Samba draait op Unix-, BSD- en Linux-servers, en is een opensource-implementatie van het smb/cifs-netwerkprotocol. Sinds versie 3 kan Samba file- en printservices aan Windows-clients aanbieden, en is het in staat om als domaincontroller te fungeren. Uitgebreide documentatie, inclusief praktische how-to’s voor een iets oudere versie, kan op deze pagina worden gevonden. De ontwikkelaars hebben versie 4.11.0 klaargezet, met de volgende veranderingen: Release Notes for Samba 4.11.0 AD Database compatibility Samba 4.11 has changed how the AD database is stored on disk. AD users should not really be affected by this change when upgrading to 4.11. However, AD users should be extremely careful if they need to downgrade from Samba 4.11 to an older release. Samba 4.11 maintains database compatibility with older Samba releases. The database will automatically get rewritten in the new 4.11 format when you first start the upgraded samba executable. However, when downgrading from 4.11 you will need to manually downgrade the AD database yourself. Note that you will need to do this step before you install the downgraded Samba packages. When either upgrading or downgrading, users should also avoid making any database modifications between installing the new Samba packages and starting the samba executable. SMB1 is disabled by default The defaults of ‘client min protocol’ and ‘server min protocol’ have been changed to SMB2_02. This means clients without support for SMB2 or SMB3 are no longer able to connect to smbd (by default). It also means client tools like smbclient and other, as well as applications making use of libsmbclient are no longer able to connect to servers without SMB2 or SMB3 support (by default). It’s still possible to allow SMB1 dialects, e.g. NT1, LANMAN2 and LANMAN1 for client and server, as well as CORE and COREPLUS on the client. Note that most commandline tools e.g. smbclient, smbcacls and others also support the ‘–option’ argument to overwrite smb.conf options, e.g. –option=’client min protocol=NT1′ might be useful. As Microsoft no longer installs SMB1 support in recent releases or uninstalls it after 30 days without usage, the Samba Team tries to get remove the SMB1 usage as much as possible. SMB1 is officially deprecated and might be removed step by step in the following years. If you have a strong requirement for SMB1 (except for supporting old Linux Kernels), please file a bug at https://bugzilla.samba.org and let us know about the details. LanMan and plaintext authentication deprecated The “lanman auth” and “encrypt passwords” parameters are deprecated with this release as both are only applicable to SMB1 and are quite insecure. NTLM, NTLMv2 and Kerberos authentication are unaffected, as “encrypt passwords = yes” has been the default since Samba 3.0.0. If you have a strong requirement for these authentication protocols, please file a bug at https://bugzilla.samba.org and let us know about the details. BIND9_FLATFILE deprecated The BIND9_FLATFILE DNS backend is deprecated in this release and will be removed in the future. This was only practically useful on a single domain controller or under expert care and supervision. This release therefore deprecates the “rndc command” smb.conf parameter, which is used to support this configuration. After writing out a list of DCs permitted to make changes to the DNS Zone “rndc command” is called with reload to tell the ‘named’ server if a DC was added/removed to to the domain. NEW FEATURES/CHANGES
