:34, 21 January 2020

New features in Samba by the different versions

This page is a new try to collect the important information from the changelog in on page.

  • all information in one page
  • searchable in the wiki
  • direct access to the bugzilla


Samba 4.12 Features added/changed

Samba 4.11 Features added/changed

Samba 4.10 Features added/changed

Samba 4.9 Features added/changed

Samba 4.8 Features added/changed

Samba 4.7 Features added/changed

Samba 4.6 Features added/changed

Samba 4.5 Features added/changed

Samba 4.4 Features added/changed

Samba 4.3 Features added/changed

Samba 4.2 Features added/changed

Samba 4.1 Features added/changed

Samba 4.0 Features added/changed

Samba 3.6 Features added/changed

Samba 3.5 Features added/changed

Samba 3.4 Features added/changed

Samba 3.3 Features added/changed

Samba 3.2 Features added/changed

Samba 3.0 Features added/changed

New features in Samba in a summary page

Samba Features added/changed