- Timestamp:
- Mar 1, 2010, 3:05:48 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/ChangeNotes.html
r368 r411 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 5.2"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="optional.html" title="Part III. Advanced Configuration"><link rel="next" href="NetworkBrowsing.html" title="Chapter 10. Network Browsing"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="optional.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="NetworkBrowsing.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 9. Important and Critical Change Notes for the Samba 3.x Series"><div class="titlepage"><div><div><h2 class="title"><a name="ChangeNotes"></a>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jerry@samba.org">jerry@samba.org</a>></code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ChangeNotes.html#id2584662">Important Samba-3.2.x Change Notes</a></span></dt><dt><span class="sect1"><a href="ChangeNotes.html#id2584674">Important Samba-3.0.x Change Notes</a></span></dt><dd><dl><dt><span class="sect2"><a href="ChangeNotes.html#id2584733">User and Group Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585045">Essential Group Mappings</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585166">Passdb Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585226">Group Mapping Changes in Samba-3.0.23</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2585347">LDAP Changes in Samba-3.0.23</a></span></dt></dl></dd></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="optional.html" title="Part III. Advanced Configuration"><link rel="next" href="NetworkBrowsing.html" title="Chapter 10. Network Browsing"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="optional.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="NetworkBrowsing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ChangeNotes"></a>Chapter 9. Important and Critical Change Notes for the Samba 3.x Series</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="orgname">Samba Team</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jerry@samba.org">jerry@samba.org</a>></code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ChangeNotes.html#id2578577">Important Samba-3.2.x Change Notes</a></span></dt><dt><span class="sect1"><a href="ChangeNotes.html#id2578588">Important Samba-3.0.x Change Notes</a></span></dt><dd><dl><dt><span class="sect2"><a href="ChangeNotes.html#id2578647">User and Group Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2578959">Essential Group Mappings</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2579081">Passdb Changes</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2579141">Group Mapping Changes in Samba-3.0.23</a></span></dt><dt><span class="sect2"><a href="ChangeNotes.html#id2579261">LDAP Changes in Samba-3.0.23</a></span></dt></dl></dd></dl></div><p> 2 2 Please read this chapter carefully before update or upgrading Samba. You should expect to find only critical 3 3 or very important information here. Comprehensive change notes and guidance information can be found in the 4 4 section <a class="link" href="upgrading-to-3.0.html" title="Chapter 35. Updating and Upgrading Samba">Updating and Upgrading Samba</a>. 5 </p><div class="sect1" title="Important Samba-3.2.x Change Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2584662"></a>Important Samba-3.2.x Change Notes</h2></div></div></div><p>5 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2578577"></a>Important Samba-3.2.x Change Notes</h2></div></div></div><p> 6 6 !!!!!!!!!!!!Add all critical update notes here!!!!!!!!!!!!! 7 </p></div><div class="sect1" title="Important Samba-3.0.x Change Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2584674"></a>Important Samba-3.0.x Change Notes</h2></div></div></div><p>7 </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2578588"></a>Important Samba-3.0.x Change Notes</h2></div></div></div><p> 8 8 These following notes pertain in particular to Samba 3.0.23 through Samba 3.0.25c (or more recent 3.0.25 9 9 update). Samba is a fluid and ever changing project. Changes throughout the 3.0.x series release are … … 22 22 This chapter is new to the release of the HOWTO for Samba 3.0.23. It includes much of the notes provided 23 23 in the <code class="filename">WHATSNEW.txt</code> file that is included with the Samba source code release tarball. 24 </p><div class="sect2" title="User and Group Changes"><div class="titlepage"><div><div><h3 class="title"><a name="id2584733"></a>User and Group Changes</h3></div></div></div><p>24 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2578647"></a>User and Group Changes</h3></div></div></div><p> 25 25 The change documented here affects unmapped user and group accounts only. 26 26 </p><p> 27 <a class="indexterm" name="id25 84746"></a>28 <a class="indexterm" name="id25 84752"></a>29 <a class="indexterm" name="id25 84759"></a>30 <a class="indexterm" name="id25 84768"></a>31 <a class="indexterm" name="id25 84777"></a>27 <a class="indexterm" name="id2578660"></a> 28 <a class="indexterm" name="id2578667"></a> 29 <a class="indexterm" name="id2578674"></a> 30 <a class="indexterm" name="id2578683"></a> 31 <a class="indexterm" name="id2578692"></a> 32 32 The user and group internal management routines have been rewritten to prevent overlaps of 33 33 assigned Relative Identifiers (RIDs). In the past the has been a potential problem when … … 36 36 <code class="literal">net rpc vampire</code>. 37 37 </p><p> 38 <a class="indexterm" name="id25 84809"></a>39 <a class="indexterm" name="id25 84815"></a>40 <a class="indexterm" name="id25 84822"></a>41 <a class="indexterm" name="id25 84828"></a>38 <a class="indexterm" name="id2578723"></a> 39 <a class="indexterm" name="id2578730"></a> 40 <a class="indexterm" name="id2578736"></a> 41 <a class="indexterm" name="id2578743"></a> 42 42 Unmapped users are now assigned a SID in the <code class="literal">S-1-22-1</code> domain and unmapped 43 43 groups are assigned a SID in the <code class="literal">S-1-22-2</code> domain. Previously they were … … 46 46 been under the authority of the local SAM (see the man page for <code class="literal">net getlocalsid</code>). 47 47 </p><p> 48 <a class="indexterm" name="id25 84865"></a>49 <a class="indexterm" name="id25 84872"></a>50 <a class="indexterm" name="id25 84879"></a>51 <a class="indexterm" name="id25 84886"></a>52 <a class="indexterm" name="id25 84892"></a>48 <a class="indexterm" name="id2578780"></a> 49 <a class="indexterm" name="id2578786"></a> 50 <a class="indexterm" name="id2578793"></a> 51 <a class="indexterm" name="id2578800"></a> 52 <a class="indexterm" name="id2578807"></a> 53 53 The result is that any unmapped users or groups on an upgraded Samba domain controller may 54 54 be assigned a new SID. Because the SID rather than a name is stored in Windows security … … 60 60 An example helps to illustrate the change: 61 61 </p><p> 62 <a class="indexterm" name="id25 84915"></a>63 <a class="indexterm" name="id25 84922"></a>64 <a class="indexterm" name="id25 84928"></a>65 <a class="indexterm" name="id25 84935"></a>62 <a class="indexterm" name="id2578829"></a> 63 <a class="indexterm" name="id2578836"></a> 64 <a class="indexterm" name="id2578843"></a> 65 <a class="indexterm" name="id2578849"></a> 66 66 Assume that a group named <span class="emphasis"><em>developers</em></span> exists with a UNIX GID of 782. In this 67 67 case this group does not exist in Samba's group mapping table. It would be perfectly normal for … … 69 69 <code class="literal">S-1-5-21-647511796-4126122067-3123570092-2565</code>. 70 70 </p><p> 71 <a class="indexterm" name="id25 84959"></a>72 <a class="indexterm" name="id25 84965"></a>73 <a class="indexterm" name="id25 84972"></a>74 <a class="indexterm" name="id25 84979"></a>71 <a class="indexterm" name="id2578873"></a> 72 <a class="indexterm" name="id2578880"></a> 73 <a class="indexterm" name="id2578887"></a> 74 <a class="indexterm" name="id2578893"></a> 75 75 With the release of Samba-3.0.23, the group SID would be reported as <code class="literal">S-1-22-2-782</code>. Any 76 76 security descriptors associated with files stored on a Windows NTFS disk partition will not allow access based … … 80 80 even though both SIDs in some respect refer to the same UNIX group. 81 81 </p><p> 82 <a class="indexterm" name="id25 85015"></a>83 <a class="indexterm" name="id25 85022"></a>82 <a class="indexterm" name="id2578930"></a> 83 <a class="indexterm" name="id2578936"></a> 84 84 The workaround for versions of Samba prior to 3.0.23, is to create a manual domain group mapping 85 85 entry for the group <span class="emphasis"><em>developers</em></span> to point at the 86 86 <code class="literal">S-1-5-21-647511796-4126122067-3123570092-2565</code> SID. With the release of Samba-3.0.23 this 87 87 workaround is no longer needed. 88 </p></div><div class="sect2" title="Essential Group Mappings"><div class="titlepage"><div><div><h3 class="title"><a name="id2585045"></a>Essential Group Mappings</h3></div></div></div><p>88 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2578959"></a>Essential Group Mappings</h3></div></div></div><p> 89 89 Samba 3.0.x series releases before 3.0.23 automatically created group mappings for the essential Windows 90 90 domain groups <code class="literal">Domain Admins, Domain Users, Domain Guests</code>. Commencing with Samba 3.0.23 … … 92 92 correctly authenticate and recoognize valid domain users. When this happens users will not be able to log onto 93 93 the Windows client. 94 </p><div class="note" title="Note"style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>94 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 95 95 Group mappings are essentail only if the Samba servers is running as a PDC/BDC. Stand-alone servers do not 96 96 require these group mappings. … … 103 103 For further information regarding group mappings see <a class="link" href="groupmapping.html" title="Chapter 12. Group Mapping: MS Windows and UNIX">Group Mapping: MS Windows 104 104 and UNIX</a>. 105 </p></div><div class="sect2" title="Passdb Changes"><div class="titlepage"><div><div><h3 class="title"><a name="id2585166"></a>Passdb Changes</h3></div></div></div><p>106 <a class="indexterm" name="id25 85174"></a>107 <a class="indexterm" name="id25 85180"></a>108 <a class="indexterm" name="id25 85187"></a>109 <a class="indexterm" name="id25 85194"></a>105 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2579081"></a>Passdb Changes</h3></div></div></div><p> 106 <a class="indexterm" name="id2579088"></a> 107 <a class="indexterm" name="id2579095"></a> 108 <a class="indexterm" name="id2579101"></a> 109 <a class="indexterm" name="id2579108"></a> 110 110 The <a class="link" href="smb.conf.5.html#PASSDBBACKEND" target="_top">passdb backend</a> parameter no longer accepts multiple passdb backends in a 111 111 chained configuration. Also be aware that the SQL and XML based passdb modules have been 112 112 removed in the Samba-3.0.23 release. More information regarding external support for a SQL 113 113 passdb module can be found on the <a class="ulink" href="http://pdbsql.sourceforge.net/" target="_top">pdbsql</a> web site. 114 </p></div><div class="sect2" title="Group Mapping Changes in Samba-3.0.23"><div class="titlepage"><div><div><h3 class="title"><a name="id2585226"></a>Group Mapping Changes in Samba-3.0.23</h3></div></div></div><p>115 <a class="indexterm" name="id25 85234"></a>116 <a class="indexterm" name="id25 85241"></a>117 <a class="indexterm" name="id25 85248"></a>118 <a class="indexterm" name="id25 85255"></a>119 <a class="indexterm" name="id25 85261"></a>120 <a class="indexterm" name="id25 85268"></a>121 <a class="indexterm" name="id25 85275"></a>122 <a class="indexterm" name="id25 85282"></a>123 <a class="indexterm" name="id25 85288"></a>124 <a class="indexterm" name="id25 85295"></a>125 <a class="indexterm" name="id25 85302"></a>114 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2579141"></a>Group Mapping Changes in Samba-3.0.23</h3></div></div></div><p> 115 <a class="indexterm" name="id2579148"></a> 116 <a class="indexterm" name="id2579155"></a> 117 <a class="indexterm" name="id2579162"></a> 118 <a class="indexterm" name="id2579169"></a> 119 <a class="indexterm" name="id2579176"></a> 120 <a class="indexterm" name="id2579183"></a> 121 <a class="indexterm" name="id2579190"></a> 122 <a class="indexterm" name="id2579196"></a> 123 <a class="indexterm" name="id2579203"></a> 124 <a class="indexterm" name="id2579210"></a> 125 <a class="indexterm" name="id2579216"></a> 126 126 The default mapping entries for groups such as <code class="literal">Domain Admins</code> are no longer 127 127 created when using an <code class="literal">smbpasswd</code> file or a <code class="literal">tdbsam</code> passdb … … 130 130 Windows group SID to UNIX GID mappings. This change has no effect on winbindd's IDMAP functionality 131 131 for domain groups. 132 </p></div><div class="sect2" title="LDAP Changes in Samba-3.0.23"><div class="titlepage"><div><div><h3 class="title"><a name="id2585347"></a>LDAP Changes in Samba-3.0.23</h3></div></div></div><p>133 <a class="indexterm" name="id25 85355"></a>134 <a class="indexterm" name="id25 85362"></a>135 <a class="indexterm" name="id25 85369"></a>136 <a class="indexterm" name="id25 85376"></a>137 <a class="indexterm" name="id25 85382"></a>132 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2579261"></a>LDAP Changes in Samba-3.0.23</h3></div></div></div><p> 133 <a class="indexterm" name="id2579270"></a> 134 <a class="indexterm" name="id2579276"></a> 135 <a class="indexterm" name="id2579283"></a> 136 <a class="indexterm" name="id2579290"></a> 137 <a class="indexterm" name="id2579297"></a> 138 138 There has been a minor update the Samba LDAP schema file. A substring matching rule has been 139 139 added to the <code class="literal">sambaSID</code> attribute definition. For OpenLDAP servers, this
Note:
See TracChangeset
for help on using the changeset viewer.
