From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 20 Jul 2023 03:01:43 +0000 (+1200)
Subject: WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented
X-Git-Tag: ldb-2.8.0~81
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbed6d80b1fc4bb22896a1850ef9f15ddd0bc259;p=thirdparty%2Fsamba.git

WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5aa325f6e5f..4ff92b8078a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -64,6 +64,14 @@ Kerberos Claims, Authentication Silos and NTLM authentication policies
 An initial, partial implementation of Active Directory Functional
 Level 2012, 2012R2 and 2016 is available in this release.
 
+In particular Samba will issue Active Directory "Claims" in the PAC,
+for member servers that support these, and honour in-directory
+configuration for Authentication Policies and Authentication Silos.
+
+The primary limitation is that while Samba can read and write claims
+in the directory, and populate the PAC, Samba does not yet use them
+for access control decisions.
+
 While we continue to develop these features, existing domains can
 test the feature by selecting the functional level in provision or
 raising the DC functional level by setting