1 WHATS NEW IN Samba 2.0.10
2 =========================
4 Samba 2.0.10 is a security bugfix release. The security hole that is
5 fixed would allow an attacker to exploit certain values of the "log
6 file" option in Samba that contains the %m macro in order to overwrite
7 system files and compromise security.
9 Note that the Samba Team recommends that the much more advanced 2.2.x
10 release of Samba be used by all sites. This release is only being made
11 for sites that do not wish to upgrade to 2.2.x at this time.
16 ----------------------
18 Previous release notes for 2.0.9:
20 Samba 2.0.9 is a security bugfix release. Previous versions of Samba
21 had a bug with the handling of temporary files that allows local users
22 to destroy data on local devices. This bug was discovered during a
23 routine security audit by Caldera. While no exploitation of this bug
24 is known to have occurred it is fairly easy to exploit so sites with
25 untrusted local users should take the threat seriously.
27 The only changes in 2.0.9 are the security updates. This is to
28 maximise stability for those sites that cannot afford to risk any
29 other sort of update. For most sites the Samba Team recommends that
30 the new 2.2.x version of Samba be used instead, as that provides not
31 only the security fixes but much greater functionality and many more
38 NOTE: The Samba 2.0.8 release was supposed to fix this security hole,
43 Previous release notes from 2.0.7
44 ---------------------------------
46 This is the latest stable release of Samba. This is the
47 version that all production Samba servers should be running
48 for all current bug-fixes.
50 New Documentation in 2.0.7
51 --------------------------
53 O'Reilly and Associates have donated their book "Using Samba"
54 to the Samba community to be updated in a collaberative way
55 along with the Samba software. Starting with this release the
56 html of "Using Samba" will be distributed with the Samba software
57 as the online documentation for Samba. Bug fixes for the book
58 are encouraged as is new material. Please help us make this
59 documentation the best it can be for Samba !
61 SWAT (Samba Web Administration Tool) has been updated to
62 add a link to the full text of "Using Samba" from the start
65 Note that this does not mean that the other documentation
66 (man pages especially) are being abandoned. The Samba Team
67 is still committed to updating and improving *all* the
68 documentation shipped with Samba.
70 Also, as the source code for the book is moved into a more
71 manageable format (not raw HTML) we are committed to making
72 it available for editing by all interested parties. The
73 current situation of only shipping HTML with the Samba software
74 is a first attempt at getting this documentation integrated
75 with the Samba software and should not be regarded as the only
76 way in which this material will be made available (it was just
77 the quickest way to get the book integrated into 2.0.7 :-).
82 This version of Samba has been tested with Windows 2000 and
83 the five known incompatibilities with Windows 2000 have been
84 fixed. See the "Changes in 2.0.7" list below for details.
86 New/Changed parameters in 2.0.7
87 -------------------------------
89 There is a new option to the autoconf "./configure" script.
90 This is the "--with-utmp" (and attendant "--without-utmp")
91 option. Running configure with this option will cause smbd
92 to attempt to use utmp accounting for users who log on and
93 log off to the Samba server.
95 There are 5 new parameters in the smb.conf file.
103 These parameters are only available if the "--with-utmp"
104 option was selected at configure time. The yes/no option "utmp"
105 specifies whether utmp records should be recorded on user
106 logon/logoff. It defaults to "no". The "utmp dir" and "wtmp dir"
107 are string parameters specifying pathnames to the directories containing
108 the utmp/wtmp file databases. See the smb.conf man page for more details.
112 This boolean parameter causes newly created files and directories
113 to inherit their initial permissions from their parent directory.
114 This can be very useful in propagating such things as the set-group
115 bit in directory heirarchies. See the smb.conf man page for more
120 This integer parameter specifies (in bytes) the size of a user level
121 per-file write cache that smbd will create for an oplocked file. This
122 can improve performance significantly for writing files by causing
123 writes to be done in large chunk sizes. If this parameter is set (it
124 defaults to zero which means no write cache) to the stripe size of
125 a raid volume then it will cause writes to be much more efficient.
126 Up to 10 write caches can be active simultaneously per smbd (allocated
127 for the first 10 oplocked file opens). All normal warnings about the
128 dangers of user level caching of data apply. See the smb.conf man page
133 This pathname parameter causes Samba to read a list of environment
134 variables from a named file on startup. This can be useful in setting
135 up Samba in a clustered environment. See the smb.conf man page for more
138 Ability to delete users added
139 -----------------------------
141 SWAT and smbpasswd can now delete users from the Samba smbpasswd file.
142 See the man page for smbpasswd for details.
144 Roving profile behavior finalized
145 ---------------------------------
147 The change in behavior with roving profiles (using the "logon home"
148 parameter instead of the "logon path" parameter) introduced in 2.0.6
149 has been discovered to be consistant with the way Windows NT behaves,
150 and has been left as the default action. Please see the additional
151 notes in the "logon home" parameter description in the smb.conf man
152 page for more details.
157 1). Fix for the semaphore promblems when compiling Samba with gcc on
159 2). Quota support for Veritas filesystem added by David Lee.
160 3). Incoming RPC code re-written to support multiple PDU input from
161 the client. This should make the RPC subsystem more robust.
162 4). Fix from Ying Chen @ IBM to inline many frequently called functions. This
163 decreased CPU usage by 10%.
164 5). Fix from Ying Chen @ IBM to use a hash table to lookup entries in the file
165 cache. This is a significant improvement over the old linked-list
167 6). smbclient issues with native language support fixed. smbclient
168 now uses UNIX filename character sets exclusively when communicating
170 7). smbclient fix to not print error messages when "putting" an
172 8). smbclient fix to cope with spaces in filenames when recursing.
173 9). Improved error reporting in smbclient when getting browse lists.
174 10). NetBIOS "scope" now supported in all Samba code/tools.
175 11). New mapping from code page 850 to UNIX "roman8" character set.
176 12). Fix for crash bug if debug file handle couldn't be opened.
177 13). Fix to allow mkdir to correctly set the high order permissions
178 bits for UNIX's that don't allow this by default.
179 14). Fix to dynamically allocate group array for setgroups. Don't
180 depend on NGROUPS_MAX being correctly defined in header files.
181 15). Fix for crash bug in floating point in snprintf.
182 16). "Safe" version of popen() included to allow use in code such
183 as "source environment" patch.
184 17). Fix for SWAT for trailing '\n' in asctime().
185 18). Wildcard match fix from weidel@multichart.de for NT wildcard
187 19). unix_mask_match fixes for "veto files" parameter.
188 20). Fix for system call bug when configuring on Linux kernel 2.0.x
190 21). SO_REUSEPORT socket option added for HPUX.
191 22). All recv() calls changed back to read() to fix Solaris 2.5.x bug.
192 23). Some UNICODE conversion fixes. Not complete yet.
193 24). NetShareEnum fix for Windows 2000. Don't ask for 64K as Win2k
194 can't cope with this (returns "Out of memory" error).
195 25). Fixes for cli_error() crashes.
196 26). Fix for crash when connecting to password server by DNS name
198 27). Fix bug in demangling of compacted NetBIOS names.
199 28). Fixes for slow locking code for VMS.
200 29). Reply to short NetLogon packet in nmbd with short reply.
201 30). Correctly allign userdata to prevent crashes in nmbd.
202 31). Use talloc() in string buffer rotation code to prevent overwrites.
203 32). Added multi-byte awareness to parameter loading code.
204 33). Re-wrote password file modification code. We can now delete users
205 atomically. Original patch from Bruce Tenison.
206 34). Fixed bug in parsing smbpasswd type entries.
207 35). Fixes from HP to the windows registry RPC emulation.
208 36). Added ability to return RPC fault PDU to unknown calls. Needed to
209 allow Windows 2000 to return UNIX permissions as NT ACLs.
210 37). utmp code patch from T.D.Lee@durham.ac.uk. Not available on all
211 platforms - test with ./configure.
212 38). Inherit permissions fix from David Lee.
213 39). Added write caching code for oplocked files.
214 40). Workaround for new bug in Windows 2000 where NT file create using
215 NTtransact call sends UNICODE without bothering to set the UNICODE flag
217 41). Workaround for new bug in Windows 2000 where it attempts to re-write
218 existing ACLs to make them inherit only.
219 42). Removed unused mmap code.
220 43). Added correct implementation of share mode deny table. We now match
222 44). Fix recursion bug with group enumeration.
223 45). Fix from Bjart Kvarme to take into account changed machine passwords
224 that haven't yet propagated from PDC to BDC.
225 46). Correctly skip two byte length field when accepting RPC "start of
226 message" packets in SMBwriteX on pipes.
227 47). Added auto-detection of Windows 2000 clients.
228 48). Fix bug with rollback of POSIX locks if a lock in a range fails to
230 49). Fix bug with registering startup smbd's in flat file.
231 50). Ensure usernames are converted correctly between DOS codepages
232 and UNIX character sets.
233 51). Fix for timestamps being set incorrectly on copied files from
235 52). Fix for parsing HP specific printer definitions in make_printerdef.
236 53). Fix for smbclient doing an 'ls' on large directories from OS/2 servers
237 from Christoph Pfisterer.
238 54). Fix for WINS server code where "do you still want name?" request was
239 being sent to the wrong IP address.
240 55). Fixed "recursion desired" bits set in nmbd so we are identical to
242 56). nmbd now should process logon packets from Win95, Win98 and both
243 versions of the NT logon packet.
244 57). Correctly set parameter offset value for first trans2 reply.
245 58). Win2K will only accept volume labels in UNICODE.
246 59). Ensure nmbd doesn't attempt to use the loopback interface when
248 60). Fixed bug where smbd didn't return '.' or '..' on top level
249 share directory listing.
250 61). Fix for soft quotas not being set (make them equal to hardquota)
251 from Norbert PĆ¼schel (Pueschel.Norbert@Walzbarren-VAW.ne.uunet.de).
252 62). SWAT fixes for SCO UnixWare (SIGPIPE handling).
253 63). Fix for nmbd DOS with redirect recursion.
254 64). Fix for log files growing without bound from Mattias Gronlund.
255 65). Fix for smbd crash bug in truncate is locked.
256 66). Memory leak fix in mangle name code.
258 Older release notes for Samba 2.0.x follow.
260 Previous Release notes for 2.0.6
261 ---------------------------------
263 New/Changed parameters in 2.0.6
264 -------------------------------
266 There are 6 new parameters in the smb.conf file.
270 This parameter allows an external program to be called
271 on all changes to a Samba WINS database, allowing dynamic
274 debug hires timestamp
278 The above 3 parameters provide greater debug information.
283 The above 2 parameters control the action taken on the
284 success or failure of a 'preexec' script.
286 There is also one removed parameter.
290 The addition of these new parameters and the removal of the old
291 is described in more detail in the smb.conf man page,
293 When using "security=domain" the "password server"
294 parameter can now be set to the string "*', which will
295 cause Samba to search for Domain controllers in the
296 same way that Windows NT does. See the smb.conf man
297 page for more details.
299 The "interfaces" parameter in smb.conf can now be dynamically
300 detected on startup and can also now take an interface name
301 such as eth0. See the smb.conf man page for the details
302 on the new features of the "interfaces" parameter.
303 nmbd has been enhanced to use this feature.
305 The syntax for the Linux-specific smbmount command has been changed
306 and is now compatible with the standard mount command. See the modified
307 smbmount man page for details.
309 Support for the UNIX CUPS printer standard has been added.
310 See www.cups.org for details. Thanks to the folks at Easy Software
311 Products for this code. Set the printcap name to "cups" to
312 enable this. See the smb.conf man page for details.
317 1). 64-bit locking removed from Linux autoconf build. This fixes
318 several Linux specific locking issues.
319 2). Crash bug fix in smbclient recursive processing. Fix from
320 E. Jay Berkenbilt (ejb@ql.org).
321 3). "history" command added to smbclient if readline available.
322 4). smbtar - updates files and directory message on restore.
323 5). smbmnt - 'u', 'g', 'r', 'f', 'd' options added by Andrew. See
324 man page for details.
325 6). smbmount updated to be useable by autofs on Linux. See the
326 samba/examples/autofs/README file for details.
327 7). Bug fixed where TCP_NODELAY was not being used by default in smbd.
328 8). Many oplock fixes. Samba now waits 30 seconds, not 45. Also
329 smbd no longer aborts on client break failure, but logs a message
330 and continues. This is what NT does. This should fix many "oplock
331 break" message problems people have been having.
332 9). New code from Andrew to dynamically detect interfaces. nmbd will
333 now attempt to dynamically detect interface changes and register names
334 as an interface goes "up".
335 10). Win95 ioctl for print jobs added by Matt.
336 11). Mapping for ISO8859-1 extended for codepage 437 and 850.
337 12). Code Page 737 -> ISO-8859-7 (Greek-Hellenic) mapping added.
338 13). Character strings now correctly converted from UNIX character set
339 format to DOS codepage when read from smb.conf or external passwd or
340 group files. Samba is now much more careful about what format external
341 strings should be converted to/from.
342 14). snprintf crash fix for IRIX 6.2 and below.
343 15). Increased timestamp debug fixes (adds milliseconds and uid/pid if
345 16). Optimisation for wildcard exact match requests.
346 17). Win95 wildcard semantics fix - unused code removed.
347 18). 'mangle locks' parameter removed. This now done automatically.
348 19). setXid() routines re-written to provide asserts and also to fix
349 AIX versions prior to 4.1.x.
350 20). MSG_WAITALL optimisation removed due to bugs in FreeBSD.
351 21). Length fix when writing UNICODE string.
352 22). oplock processing added to libsmb client code.
353 23). Added more client error message strings.
354 24). Fix bug with connecting to encrypted server when non-encrypted
356 25). In security=domain, password server extended to search for DC's
358 26). "root did not create samaphore" bug fixed.
359 27). random generator initialized early to prevent icons not showing
361 28). Logging fix after SIGHUP.
362 29). WINS hook external call added when nmbd is a WINS server.
363 30). Support for CUPS printer protocol added by Michael Sweet.
364 31). Support for NIS+ backend password database updates.
365 32). Handle dashes in print job id's. Fix from Dom.Mitchell@palmerharvey.co.uk
366 33). Race condition in UNIX password sync on some platforms fixed by Matt.
367 34). Dirptr leak from Win98 fixed.
368 35). Logic bug in handling of level II oplocks fixed.
369 36). smbd crash bug fix when opening directories.
370 37). Paranoia oplock fix from Charles Hoch (hoch@exemplary.com)
371 38). Fix Win2k problem where DCE/RPC is done on SMBwrite as well as SMBwriteX.
372 39). Fix Win95 redirector alignment bug that caused oplock break failures.
373 40). Preexec close code added.
374 41). Extra sanity checks in testparm code.
375 42). oplock tests added to smbtorture.
376 43). Tell SWAT user if logged in as root or not.
377 44). Solaris packaging fixes donated by VERITAS.
379 Older release notes for Samba 2.0.x follow.
381 Previous Release notes for 2.0.5a
382 ---------------------------------
387 Version 2.0.5a of Samba contains three security bugfixes for
388 problems in previous versions of Samba found by Olaf Kirch of
389 Caldera Systems (www.caldera.com). The Samba Team would like
390 to publicly thank Olaf for his help in doing a security review
391 of our code and finding these bugs.
393 The three bugs are one potentially exploitable buffer overrun
394 bug (although no current exploits are known) in smbd and two
395 denial of service bugs in nmbd. By default the smbd bug was not
396 exploitable as shipped (the problem parameter was disabled by
397 default) but instructions on protecting any version of Samba
398 prior to 2.0.5 are included below.
400 All these bugs have been fixed in Samba 2.0.5 and 2.0.5a.
402 If using any version of Samba prior to 2.0.5 the administrator
403 *MUST NOT* enable the "message command" parameter in smb.conf,
404 and *MUST* remove any "message command" that is listed in any
405 existing smb.conf file. No known instances of this attack being
406 exploited have been reported.
408 All Samba versions of nmbd prior to 2.0.5 are vulnerable to a
409 denial of service attack causing nmbd to either crash or to go
410 into an infinite loop. No known instances of this attack being
411 exploited have been reported.
413 New/Changed parameters in 2.0.5 and 2.0.5a.
414 -------------------------------------------
416 There are 5 new parameters in the smb.conf file.
420 directory security mask
421 force directory secruty mode
424 The first 4 parameters are used to control the UNIX permissions bits
425 that an NT client is allowed to modify. These parameters are now
426 used instead of the older "create" parameters that were used in
427 2.0.4 to allow an administrator to separate the two functions.
429 Use of these new parameters is described in the smb.conf man page,
430 and also in the documents :
432 docs/textdocs/NT_Security.txt
433 docs/htmldocs/NT_Security.html
435 The fifth new parameter is described in the following section.
440 Samba 2.0.5 now implements level2 oplocks. As this is new
441 code this parameter is set to "off" by default. The benefit
442 of level2 oplocks is to allow read-only file caching from
443 multiple clients. This is of great speed benefit to shares
444 that are serving application executable programs (.EXE's)
445 that are usually not written to. To learn more about using
446 level 2 oplocks read the parameter description in the smb.conf
447 documentation or read the file :
449 docs/textdocs/Speed.txt.
454 1). Fix for smbd crash bug in string_sub(). smbd was miscalculating
455 memmove lengths on multiple '%' substitutions.
456 2). Fix for wildcard matching bug for old DOS programs running on Win9x.
457 3). Fix for Windows NT client changing passwords against a Samba server,
458 intermittently failing.
459 4). Fix for PPP link being detected as primary interface if using the
460 same IP address as the primary.
461 5). Ensure smbmount is built with RPM build.
466 1). smbmount for Linux systems has been re-written to use
467 the libsmb code and clientutil.c is no longer used with it.
468 2). A bug preventing directory opens using the NT SMB calls
470 3). A related bug causing a file structure leak when directory
471 opens were denied has been fixed.
472 4). Fix for glibc2.1 bug on 32-bit systems being reported as 64
474 5). Prevent timestamps of 0 or -1 corrupting file timestamps.
475 6). Fix for unusual delays when browsing shares using Windows
476 2000 - fix added by Matt.
477 7). Fix for smbpassword reading problems on Sparc Linux was fixed.
478 8). Fix for compiling with SSL library.
479 9). smbclient fix for crash when doing CR/LF conversion.
480 10). smbclient now reports short read errors.
481 11). smbclient now uses remote server workgroup to list servers by default.
482 12). smbclient now has -b option to change transmit/send buffer size.
483 13). smbclient fix for corrupting files when issuing multiple outstanding
485 14). Printing bug where Linux was using SYSV printing by default fixed.
486 Linux now set to be BSD printing by default.
487 15). Change for Linux to use SYSV shared memory by default.
488 16). Fix for using IP_TOS options on some systems.
489 17). Fix for some systems that complained about static struct passwd
490 buffers being modified.
491 18). Range checking applied to all string substitutions. Theoretically
492 not a bug, but much more rebust now.
493 19). Level II oplocks implemented.
494 20). Fix for Win2K client printing added.
495 21). Always allow loopback (127.0.0.1) connects unless specifically denied.
496 22). Patch for FreeBSD interface detection code from Archie Cobbs (archie@whistle.com).
497 23). Return correct status from smbrun.
498 24). snprintf fixes for floating point numbers.
499 25). Force directories to always have zero size.
500 26). Fix for "force group" and "force user" options. "force user" now
501 always uses primary group of user as well. Force group now enhanced with '+'
502 semantics (see smb.conf man page for details).
503 27). Wildcard matching fix to get closer to WinNT semantics for Win9x clients.
504 28). Potential crash bug fixed in wildcard matching code. This bug could also
505 cause smbd to sometimes not see exact file matches.
506 29). Read/write for sockets changed to use revc/send to allow optimisations
508 30). Oplocks added to client library.
509 31). Several purify fixes in IPC code.
510 32). nmbd crash bug in processing strange NetBIOS names fixed.
511 33). nmbd loop bug in processing strange NetBIOS names fixed.
512 34). Paranoia fixes to processing of incoming WinPopup messages in smbd.
513 35). Share mode code now auto initialised.
514 36). Detect dead processes in IPC lock code.
515 37). Explicit -V version switch added to command line processing.
516 38). WORKGROUP(1b) name processing with no WINS server fixed.
517 39). Win2k client detection code added by Matt.
518 40). Fix to allow really short changenotify times to be honoured.
519 41). Fix for NT delete finding the wrong file from Tine Smukavec
520 (valentin.smukavec@hermes.si)
521 42). SWAT fix to prevent stderr messages from breaking the Web client.
522 43). testparm fixes to check more parameter conflicts.
523 44). Relative paths not fetched via SWAT in CGI scripts.
524 45). SWAT remote password change - remote host name not treated as a
525 password field any more.
530 A bug with MS-Word 97 saving files with zero UNIX permissions
531 was fixed. Even though a workaround is available (set force
532 create mode = 644 on the share) Word is such an important
533 application that a point fix was neccessary.
538 The text and html versions of NT_Security were missing from
539 the shipping tarball. Also a compile bug for platforms that
540 don't have usleep was fixed.
545 There are 5 new parameters and one modified parameter in
548 allow trusted domains
551 oplock break wait time
552 oplock contention limit
554 The modified parameter is :
558 Bugfixes added since 2.0.3
559 --------------------------
561 1). Fix for 8 character password problem when using HPUX and
563 2). --with-pam option added to ./configure.
564 3). Client fixes for memory leak and display of 64 bit values.
565 4). Fixes for -E and -s option with smbclient.
566 5). smbclient now allows -L //server or -L \\server
567 6). smbtar fix for display of 64 bit values.
568 7). Endian independence added to DCE/RPC code.
569 8). DCE/RPC marshalling/unmarshalling code re-written to provide
570 overflow reporting and sign and seal support.
571 9). Bind NAK reply packet added to DCE/RPC code, used to correctly
572 refuse bind requests (prevents NT system event log messages).
573 10). Mapping of UNIX permissions into NT ACL's for get and set
575 11). DCE/RPC enumeration of numbers of shares made dynamic.
576 Samba now has no limit on the number of exported shares seen.
577 12). Fix to speed up random number seed generation on /dev/urandom
579 13). Several memory fixes added by running Purify on the code.
580 14). Read from client error messages improved.
581 15). Fixed endianness used in UNICODE strings.
582 16). Cope with ERRORmoredata in an RPC pipe client call.
583 17). Check for malformed responses in nmbd register name.
584 18). NT Encrypted password changing from the NT password dialog box
585 now fully implmented.
586 19). Mangle 64-bit lock ranges into 32-bits (NT bug!) on a 32-bit
588 20). Allow file to be pseudo-openend in order to read security only.
589 21). Improve filename mangling to reduce chance of collisions.
590 22). Added code to prevent granting of oplocks when a file is under
592 23). Added tunable wait time before sending an oplock break request
593 to a client if the client caused the break request. Helps with clients
594 not responding to oplock breaks.
595 24). Always respond negatively to queued local oplock break messages
596 before shutdown. This can prevent "freezes" on an oplock error.
597 25). Allow admin to restrict logons to correct domain when in domain
599 26). Added "restrict anonymous" patch from Andy (thwartedefforts@wonky.org)
600 to prevent parameter substitution problems with anonymous connections.
601 27). Fix SMBseek where seeking to a negative number sets the offset
603 28). Fixed problem with mode getting corrupted in trans2 request
604 (setting to zero means please ignore it).
605 29). Correctly become the authenticated user on an authenticated
606 DCE/RPC pipe request.
607 30). Correctly reset debug level in nmbd if someone set it on the
609 31). Added more checking into testparm
610 32). NetBench simulator added to smbtorture by Andrew.
611 33). Fixed NIS+ option compile (was broken in 2.0.3).
612 34). Recursive smbclient directory listing fix. Patch from E. Jay Berkenbilt
615 Bugfixes added since 2.0.2
616 --------------------------
618 1). --with-ssl configure now include ssl include directory. Fix
620 2). Patch for configure for glibc2.1 support (large files etc.).
621 3). Several bugfixes for smbclient tar mode from Bob Boehmer
622 (boehmer@worldnet.att.net) to fix smbclient aborting problems
623 when restoring tar files.
624 4). Some automount fixes for smbmount.
625 5). Attempt to fix the AIX 4.1.x/3.x problems where smbd runs as
626 root. As no-one has given us root access to such a server this
627 cannot be tested fully, but should work.
628 6). Crash bug fix in debug code where *real* uid rather than
629 *effective* uid was being checked before attempting to rotate
630 log files. This fix should help a *lot* of people who were
631 reporting smbd aborting in the middle of a copy operation.
632 7). SIGALRM bugfix to ensure infinate file locks time out.
633 8). New code to implement NT ACL reporting for cacls.exe program.
634 9). UDP loopback socket rebind fix for Solaris.
635 10). Ensure all UNICODE strings are correctly in little-endian
637 11). smbpasswd file locking fix.
638 12). Fixes for strncpy problems with glibc2.1.
639 13). Ensure smbd correctly reports major and minor version number
640 and server type when queried via NT rpc calls.
641 14). Bugfix for short mangled names not being pulled off the
642 mangled stack correctly.
643 15). Fix for mapping of rwx bits being incorrectly overwritten
644 when doing ATTRIB.EXE
645 16). Fix for returning multiple PDU packets in NT rpc code. Should
646 allow multiple shares to be returned correctly).
647 17). Improved mapping of NT open access requests into UNIX open
649 18). Fix for copying files from an NTFS volume that contain
650 multiple data forks. Added 'magic' error code NT needs.
651 19). Fixed crash bug when primary NT authentication server
652 is down, rolls over to secondaries correctly now.
653 20). Fixed timeout processing to be timer based. Now will
654 always occur even if smbd is under load.
655 21). Fixed signed/unsigned problem in quotas code.
656 22). Fixed bug where setting the password of a completely fresh
657 user would end up setting the account disabled flag.
658 23). Improved user logon messages to help admins having
659 trouble with user authentication.
661 Bugfixes added since 2.0.1
662 --------------------------
664 Note that due to a critical signal handling bug in 2.0.1,
665 this release has been removed and replaced immediately with
666 2.0.2. The Samba Team would like to apologise for any problem
667 this may have caused.
669 1). Fixed smbd looping on SIGCLD problem. This was
670 caused by a missing break statement in a critical
673 Bugfixes added since 2.0.0
674 --------------------------
676 1). Autoconf changes for gcc2.7.x and Solaris 2.5/2.6
677 2). Autoconf changes to help HPUX configure correctly.
678 3). Autoconf changes to allow lock directory to be set.
679 4). Client fix to allow port to be set.
680 5). clitar fix to send debug messages to stderr.
681 6). smbmount race condition fix.
682 7). Fix for bug where trying to browse large numbers of shares
683 generated an error from an NT client.
684 8). Wrapper for setgroups for SunOS 4.x
685 9). Fix for directory deleting failing from multiuser NT.
686 10). Fix for crash bug if bitmap was full.
687 11). Fix for Linux genrand where /dev/random could cause
688 clients to timeout on connect if the entropy pool was
690 12). The default PASSWD_CHAT may now be overridden in local.h
691 13). HPUX printing fixes for default programs.
692 14). Reverted (erroneous) code in MACHINE.SID generation that
693 was setting the sid to 0x21 - should be *decimal* 21.
694 15). Fix for printing to remote machine under SVR4.
695 16). Fix for chgpasswd wait being interrupted with EINTR.
696 17). Fix for disk free routine. NT and Win98 now correctly
697 show greater than 2GB disks.
698 18). Fix for crash bug in stat cache statistics printing.
699 19). Fix for filenames ending in .~xx.
700 20). Fix for access check code wait being interrupted with EINTR.
701 21). Fix for password changes from "invalid password" to a valid
702 one setting the account disabled bit.
703 22). Fix for smbd crash bug in SMBreadraw cache prime code.
704 23). Fix for overly zealous lock range overflow reporting.
705 24). Fix for large disk disk free reporting (NT SMB code).
706 25). Fix for NT failing to truncate files correctly.
707 26). Fix for smbd crash bug with SMBcancel calls.
708 27). Additional -T flag to nmblookup to do reverse DNS on addresses.
709 28). SWAT fix to start/stop smbd/nmbd correctly.
711 Major changes in Samba 2.0
712 --------------------------
714 This is a MAJOR new release of Samba, the UNIX based SMB/CIFS file
715 and print server for Windows systems.
717 There have been many changes in Samba since the last major release,
718 1.9.18. These have mainly been in the areas of performance and
719 SMB protocol correctness. In addition, a Web based GUI interface
720 for configuring Samba has been added.
722 In addition, Samba has been re-written to help portability to
723 other POSIX-based systems, based on the GNU autoconf tool.
725 There are many major changes in Samba for version 2.0. Here are
728 =====================================================================
733 Samba has been benchmarked on high-end UNIX hardware as out-performing
734 all other SMB/CIFS servers using the Ziff-Davis NetBench benchmark.
735 Many changes to the code to optimise high-end performance have been made.
740 Samba now supports the Windows NT specific SMB requests. This
741 means that on platforms that are capable Samba now presents a
742 64 bit view of the filesystem to Windows NT clients and is
743 capable of handling very large files.
748 Samba is now self-configuring using GNU autoconf, removing
749 the need for people installing Samba to have to hand configure
750 Makefiles, as was needed in previous versions.
752 You now configure Samba by running "./configure" then "make". See
753 docs/textdocs/UNIX_INSTALL.txt for details.
755 4). Web based GUI configuration
756 -------------------------------
758 Samba now comes with SWAT, a web based GUI config system. See
759 the swat man page for details on how to set it up.
761 5). Cross protocol data integrity
762 ---------------------------------
764 An open function interface has been defined to allow
765 "opportunistic locks" (oplocks for short) granted by Samba
766 to be seen by other UNIX processes. This allows complete
767 cross protocol (NFS and SMB) data integrety using Samba
768 with platforms that support this feature.
770 6). Domain client capability
771 ----------------------------
773 Samba is now capable of using a Windows NT PDC for user
774 authentication in exactly the same way that a Windows NT
775 workstation does, i.e. it can be a member of a Domain. See
776 docs/textdocs/DOMAIN_MEMBER.txt for details.
778 7). Documentation Updates
779 -------------------------
781 All the reference parts of the Samba documentation (the
782 manual pages) have been updated and converted to a document
783 format that allows automatic generation of HTML, SGML, and
784 text formats. These documents now ship as standard in HTML
787 =====================================================================
789 NOTE - Some important option defaults changed
790 ---------------------------------------------
792 Several parameters have changed their default values. The most
793 important of these is that the default security mode is now user
794 level security rather than share level security.
796 This (incompatible) change was made to ease new Samba installs
797 as user level security is easier to use for Windows 95/98 and
800 ********IMPORTANT NOTE****************
802 If you have no "security=" line in the [global] section of
803 your current smb.conf and you update to Samba 2.0 you will
804 need to add the line :
808 to get exactly the same behaviour with Samba 2.0 as you
809 did with previous versions of Samba.
811 ********END IMPORTANT NOTE*************
813 In addition, Samba now defaults to case sensitivity options that
814 match a Windows NT server precisely, that is, case insensitive
817 The default format of the smbpasswd file has also been
818 changed for this release, although the new tools will read
819 and write the old format, for backwards compatibility.
821 =====================================================================
823 NOTE - Primary Domain Controller Functionality
824 ----------------------------------------------
826 This version of Samba contains code that correctly implements
827 the undocumented Primary Domain Controller authentication
828 protocols. However, there is much more to being a Primary
829 Domain Controller than serving Windows NT logon requests.
831 A useful version of a Primary Domain Controller contains
832 many remote procedure calls to do things like enumerate users,
833 groups, and security information, only some of which Samba currently
834 implements. In addition, there are outstanding (known) bugs with
835 using Samba as a PDC in this release that the Samba Team are actively
836 working on. For this reason we have chosen not to advertise and
837 actively support Primary Domain Controller functionality with this
840 This work is being done in the CVS (developer) versions of Samba,
841 development of which continues at a fast pace. If you are
842 interested in participating in or helping with this development
843 please join the Samba-NTDOM mailing list. Details on joining
846 http://samba.org/listproc/
848 Details on obtaining CVS (developer) versions of Samba
851 http://samba.org/cvs.html
853 =====================================================================
855 If you think you have found a bug please email a report to :
859 As always, all bugs are our responsibility.