]>
Commit | Line | Data |
---|---|---|
e30937e2 KS |
1 | Release Announcements |
2 | ===================== | |
3 | ||
c0dc0fd3 | 4 | This is the first pre release of Samba 4.21. This is *not* |
e30937e2 KS |
5 | intended for production environments and is designed for testing |
6 | purposes only. Please report any defects via the Samba bug reporting | |
7 | system at https://bugzilla.samba.org/. | |
ba4bb742 | 8 | |
c0dc0fd3 | 9 | Samba 4.21 will be the next version of the Samba suite. |
08401ffd | 10 | |
c0a9fdc6 | 11 | |
a0a2f799 AB |
12 | UPGRADING |
13 | ========= | |
14 | ||
e1c4caed SM |
15 | LDAP TLS/SASL channel binding support |
16 | ------------------------------------- | |
17 | ||
18 | The ldap server supports SASL binds with | |
19 | kerberos or NTLMSSP over TLS connections | |
20 | now (either ldaps or starttls). | |
21 | ||
22 | Setups where 'ldap server require strong auth = allow_sasl_over_tls' | |
23 | was required before, can now most likely move to the | |
24 | default of 'ldap server require strong auth = yes'. | |
25 | ||
26 | If SASL binds without correct tls channel bindings are required | |
27 | 'ldap server require strong auth = allow_sasl_without_tls_channel_bindings' | |
28 | should be used now, as 'allow_sasl_over_tls' will generate a | |
29 | warning in every start of 'samba', as well as '[samba-tool ]testparm'. | |
30 | ||
31 | This is similar to LdapEnforceChannelBinding under | |
32 | HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters | |
33 | on Windows. | |
34 | ||
35 | All client tools using ldaps also include the correct | |
36 | channel bindings now. | |
37 | ||
5bcf3f1b | 38 | |
c1bbe58c KS |
39 | NEW FEATURES/CHANGES |
40 | ==================== | |
62875044 | 41 | |
9f167b9b AB |
42 | LDB no longer a standalone tarball |
43 | ---------------------------------- | |
44 | ||
45 | LDB, Samba's LDAP-like local database and the power behind the Samba | |
46 | AD DC, is no longer available to build as a distinct tarball, but is | |
47 | instead provided as an optional public library. | |
48 | ||
49 | If you need ldb as a public library, say to build sssd, then use | |
50 | ./configure --private-libraries='!ldb' | |
51 | ||
52 | This re-integration allows LDB tests to use the Samba's full selftest | |
53 | system, including our knownfail infrastructure, and decreases the work | |
54 | required during security releases as a coordinated release of the ldb | |
55 | tarball is not also required. | |
56 | ||
57 | This approach has been demonstrated already in Debian, which is already | |
58 | building Samba and LDB is this way. | |
59 | ||
60 | As part of this work, the pyldb-util public library, not known to be | |
61 | used by any other software, is made private to Samba. | |
d63e972a | 62 | |
757036ce AB |
63 | LDB Module API Python bindings removed |
64 | -------------------------------------- | |
65 | ||
66 | The LDB Modules API, which we do not promise a stable ABI or API for, | |
67 | was wrapped in python in early LDB development. However that wrapping | |
68 | never took into account later changes, and so has not worked for a | |
69 | number of years. Samba 4.21 and LDB 2.10 removes this unused and | |
70 | broken feature. | |
71 | ||
75a87098 VL |
72 | REMOVED FEATURES |
73 | ================ | |
74 | ||
96154829 | 75 | |
59a07e3f KS |
76 | smb.conf changes |
77 | ================ | |
78 | ||
11a3a8d9 SM |
79 | Parameter Name Description Default |
80 | -------------- ----------- ------- | |
e1c4caed | 81 | ldap server require strong auth new values |
be1935da | 82 | |
6a409da9 | 83 | |
0a4827f5 AB |
84 | KNOWN ISSUES |
85 | ============ | |
3e246a3c | 86 | |
c0dc0fd3 | 87 | https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.21#Release_blocking_bugs |
295f757f | 88 | |
8310b8c9 AB |
89 | |
90 | ####################################### | |
ba4bb742 GJC |
91 | Reporting bugs & Development Discussion |
92 | ####################################### | |
93 | ||
94 | Please discuss this release on the samba-technical mailing list or by | |
59e67dc8 AB |
95 | joining the #samba-technical:matrix.org matrix room, or |
96 | #samba-technical IRC channel on irc.libera.chat | |
ba4bb742 GJC |
97 | |
98 | If you do report problems then please try to send high quality | |
99 | feedback. If you don't provide vital information to help us track down | |
100 | the problem then you will probably be ignored. All bug reports should | |
c1bbe58c | 101 | be filed under the Samba 4.1 and newer product in the project's Bugzilla |
ba4bb742 GJC |
102 | database (https://bugzilla.samba.org/). |
103 | ||
104 | ||
105 | ====================================================================== | |
106 | == Our Code, Our Bugs, Our Responsibility. | |
107 | == The Samba Team | |
108 | ====================================================================== | |
51813e3b | 109 |