Samba-TNG						     WHATSNEW          
---------------------------------------------------------------------

            WHATS NEW IN Samba TNG (The Next Generation)
            ============================================


* Important changes in 0.3.2 (beta)
  - Various buffer overflow fixes, as seen in Samba 2.2.8a.
    Thanks to Erik Parker and Digital Defense, Inc., and to
    Jerry Carter and the Samba Team.
  - Fixed an issue with Samba 3.0alpha as domain member.

* Important changes in 0.3.1 (beta)
  - Security fix of a hole found in Samba by S. Kramer of
    SuSE.
  - Security fix of a hole discovered by Elrond in the
    security context management of Samba-TNG.
  - Fix some minor bugs in the rpcclient.
  - Fix a problem in our name lookup code, which returned
    RIDs for usual names despite those names didn't exist
    in the real SAM database.

* Important changes in 0.3 (beta)
  - Updated LDAP schema in ldap/samba-tng.schema-v3
    If you upgrade from a previous schema, you should make
    sure, that all your sambaAccount objects also include
    "objectclass: account" or "objectclass: inetOrgPerson",
    so the ldap objects have exactly one class, that is
    "structural".
  - many improvements to the ldap backend.
    + subcontexts for users, groups, etc. (check
      smb.conf(5))
  - NT trusting TNG works now out of the box.
  - libiconv usage
    TNG now highly recommends having libiconv on your
    system (possibly directly included in your libc, as on
    Linux for example).
    We have not fully migrated to libiconv, so please take
    a look at
    docs/textdocs/Character_Sets.txt
  - SSL deactivated (useless, not supported for a while,
    etc.)
  - TNG trusting NT works somewhat in our testlabs, but is
    too hard to setup currently. ;)
  - smb.conf defaults changed:
    + `logon path': "\\%N\%U\profile" -> ""
    + `load printers', `oplocks', `level2 oplocks', `nt acl
      support': True -> False
    + `server schannel': False -> Auto
    + `encrypt passwords': False -> True
  - Small things:
    + Support for TCPWrapper
    + smbclient -M username
    + Update to the registry tools in rpcclient
    + Fixes/improvements for large (ldap) domains.
  - Caveats/issues:
    + passwords > 14 chars might give problems
    + head in security=server mode might have problems
    + We're migrating to libiconv, but this is work in
      progress, so some charset issues might exist.
    + XP has problems storing profiles on TNG as fileserver.
      See docs/windows-registry-patches/WinXP_RoamingProfiles.reg or
      http://hr.uoregon.edu/davidrl/samba/samba-unofficial-single.html#roam



=====================================================================

                             Older NEWS
                             ==========


This release is to enlist the help of people who are unable to use
cvs (http://www.samba-tng.org/cvs.html) in a major development
project to integrate Samba into a Windows NT (tm) Domain environment
- the NT Domains for Unix project.

If you are running Windows 9x and do not forsee the need for or
need to use any Windows NT Workstations on your network in the near
future, you will not need Samba TNG or any of its functionality.


Major changes in Samba TNG
--------------------------

There are many major changes in Samba TNG.  Here are some of them:


1). Windows NT (tm) Primary Domain Controller compatibility
-----------------------------------------------------------

Samba TNG can act as a Primary Domain Controller to Windows NT 3.5,
4.0 and  Win2000 (in 4.0 backwards-compatible mode) Workstations.
Backup Domain Controller and Inter-Domain Trust Relationships are at an
early, but functional and very hands-on, stage.

2). Support for Windows NT (tm) Administrative tools
----------------------------------------------------

Significant in-roads have been made into providing support for at least
the following Windows NT (tm) tools and services:

- User Manager for Domains
- Server Manager for Domains
- Event Log
- Service Control Manager
- Registry Editor
- Command Scheduler

A command-line tool named rpcclient, with a command-syntax similar to
smbclient, has over sixty five commands that provide equivalent
functionality for the same Windows NT (tm) Administrative tools,
including the ability to remotely shut down a Windows NT (tm) Server.

rpcclient has now been joined by net, samedit, regedit, ntspool,
eventlog, lsa, cmdat and svccontrol.  If anyone can think of better
names for these, suggestions are welcomed.

3). Portability
---------------

Samba is now self-configuring using GNU autoconf and libtool, removing
the need for people installing Samba to have to hand-configured
Makefiles, as was needed in previous versions.

You now configure Samba by running "./configure" then "make".  See
docs/textdocs/UNIX_INSTALL.txt for details.

The use of libtool dramatically reduces the size of samba binaries.
As we are using libtool in a slightly different way from usual,
you may encounter run-time or compilation errors, so please report
them to us.

4). New SAM Database Daemons
----------------------------

The SAM database daemon, samrd, is being considered "legacy", and
the aim is to replace it.  To this end, some new SAM database
daemons are being developed - samrtdbd and samrnt5ldapd.
They will need to be run with their counterparts, netlogontdbd or
netlogonnt5ldapd.  None of these are built as part of the standard
make, they have to be explicitly built because they are in
development: samrd and lsarpcd are compiled by default.

5). pam_ntdom and winbindd
--------------------------

The Windows Bind Daemon and the Plugin Authentication Module for NT
Domains are now part of the Samba TNG Development effort.  

winbindd presents, when installed using nsswitch, a unix-like view
of a Windows NT Domain environment, allowing Unix applications and
the Unix Operating system to enumerate NT users, groups and aliases
as Unix users and groups.

pam_ntdom, when installed as part of a PAM-enabled Unix Authentication
system, allows Unix users to be authenticated against a Windows NT
Domain environment.

@begin marketing-speak
	" The powerful combination of winbindd and pam_ntdom allows Unix
	  to be integrated seamlessly into Windows NT Domain environments,
	  which moves us closer to the Holy Grail of 'Single Sign-on'. "
@end marketing-speak


=====================================================================

NOTE - Some important information
---------------------------------

It is important that you read the source/README file for
instructions, and it is recommended that you join tng-cvs@samba-tng.org
for update information and status reports.  For details, please see:

http://www.samba-tng.org/mailinglists.html

=====================================================================

NOTE - Primary Domain Controller Functionality
----------------------------------------------

This version of Samba-TNG contains code that correctly implements
the undocumented Primary Domain Controller authentication
protocols.  However, there is much more to being a Primary
Domain Controller than serving Windows NT logon requests.

A useful version of a Primary Domain Controller contains
many remote procedure calls to do things like enumerate users, 
groups, and security information, 98% of which Samba TNG currently
implements.  

This work is being done in the CVS (developer) versions of Samba,
development of which continues at a fast pace.  If you are
interested in participating in or helping with this development
please join the samba-technical mailing list.  Details on joining
are available at :

http://www.samba-tng.org/mailinglists.html

Details on obtaining CVS versions of Samba-TNG
are available at:

http://www.samba-tng.org/cvs.html


=====================================================================

NOTE - Known Bugs
-----------------


1) Printing is currently not completely functional,
because it is being developed in another tree and at times
we try to merge this back into this tree.

2) Use of administrative tools such as usrmgr.exe on a Win2000SP2
workstation may partly fail due to slight modification of rpcs by M$.
A fix for this is under construction.

3) Domain Trust relationships from TNG to NT are working, the other
way around is not very well tested so far and may not work correctly.

=====================================================================

If you have problems, or think you have found a bug please email 
a full, detailed report to:

        tng-users@samba-tng.org


Regards,

        The Samba-TNG Team.  

