[samba-jp:20556] Samba 4 alpha6が出ました

oota @ mail.linux.bs1.fc.nec.co.jp oota @ mail.linux.bs1.fc.nec.co.jp
2009年 1月 23日 (金) 18:55:27 JST


太田@NECです。

ひっさしぶりに、Samba4の新しいバージョンが出ました。

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We are proud to finally announce another alpha release of Samba 4. 

What's new in Samba 4 alpha6
============================

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

Samba4 alpha6 follows on from the alpha release series we have been
publishing since September 2007

WARNINGS
========

Samba4 alpha6 is not a final Samba release.  That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet.  If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.

For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller, and it is
in this role where it has seen deployment into production.

Samba4 is subjected to an awesome battery of tests on an
automated basis, we have found Samba4 to be very stable in it's
behaviour.  We have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage, because there may be the features on
which you may rely that are not present, or the mapping of
your configuration and user database may not be complete. 

If you are upgrading, or looking to develop, test or deploy Samba4, you should
backup all configuration and data.

NEW FEATURES
============

Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.

The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations.  This includes file
annotation information (in streams) and NT ACLs in particular.  The
VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.

The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends.  One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.

CHANGES SINCE Alpha5
=====================

In the time since Samba4 Alpha5 was released in June 2008, Samba has
continued to evolve, but you may particularly notice these areas 
(in no particular order):

 The source code for various libraries that are used by both Samba 3 and 
 Samba 4 are now shared between the two rather than duplicated 
 (and being slightly diverged).

 The tevent library has been split out and is now usable on its own.

 Several crash bugs and memory leaks in the registry library have been fixed.

 The Python modules have been extended and are no longer generated using SWIG.

 Stream renames are now supported.

 The provision script now has an interactive mode.

 The (broken) copy of CTDB has been removed.

 More work towards supporting an OpenLDAP backend. 

 Initial work on using the Microsoft LDAP schema.

 The storage of schemas in LDB is now much more efficient.

 Support for extended DNs in LDB has been added.

 Incoming trusts are now supported.

 Compatibility of the registry server with several Windows versions has been 
 improved.

 Improvements to LSA.idl for better functionality in the usrmgr.exe.

 Improved handling of non-standard characters in passwords.

 The embedded JavaScript library has been removed in favor of Python.

 The WMI implementation has been re-added, but does not completely work yet.

 xpress compression is now supported in the NDR layer.

 The main binary is now named "samba" rather than "smbd".

 A simple script for setting the expiration of a user was added.

 The LDB library is now completely asynchronous internally.

 Various unknowns and correctness issues in the drsblobs and drsuapi RPC 
 interface implementations have been fixed.

 It is now possible to connect to an LDAP backend using SASL credentials.

 Multi-fragment NTtrans request support has been added.

 The DCE/RPC server can now listen on a separate pipe to allow DCE/RPC 
 connections forwarded from Samba 3. The user credentials are provided 
 by the client.

 A large number of bugs in the SMB2 implementation have been fixed.

 Auxiliary classes in LDAP schema conversion are now collapsed.

 Several tests have been added to the SMB testsuite.

 Object GUIDs in DCE/RPC connections are now dealt with properly.

 The correctness of the LSA and NETLOGON implementations has been 
 improved.

 Multi Master Replication configuration can now be generated 
 for OpenLDAP.

These are just some of the highlights of the work done in the past few
months.  More details can be found in our GIT history.


CHANGES
=======

Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.

KNOWN ISSUES
============

- - Domain member support is in it's infancy, and is not comparable to
  the support found in Samba3.

- - There is no printing support in the current release.

- - There is no NetBIOS browsing support in the current release

- - The Samba4 port of the CTDB clustering support is not yet complete

- - Clock Synchronisation is critical.  Many 'wrong password' errors are
  actually due to Kerberos objecting to a clock skew between client
  and server.  (The NTP work in the previous alpha is partly to assist
  with this problem).

- - Samba4 alpha6 is currently only portable to recent Linux
  distributions.  Work to return support for other Unix varients is
  expected during the next alpha cycle

- - Samba4 alpha6 is incompatible with GnuTLS 2.0, found in Fedora 9 and
  recent Ubuntu releases.  GnuTLS use may be disabled using the
  --disable-gnutls argument to ./configure. (otherwise 'make test' and
  LDAPS operations will hang).

RUNNING Samba4
==============

A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.

DEVELOPMENT and FEEDBACK
========================
Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.  

The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).

================
Download Details
================

The release tarball is available from the following location:
 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha6.tar.gz

This release has been signed using GPG with Jelmer's GPG key (1EEF5276).

 * http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha6.tar.asc

To verify that the signature is correct, make sure that the tarball has
been unzipped and run:

$ gpg --verify samba-4.0.0alpha6.tar.asc

We are also planning on making Debian packages available.

Happy testing!

The Samba team

--
太田 俊哉@NEC OSS開本 OSS推進センター OSS/LinuxソリューションG(芝.港.東京) 
(samba-jp/ldap-jp Staff,mutt-j admin,analog-jp/samba-jp postmaster)



samba-jp メーリングリストの案内