- Timestamp:
- Jan 15, 2010, 8:21:06 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/ChangeNotes.html
r342 r368 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 4.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="optional.html" title="Part III. Advanced Configuration"><link rel="next" href="NetworkBrowsing.html" title="Chapter 10. Network Browsing"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="optional.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="NetworkBrowsing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ChangeNotes"></a>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="orgname">Samba Team</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jerry@samba.org">jerry@samba.org</a>></code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ChangeNotes.html#id2578591">Important Samba-3.2.x Change Notes</a></span></dt><dt><span class="sect1"><a href="ChangeNotes.html#id2578603">Important Samba-3.0.x Change Notes</a></span></dt><dd><dl><dt><span class="sect2"><a href="ChangeNotes.html#id2578662">User and Group Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2578974">Essential Group Mappings</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2579095">Passdb Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2579156">Group Mapping Changes in Samba-3.0.23</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2579276">LDAP Changes in Samba-3.0.23</a></span></dt></dl></dd></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="optional.html" title="Part III. Advanced Configuration"><link rel="next" href="NetworkBrowsing.html" title="Chapter 10. Network Browsing"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="optional.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="NetworkBrowsing.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 9. Important and Critical Change Notes for the Samba 3.x Series"><div class="titlepage"><div><div><h2 class="title"><a name="ChangeNotes"></a>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jerry@samba.org">jerry@samba.org</a>></code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ChangeNotes.html#id2584662">Important Samba-3.2.x Change Notes</a></span></dt><dt><span class="sect1"><a href="ChangeNotes.html#id2584674">Important Samba-3.0.x Change Notes</a></span></dt><dd><dl><dt><span class="sect2"><a href="ChangeNotes.html#id2584733">User and Group Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585045">Essential Group Mappings</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585166">Passdb Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585226">Group Mapping Changes in Samba-3.0.23</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585347">LDAP Changes in Samba-3.0.23</a></span></dt></dl></dd></dl></div><p> 2 2 Please read this chapter carefully before update or upgrading Samba. You should expect to find only critical 3 3 or very important information here. Comprehensive change notes and guidance information can be found in the 4 4 section <a class="link" href="upgrading-to-3.0.html" title="Chapter 35. Updating and Upgrading Samba">Updating and Upgrading Samba</a>. 5 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2578591"></a>Important Samba-3.2.x Change Notes</h2></div></div></div><p>5 </p><div class="sect1" title="Important Samba-3.2.x Change Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2584662"></a>Important Samba-3.2.x Change Notes</h2></div></div></div><p> 6 6 !!!!!!!!!!!!Add all critical update notes here!!!!!!!!!!!!! 7 </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2578603"></a>Important Samba-3.0.x Change Notes</h2></div></div></div><p>7 </p></div><div class="sect1" title="Important Samba-3.0.x Change Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2584674"></a>Important Samba-3.0.x Change Notes</h2></div></div></div><p> 8 8 These following notes pertain in particular to Samba 3.0.23 through Samba 3.0.25c (or more recent 3.0.25 9 9 update). Samba is a fluid and ever changing project. Changes throughout the 3.0.x series release are … … 22 22 This chapter is new to the release of the HOWTO for Samba 3.0.23. It includes much of the notes provided 23 23 in the <code class="filename">WHATSNEW.txt</code> file that is included with the Samba source code release tarball. 24 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2578662"></a>User and Group Changes</h3></div></div></div><p>24 </p><div class="sect2" title="User and Group Changes"><div class="titlepage"><div><div><h3 class="title"><a name="id2584733"></a>User and Group Changes</h3></div></div></div><p> 25 25 The change documented here affects unmapped user and group accounts only. 26 26 </p><p> 27 <a class="indexterm" name="id25 78675"></a>28 <a class="indexterm" name="id25 78682"></a>29 <a class="indexterm" name="id25 78688"></a>30 <a class="indexterm" name="id25 78698"></a>31 <a class="indexterm" name="id25 78706"></a>27 <a class="indexterm" name="id2584746"></a> 28 <a class="indexterm" name="id2584752"></a> 29 <a class="indexterm" name="id2584759"></a> 30 <a class="indexterm" name="id2584768"></a> 31 <a class="indexterm" name="id2584777"></a> 32 32 The user and group internal management routines have been rewritten to prevent overlaps of 33 33 assigned Relative Identifiers (RIDs). In the past the has been a potential problem when … … 36 36 <code class="literal">net rpc vampire</code>. 37 37 </p><p> 38 <a class="indexterm" name="id25 78738"></a>39 <a class="indexterm" name="id25 78744"></a>40 <a class="indexterm" name="id25 78751"></a>41 <a class="indexterm" name="id25 78757"></a>38 <a class="indexterm" name="id2584809"></a> 39 <a class="indexterm" name="id2584815"></a> 40 <a class="indexterm" name="id2584822"></a> 41 <a class="indexterm" name="id2584828"></a> 42 42 Unmapped users are now assigned a SID in the <code class="literal">S-1-22-1</code> domain and unmapped 43 43 groups are assigned a SID in the <code class="literal">S-1-22-2</code> domain. Previously they were … … 46 46 been under the authority of the local SAM (see the man page for <code class="literal">net getlocalsid</code>). 47 47 </p><p> 48 <a class="indexterm" name="id25 78794"></a>49 <a class="indexterm" name="id25 78801"></a>50 <a class="indexterm" name="id25 78808"></a>51 <a class="indexterm" name="id25 78815"></a>52 <a class="indexterm" name="id25 78822"></a>48 <a class="indexterm" name="id2584865"></a> 49 <a class="indexterm" name="id2584872"></a> 50 <a class="indexterm" name="id2584879"></a> 51 <a class="indexterm" name="id2584886"></a> 52 <a class="indexterm" name="id2584892"></a> 53 53 The result is that any unmapped users or groups on an upgraded Samba domain controller may 54 54 be assigned a new SID. Because the SID rather than a name is stored in Windows security … … 60 60 An example helps to illustrate the change: 61 61 </p><p> 62 <a class="indexterm" name="id25 78844"></a>63 <a class="indexterm" name="id25 78851"></a>64 <a class="indexterm" name="id25 78857"></a>65 <a class="indexterm" name="id25 78864"></a>62 <a class="indexterm" name="id2584915"></a> 63 <a class="indexterm" name="id2584922"></a> 64 <a class="indexterm" name="id2584928"></a> 65 <a class="indexterm" name="id2584935"></a> 66 66 Assume that a group named <span class="emphasis"><em>developers</em></span> exists with a UNIX GID of 782. In this 67 67 case this group does not exist in Samba's group mapping table. It would be perfectly normal for … … 69 69 <code class="literal">S-1-5-21-647511796-4126122067-3123570092-2565</code>. 70 70 </p><p> 71 <a class="indexterm" name="id25 78888"></a>72 <a class="indexterm" name="id25 78895"></a>73 <a class="indexterm" name="id25 78901"></a>74 <a class="indexterm" name="id25 78908"></a>71 <a class="indexterm" name="id2584959"></a> 72 <a class="indexterm" name="id2584965"></a> 73 <a class="indexterm" name="id2584972"></a> 74 <a class="indexterm" name="id2584979"></a> 75 75 With the release of Samba-3.0.23, the group SID would be reported as <code class="literal">S-1-22-2-782</code>. Any 76 76 security descriptors associated with files stored on a Windows NTFS disk partition will not allow access based … … 80 80 even though both SIDs in some respect refer to the same UNIX group. 81 81 </p><p> 82 <a class="indexterm" name="id25 78944"></a>83 <a class="indexterm" name="id25 78951"></a>82 <a class="indexterm" name="id2585015"></a> 83 <a class="indexterm" name="id2585022"></a> 84 84 The workaround for versions of Samba prior to 3.0.23, is to create a manual domain group mapping 85 85 entry for the group <span class="emphasis"><em>developers</em></span> to point at the 86 86 <code class="literal">S-1-5-21-647511796-4126122067-3123570092-2565</code> SID. With the release of Samba-3.0.23 this 87 87 workaround is no longer needed. 88 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2578974"></a>Essential Group Mappings</h3></div></div></div><p>88 </p></div><div class="sect2" title="Essential Group Mappings"><div class="titlepage"><div><div><h3 class="title"><a name="id2585045"></a>Essential Group Mappings</h3></div></div></div><p> 89 89 Samba 3.0.x series releases before 3.0.23 automatically created group mappings for the essential Windows 90 90 domain groups <code class="literal">Domain Admins, Domain Users, Domain Guests</code>. Commencing with Samba 3.0.23 … … 92 92 correctly authenticate and recoognize valid domain users. When this happens users will not be able to log onto 93 93 the Windows client. 94 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>94 </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 95 95 Group mappings are essentail only if the Samba servers is running as a PDC/BDC. Stand-alone servers do not 96 96 require these group mappings. … … 103 103 For further information regarding group mappings see <a class="link" href="groupmapping.html" title="Chapter 12. Group Mapping: MS Windows and UNIX">Group Mapping: MS Windows 104 104 and UNIX</a>. 105 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2579095"></a>Passdb Changes</h3></div></div></div><p>106 <a class="indexterm" name="id25 79103"></a>107 <a class="indexterm" name="id25 79110"></a>108 <a class="indexterm" name="id25 79116"></a>109 <a class="indexterm" name="id25 79123"></a>105 </p></div><div class="sect2" title="Passdb Changes"><div class="titlepage"><div><div><h3 class="title"><a name="id2585166"></a>Passdb Changes</h3></div></div></div><p> 106 <a class="indexterm" name="id2585174"></a> 107 <a class="indexterm" name="id2585180"></a> 108 <a class="indexterm" name="id2585187"></a> 109 <a class="indexterm" name="id2585194"></a> 110 110 The <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a> parameter no longer accepts multiple passdb backends in a 111 111 chained configuration. Also be aware that the SQL and XML based passdb modules have been 112 112 removed in the Samba-3.0.23 release. More information regarding external support for a SQL 113 113 passdb module can be found on the <a class="ulink" href="http://pdbsql.sourceforge.net/" target="_top">pdbsql</a> web site. 114 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2579156"></a>Group Mapping Changes in Samba-3.0.23</h3></div></div></div><p>115 <a class="indexterm" name="id25 79163"></a>116 <a class="indexterm" name="id25 79170"></a>117 <a class="indexterm" name="id25 79177"></a>118 <a class="indexterm" name="id25 79184"></a>119 <a class="indexterm" name="id25 79191"></a>120 <a class="indexterm" name="id25 79198"></a>121 <a class="indexterm" name="id25 79204"></a>122 <a class="indexterm" name="id25 79211"></a>123 <a class="indexterm" name="id25 79218"></a>124 <a class="indexterm" name="id25 79224"></a>125 <a class="indexterm" name="id25 79231"></a>114 </p></div><div class="sect2" title="Group Mapping Changes in Samba-3.0.23"><div class="titlepage"><div><div><h3 class="title"><a name="id2585226"></a>Group Mapping Changes in Samba-3.0.23</h3></div></div></div><p> 115 <a class="indexterm" name="id2585234"></a> 116 <a class="indexterm" name="id2585241"></a> 117 <a class="indexterm" name="id2585248"></a> 118 <a class="indexterm" name="id2585255"></a> 119 <a class="indexterm" name="id2585261"></a> 120 <a class="indexterm" name="id2585268"></a> 121 <a class="indexterm" name="id2585275"></a> 122 <a class="indexterm" name="id2585282"></a> 123 <a class="indexterm" name="id2585288"></a> 124 <a class="indexterm" name="id2585295"></a> 125 <a class="indexterm" name="id2585302"></a> 126 126 The default mapping entries for groups such as <code class="literal">Domain Admins</code> are no longer 127 127 created when using an <code class="literal">smbpasswd</code> file or a <code class="literal">tdbsam</code> passdb … … 130 130 Windows group SID to UNIX GID mappings. This change has no effect on winbindd's IDMAP functionality 131 131 for domain groups. 132 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2579276"></a>LDAP Changes in Samba-3.0.23</h3></div></div></div><p>133 <a class="indexterm" name="id25 79284"></a>134 <a class="indexterm" name="id25 79291"></a>135 <a class="indexterm" name="id25 79298"></a>136 <a class="indexterm" name="id25 79305"></a>137 <a class="indexterm" name="id25 79312"></a>132 </p></div><div class="sect2" title="LDAP Changes in Samba-3.0.23"><div class="titlepage"><div><div><h3 class="title"><a name="id2585347"></a>LDAP Changes in Samba-3.0.23</h3></div></div></div><p> 133 <a class="indexterm" name="id2585355"></a> 134 <a class="indexterm" name="id2585362"></a> 135 <a class="indexterm" name="id2585369"></a> 136 <a class="indexterm" name="id2585376"></a> 137 <a class="indexterm" name="id2585382"></a> 138 138 There has been a minor update the Samba LDAP schema file. A substring matching rule has been 139 139 added to the <code class="literal">sambaSID</code> attribute definition. For OpenLDAP servers, this
Note:
See TracChangeset
for help on using the changeset viewer.