[thirdparty/samba.git] / WHATSNEW.txt

Release Announcements
=====================

This is the first pre release of Samba 4.21.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

Samba 4.21 will be the next version of the Samba suite.


UPGRADING
=========

LDAP TLS/SASL channel binding support
-------------------------------------

The ldap server supports SASL binds with
kerberos or NTLMSSP over TLS connections
now (either ldaps or starttls).

Setups where 'ldap server require strong auth = allow_sasl_over_tls'
was required before, can now most likely move to the
default of 'ldap server require strong auth = yes'.

If SASL binds without correct tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.

This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.

All client tools using ldaps also include the correct
channel bindings now.


NEW FEATURES/CHANGES
====================

LDB no longer a standalone tarball
----------------------------------

LDB, Samba's LDAP-like local database and the power behind the Samba
AD DC, is no longer available to build as a distinct tarball, but is
instead provided as an optional public library.

If you need ldb as a public library, say to build sssd, then use
 ./configure --private-libraries='!ldb'

This re-integration allows LDB tests to use the Samba's full selftest
system, including our knownfail infrastructure, and decreases the work
required during security releases as a coordinated release of the ldb
tarball is not also required.

This approach has been demonstrated already in Debian, which is already
building Samba and LDB is this way.

As part of this work, the pyldb-util public library, not known to be
used by any other software, is made private to Samba.

LDB Module API Python bindings removed
--------------------------------------

The LDB Modules API, which we do not promise a stable ABI or API for,
was wrapped in python in early LDB development.  However that wrapping
never took into account later changes, and so has not worked for a
number of years.  Samba 4.21 and LDB 2.10 removes this unused and
broken feature.

REMOVED FEATURES
================


smb.conf changes
================

  Parameter Name                          Description     Default
  --------------                          -----------     -------
  ldap server require strong auth         new values


KNOWN ISSUES
============

https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.21#Release_blocking_bugs


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Commit	Line	Data
e30937e2 KS	1	Release Announcements
	2	=====================
	3
c0dc0fd3	4	This is the first pre release of Samba 4.21. This is not
e30937e2 KS	5	intended for production environments and is designed for testing
	6	purposes only. Please report any defects via the Samba bug reporting
	7	system at https://bugzilla.samba.org/.
ba4bb742	8
c0dc0fd3	9	Samba 4.21 will be the next version of the Samba suite.
08401ffd	10
c0a9fdc6	11
a0a2f799 AB	12	UPGRADING
	13	=========
	14
e1c4caed SM	15	LDAP TLS/SASL channel binding support
	16	-------------------------------------
	17
	18	The ldap server supports SASL binds with
	19	kerberos or NTLMSSP over TLS connections
	20	now (either ldaps or starttls).
	21
	22	Setups where 'ldap server require strong auth = allow_sasl_over_tls'
	23	was required before, can now most likely move to the
	24	default of 'ldap server require strong auth = yes'.
	25
	26	If SASL binds without correct tls channel bindings are required
	27	'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
	28	should be used now, as 'allow_sasl_over_tls' will generate a
	29	warning in every start of 'samba', as well as '[samba-tool ]testparm'.
	30
	31	This is similar to LdapEnforceChannelBinding under
	32	HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
	33	on Windows.
	34
	35	All client tools using ldaps also include the correct
	36	channel bindings now.
	37
5bcf3f1b	38
c1bbe58c KS	39	NEW FEATURES/CHANGES
c1bbe58c KS	40	====================
62875044	41
9f167b9b AB	42	LDB no longer a standalone tarball
	43	----------------------------------
	44
	45	LDB, Samba's LDAP-like local database and the power behind the Samba
	46	AD DC, is no longer available to build as a distinct tarball, but is
	47	instead provided as an optional public library.
	48
	49	If you need ldb as a public library, say to build sssd, then use
	50	./configure --private-libraries='!ldb'
	51
	52	This re-integration allows LDB tests to use the Samba's full selftest
	53	system, including our knownfail infrastructure, and decreases the work
	54	required during security releases as a coordinated release of the ldb
	55	tarball is not also required.
	56
	57	This approach has been demonstrated already in Debian, which is already
	58	building Samba and LDB is this way.
	59
	60	As part of this work, the pyldb-util public library, not known to be
	61	used by any other software, is made private to Samba.
d63e972a	62
757036ce AB	63	LDB Module API Python bindings removed
	64	--------------------------------------
	65
	66	The LDB Modules API, which we do not promise a stable ABI or API for,
	67	was wrapped in python in early LDB development. However that wrapping
	68	never took into account later changes, and so has not worked for a
	69	number of years. Samba 4.21 and LDB 2.10 removes this unused and
	70	broken feature.
	71
75a87098 VL	72	REMOVED FEATURES
	73	================
	74
96154829	75
59a07e3f KS	76	smb.conf changes
	77	================
	78
11a3a8d9 SM	79	Parameter Name Description Default
11a3a8d9 SM	80	-------------- ----------- -------
e1c4caed	81	ldap server require strong auth new values
be1935da	82
6a409da9	83
0a4827f5 AB	84	KNOWN ISSUES
0a4827f5 AB	85	============
3e246a3c	86
c0dc0fd3	87	https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.21#Release_blocking_bugs
295f757f	88
8310b8c9 AB	89
8310b8c9 AB	90	#######################################
ba4bb742 GJC	91	Reporting bugs & Development Discussion
	92	#######################################
	93
	94	Please discuss this release on the samba-technical mailing list or by
59e67dc8 AB	95	joining the #samba-technical:matrix.org matrix room, or
59e67dc8 AB	96	#samba-technical IRC channel on irc.libera.chat
ba4bb742 GJC	97
	98	If you do report problems then please try to send high quality
	99	feedback. If you don't provide vital information to help us track down
	100	the problem then you will probably be ignored. All bug reports should
c1bbe58c	101	be filed under the Samba 4.1 and newer product in the project's Bugzilla
ba4bb742 GJC	102	database (https://bugzilla.samba.org/).
	103
	104
	105	======================================================================
	106	== Our Code, Our Bugs, Our Responsibility.
	107	== The Samba Team
	108	======================================================================
51813e3b	109