source: vendor/current/source4/NEWS@ 624

Last change on this file since 624 was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import

File size: 10.9 KB
Line 
1This file aims to document the major changes since the latest released version
2of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
3and uses a different internal format for most data. Since this
4file is an initial draft, please update missing items.
5
6One of the main goals of Samba 4 was Active Directory Domain Controller
7support. This means Samba now implements several protocols that are required
8by AD such as Kerberos and DNS.
9
10An (experimental) upgrade script that performs a one-way upgrade
11from Samba 3 is available in source/setup/upgrade.
12
13Removal of nmbd and introduction of process models
14==================================================
15smbd now implements several network protocols other than just CIFS and
16DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
17various 'process models' that specify how concurrent connections are
18handled (when to fork, use threads, etc).
19
20Introduction of LDB
21===================
22Samba now stores most of its persistent data in a LDAP-like database
23called LDB (see ldb(7) for more info).
24
25Removed SWAT
26==================
27Unlike previous versions, Samba4 does not provide a web interface at this time.
28
29Built-in KDC
30============
31Samba4 ships with an integrated KDC (Kerberos Key Distribution
32Center). Backed directly onto our main internal database, and
33integrated with custom code to handle the PAC, Samba4's KDC is an
34integral part of our support for AD logon protocols.
35
36Built-in LDAP Server
37====================
38Like the situation with the KDC, Samba4 ships with it's own LDAP
39server, included to provide simple, built-in LDAP services in an AD
40(rather than distinctly standards) matching manner. The database is
41LDB, and it shares that in common with the rest of Samba.
42
43Changed configuration options
44=============================
45Several configuration options have been removed in Samba4 while others have
46been introduced. This section contains a summary of changes to smb.conf and
47where these settings moved. Configuration options that have disappeared may be
48re-added later when the functionality that uses them gets reimplemented in
49Samba 4.
50
51The 'security' parameter has been split up. It is now only used to choose
52between the 'user' and 'share' security levels (the latter is not supported
53in Samba 4 yet). The other values of this option and the 'domain master' and
54'domain logons' parameters have been merged into a 'server role' parameter
55that can be either 'domain controller', 'member server' or 'standalone'. Note that
56member server support does not work yet.
57
58The following parameters have been removed:
59- passdb backend: accounts are now stored in a LDB-based SAM database,
60 see 'sam database' below.
61- update encrypted
62- public
63- guest ok
64- client schannel
65- server schannel
66- allow trusted domains
67- hosts equiv
68- map to guest
69- smb passwd file
70- algorithmic rid base
71- root directory
72- root dir
73- root
74- guest account
75- enable privileges
76- pam password change
77- passwd program
78- passwd chat debug
79- passwd chat timeout
80- check password script
81- username map
82- username level
83- unix password sync
84- restrict anonymous
85- username
86- user
87- users
88- invalid users
89- valid users
90- admin users
91- read list
92- write list
93- printer admin
94- force user
95- force group
96- group
97- write ok
98- writeable
99- writable
100- acl check permissions
101- acl group control
102- acl map full control
103- create mask
104- create mode
105- force create mode
106- security mask
107- force security mode
108- directory mask
109- directory mode
110- force directory mode
111- directory security mask
112- force directory security mode
113- force unknown acl user
114- inherit permissions
115- inherit acls
116- inherit owner
117- guest only
118- only guest
119- only user
120- allow hosts
121- deny hosts
122- preload modules
123- use kerberos keytab
124- syslog
125- syslog only
126- max log size
127- debug timestamp
128- timestamp logs
129- debug hires timestamp
130- debug pid
131- debug uid
132- allocation roundup size
133- aio read size
134- aio write size
135- aio write behind
136- large readwrite
137- protocol
138- read bmpx
139- reset on zero vc
140- acl compatibility
141- defer sharing violations
142- ea support
143- nt acl support
144- nt pipe support
145- profile acls
146- map acl inherit
147- afs share
148- max ttl
149- client use spnego
150- enable asu support
151- svcctl list
152- block size
153- change notify timeout
154- deadtime
155- getwd cache
156- keepalive
157- kernel change notify
158- lpq cache time
159- max smbd processes
160- max disk size
161- max open files
162- min print space
163- strict allocate
164- sync always
165- use mmap
166- use sendfile
167- hostname lookups
168- write cache size
169- name cache timeout
170- max reported print jobs
171- load printers
172- printcap cache time
173- printcap name
174- printcap
175- printing
176- cups options
177- cups server
178- iprint server
179- print command
180- disable spoolss
181- enable spoolss
182- lpq command
183- lprm command
184- lppause command
185- lpresume command
186- queuepause command
187- queueresume command
188- enumports command
189- addprinter command
190- deleteprinter command
191- show add printer wizard
192- os2 driver map
193- use client driver
194- default devmode
195- force printername
196- mangling method
197- mangle prefix
198- default case
199- case sensitive
200- casesignames
201- preserve case
202- short preserve case
203- mangling char
204- hide dot files
205- hide special files
206- hide unreadable
207- hide unwriteable files
208- delete veto files
209- veto files
210- hide files
211- veto oplock files
212- map readonly
213- mangled names
214- mangled map
215- max stat cache size
216- stat cache
217- store dos attributes
218- machine password timeout
219- add user script
220- rename user script
221- delete user script
222- add group script
223- delete group script
224- add user to group script
225- delete user from group script
226- set primary group script
227- add machine script
228- shutdown script
229- abort shutdown script
230- username map script
231- logon script
232- logon path
233- logon drive
234- logon home
235- domain logons
236- os level
237- lm announce
238- lm interval
239- domain master
240- browse list
241- enhanced browsing
242- wins proxy
243- wins hook
244- wins partners
245- blocking locks
246- fake oplocks
247- kernel oplocks
248- locking
249- lock spin count
250- lock spin time
251- level2 oplocks
252- oplock break wait time
253- oplock contention limit
254- posix locking
255- share modes
256- ldap server
257- ldap port
258- ldap admin dn
259- ldap delete dn
260- ldap group suffix
261- ldap idmap suffix
262- ldap machine suffix
263- ldap passwd sync
264- ldap password sync
265- ldap replication sleep
266- ldap suffix
267- ldap ssl
268- ldap timeout
269- ldap page size
270- ldap user suffix
271- add share command
272- change share command
273- delete share command
274- eventlog list
275- utmp directory
276- wtmp directory
277- utmp
278- default service
279- default
280- message command
281- dfree cache time
282- dfree command
283- get quota command
284- set quota command
285- remote announce
286- remote browse sync
287- homedir map
288- afs username map
289- afs token lifetime
290- log nt token command
291- time offset
292- NIS homedir
293- preexec
294- exec
295- preexec close
296- postexec
297- root preexec
298- root preexec close
299- root postexec
300- set directory
301- wide links
302- follow symlinks
303- dont descend
304- magic script
305- magic output
306- delete readonly
307- dos filemode
308- dos filetimes
309- dos filetime resolution
310- fake directory create times
311- panic action
312- vfs objects
313- vfs object
314- msdfs root
315- msdfs proxy
316- host msdfs
317- enable rid algorithm
318- passdb expand explicit
319- idmap backend
320- idmap uid
321- winbind uid
322- idmap gid
323- winbind gid
324- template homedir
325- template shell
326- winbind separator
327- winbind cache time
328- winbind enum users
329- winbind enum groups
330- winbind use default domain
331- winbind trusted domains only
332- winbind nested groups
333- winbind max idle children
334- winbind nss info
335
336The following parameters have been added:
337+ rpc big endian (G)
338 Make Samba fake it is running on a bigendian machine when using DCE/RPC.
339 Useful for debugging.
340
341 Default: no
342
343+ case insensitive filesystem (S)
344 Set to true if this share is located on a case-insensitive filesystem.
345 This disables looking for a filename by trying all possible combinations of
346 uppercase/lowercase characters and thus speeds up operations when a
347 file cannot be found.
348
349 Default: no
350
351+ setup directory
352 Path to data used by provisioning script.
353
354 Default: Set at compile-time
355
356+ ncalrpc dir
357 Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
358
359 Default: Set at compile-time
360
361+ ntvfs handler
362 Backend to the NT VFS to use (more than one can be specified). Available
363 backends include:
364
365 - posix:
366 Maps POSIX FS semantics to NT semantics
367
368 - simple:
369 Very simple backend (original testing backend).
370
371 - unixuid:
372 Sets up user credentials based on POSIX gid/uid.
373
374 - cifs:
375 Proxies a remote CIFS FS. Mainly useful for testing.
376
377 - nbench:
378 Filter module that saves data useful to the nbench benchmark suite.
379
380 - ipc:
381 Allows using SMB for inter process communication. Only used for
382 the IPC$ share.
383
384 - print:
385 Allows printing over SMB. This is LANMAN-style printing (?), not
386 the be confused with the spoolss DCE/RPC interface used by later
387 versions of Windows.
388
389 Default: unixuid default
390
391+ ntptr providor
392 FIXME
393
394+ dcerpc endpoint servers
395 What DCE/RPC servers to start.
396
397 Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
398
399+ server services
400 Services Samba should provide.
401
402 Default: smb rpc nbt wrepl ldap cldap web kdc
403
404+ sam database
405 Location of the SAM (account database) database. This should be a
406 LDB URL.
407
408 Default: set at compile-time
409
410+ spoolss database
411 Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
412
413 Default: set at compile-time
414
415+ wins config database
416 WINS configuration database location. This should be a LDB URL.
417
418 Default: set at compile-time
419
420+ wins database
421 WINS database location. This should be a LDB URL.
422
423 Default: set at compile-time
424
425+ client use spnego principal
426 Tells the client to use the Kerberos service principal specified by the
427 server during the security protocol negotation rather than
428 looking up the principal itself (cifs/hostname).
429
430 Default: false
431
432+ nbt port
433 TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
434
435 Default: 137
436
437+ dgram port
438 UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
439
440 Default: 138
441
442+ cldap port
443 UDP/IP port used by the CLDAP protocol.
444
445 Default: 389
446
447+ krb5 port
448 IP port used by the kerberos KDC.
449
450 Default: 88
451
452+ kpasswd port
453 IP port used by the kerberos password change protocol.
454
455 Default: 464
456
457+ web port
458 TCP/IP port SWAT should listen on.
459
460 Default: 901
461
462+ tls enabled
463 Enable TLS support for SWAT
464
465 Default: true
466
467+ tls keyfile
468 Path to TLS key file (PEM format) to be used by SWAT. If no
469 path is specified, Samba will create a key.
470
471 Default: none
472
473+ tls certfile
474 Path to TLS certificate file (PEM format) to be used by SWAT. If no
475 path is specified, Samba will create a certificate.
476
477 Default: none
478
479+ tls cafile
480 Path to CA authority file Samba will use to sign TLS keys it generates. If
481 no path is specified, Samba will create a self-signed CA certificate.
482
483 Default: none
484
485+ tls crlfile
486 Path to TLS certificate revocation lists file.
487
488 Default: none
489
490+ swat directory
491 SWAT data directory.
492
493 Default: set at compile-time
494
495+ large readwrite
496 Indicate the CIFS server is able to do large reads/writes.
497
498 Default: true
499
500+ unicode
501 Enable/disable unicode support in the protocol.
502
503 Default: true
Note: See TracBrowser for help on using the repository browser.