thanks Simo. added to RHEL4.6 release notes under "Other Updates": <quote> - samba has been updated to version 3.0.25. </quote> will be waiting for more details on implications of this update - added features, notable resolved issues, outstanding known issues/caveats, and references for more information. thanks!
Release notes proposed text: Important notice on the jupgraded Samba packages. The Samba packages have been upgraded from version 3.0.10 to 3.0.25b Justification: Several critical bugs have been addressed and issues interoperating with recent MS operating systems like MS Windows 2003 R2 or MS Windows Vista have been resolved in recent releases upstream. Also some critical features regarding scalability and stability have been developed or improved. All the fixes and features required invasive code changes in some critical code paths that make backporting to 3.0.10 unfeasable. All these reasons warranted a rebase of the package to 3.0.25b Warnings: even if deemed absolutely necessary this package upgrade may require manual intervention during the update phase. Some necessary changes in the way some options are interpreted and some components now behave may require some changes to the configuration file after the update. The following changes need some special attention during the upgrade: * stricter naming rules Stricter naming rules affect force user/force group/valid user and other directives that accpet user/group names. In 3.0.25b the user/group name must be fully qualified. If the machine is joined to a domain named DOMAIN, a user/group (foo) of that domain must be used in the form "DOMAIN\foo", using just "foo" will usually *not* grant permission to "DOMAIN\foo" * removed multiple passdb backend support In 3.0.25b support for using multiple passdb backends has been removed. The multiple passdb backend support led to subtle problems in some cases and didn't add much to the usability of the server whild causing problems in some cases. In case multiple dbs are in use, they can be consolidated in one db and the accounts stored in the other dbs can be easily migrated over using the pdbedit utility. * domain type autodetection for winbindd (domain vs ads security) In 3.0.25b winbindd autodetects the domain type and choose the right security method. Even setting security = domain may result in winbindd using kerberos/ldap to connect to a domain that has been recognized as an AD capable domain. * ldap schema additions The ldap schema has been extended. If you are using the ldapsam backend you should upgrade the ldap schema. The upgrade is backward compatible as only additions were made. With the new schema it should be noted that indexing sambaSID to handle sub-matches is strongly adviced. * winbindd NSS enumeration defaults to OFF now Enumeration of users and groups has been turned off by default. This is a performance tuning for big environments were multiple domain controllers trusts and remote locations are involved. If your environament depends on user/group enumeration you can easily turn it on using the "winbind enum users" and "winbind enum groups" options. * removed and new options Some options like ldap filter, min password length has been removed. Also a number of new facilities and options has been added. Please consult the full list in the samba package errata and check if your setup depends on any removed option before upgrading. We invite admins to carefully check their configurations to check if they may be affected by the mentioned issues before updating and plan the samba upgrade accordingly. Refernces: [add link to a RH kbase article] [other external resources??]
thanks Simo. added to RHEL4.6 release notes under "Feature Updates => samba": <quote> samba samba has been updated to version 3.0.25b. This addresses several critical issues affecting interoperability with Windows 2003™ and Windows Vista™ (resolved in recent upstream releases). All revisions to samba made for this update entailed invasive code changes in some critical code paths. This made backporting to version 3.0.10 non-feasible. As such, all samba packages were rebased to version 3.0.25b instead. Because of the rebase, some option interpretation methods and components behaviors have changed significantly. This means that after upgrading samba, the configuration file will need to be manually edited accordingly. Some options like ldap filter and minimum password length are now deprecated. Before upgrading to this new version of samba, consult the samba package errata and check if your system is dependent on any removed option. This update of samba applies several feature updates, most notably: * Stricter naming rules are now enforced. These new rules affect force user, force group, valid user and other directives that accept user or group names. In this update, the user/group name must be fully qualified. For example, if a machine is joined to a domain named DOMAIN, a user named foo of that domain must be used in the form DOMAIN\foo. Simply using foo will normally deny permission to the machine. * Support for multiple passdb backends is now deprecated. Support for multiple passdb led to subtle problems in some cases, while adding little to the usability of the server. To use multiple databases, consolidate them in one database. Afterwards, migrate the accounts stored in the other databases using the pdbebit utility. * winbindd now detects the domain type of a server and automatically chooses the right security method. Even setting security = domain may result in winbindd using kerberos/ldap to connect to a domain recognized as AD-capable. * The ldap schema is now extended. If you are using the ldapsam backend, upgrade to this extended ldap schema. The upgrade is backwards compatible. When you upgrade to the extended ldap schema, it is recommended that you index sambaSID to handle sub-matches. * winbindd NSS enumeration now defaults to OFF. This benefits large environments where multiple domain controllers, trusts, and remote locations are involved. If your environment depends on user/group enumeration, you can turn it on using the options winbind enum users and winbind enum groups. </quote> please advise if any revisions are in order. thanks!
This is a diff from Guenther, mostly typos. --- /text.orig 2007-08-13 15:22:06.000000000 +0200 +++ /text 2007-08-13 15:27:35.000000000 +0200 @@ -1,28 +1,28 @@ Release notes proposed text: -Important notice on the jupgraded Samba packages. +Important notice on the upgraded Samba packages. The Samba packages have been upgraded from version 3.0.10 to 3.0.25b Justification: Several critical bugs have been addressed and issues interoperating with recent MS operating systems like MS Windows 2003 R2 or MS Windows Vista -have been resolved in recent releases upstream. Also some critical +have been resolved in recent upstream Samba releases. Also some critical features regarding scalability and stability have been developed or improved. All the fixes and features required invasive code changes in some critical code paths that make backporting to 3.0.10 unfeasable. -All these reasons warranted a rebase of the package to 3.0.25b +All these reasons warranted a rebase of the package to 3.0.25b. Warnings: -even if deemed absolutely necessary this package upgrade may require +Even if deemed absolutely necessary this package upgrade may require manual intervention during the update phase. Some necessary changes in the way some options are interpreted and some components now behave may -require some changes to the configuration file after the update. +require configuration file changes after the update. The following changes need some special attention during the upgrade: * stricter naming rules - Stricter naming rules affect force user/force group/valid user and other - directives that accpet user/group names. In 3.0.25b the user/group name + These affect force user/force group/valid user and other + directives that accept user/group names. In 3.0.25b the user/group name must be fully qualified. If the machine is joined to a domain named DOMAIN, a user/group (foo) of that domain must be used in the form "DOMAIN\foo", using just "foo" will usually *not* grant permission to @@ -31,16 +31,17 @@ * removed multiple passdb backend support In 3.0.25b support for using multiple passdb backends has been removed. The multiple passdb backend support led to subtle problems in some cases - and didn't add much to the usability of the server whild causing problems - in some cases. In case multiple dbs are in use, they can be consolidated in - one db and the accounts stored in the other dbs can be easily migrated over + and didn't add much to the usability of the server while causing problems + in some cases. In case multiple backends were in use, they can be consolidated in + one backend and the accounts stored in the other backends can be easily migrated over using the pdbedit utility. * domain type autodetection for winbindd (domain vs ads security) In 3.0.25b winbindd autodetects the domain type and choose the right security method. Even setting security = domain may result in winbindd using kerberos/ldap to connect to a domain that has been recognized as - an AD capable domain. + an AD capable domain. When working in an Active Directory environment it + is important to use correct DNS settings. * ldap schema additions The ldap schema has been extended. If you are using the ldapsam backend you @@ -50,14 +51,14 @@ * winbindd NSS enumeration defaults to OFF now Enumeration of users and groups has been turned off by default. This is - a performance tuning for big environments were multiple domain controllers - trusts and remote locations are involved. If your environament depends on + a performance tuning for large environments were multiple domain controllers, + trusts and remote locations are involved. If your environment depends on user/group enumeration you can easily turn it on using the "winbind enum users" and "winbind enum groups" options. * removed and new options - Some options like ldap filter, min password length has been removed. Also a - number of new facilities and options has been added. Please consult the + Some options like ldap filter, min password length have been removed. Also a + number of new facilities and options have been added. Please consult the full list in the samba package errata and check if your setup depends on any removed option before upgrading. @@ -65,6 +66,6 @@ may be affected by the mentioned issues before updating and plan the samba upgrade accordingly. -Refernces: +References: [add link to a RH kbase article] [other external resources??]