Congratulations, I look forward to testing samba 4 as having an AD
server 2008 (imposed) customers with Debian, I had many difficulties to
operate (Luckily it yay Broken Power / Likewise).
I will replace the samba 4 AD 2008 now
I'd share my feedback.
Thank you again!
Stéphane
On Tue, 11 Dec 2012 18:40:26 +0100, Karolin Seeger
wrote:
> ==
> "Nothing is impossible,
>the word itself says
>'I'm possible'!"
>
>Audrey Hepburn
>
> ==
>
>
> Release Announcements
> -
>
> This is is the first stable release of Samba 4.0.
>
> This release contains the best of all of Samba's
> technology parts, both a file server (that you can reasonably expect
> to upgrade existing Samba 3.x releases to) and the AD domain
> controller work previously known as 'Samba4'.
>
> Major enhancements in Samba 4.0.0 include:
>
> Active Directory services
> =
>
> Samba 4.0 supports the server-side of the Active Directory logon
> environment used by Windows 2000 and later, so we can do full domain
> join and domain logon operations with these clients.
>
> Our Domain Controller (DC) implementation includes our own built-in
> LDAP server and Kerberos Key Distribution Center (KDC) as well as the
> Samba3-like logon services provided over CIFS. We correctly generate
> the infamous Kerberos PAC, and include it with the Kerberos tickets we
> issue.
>
> When running an AD DC, you only need to run 'samba' (not smbd/nmbd/winbindd),
> as the required services are co-coordinated by this master binary.
> The tool to administer the Active Directory services is called 'samba-tool'.
>
> A short guide to setting up Samba 4 as an AD DC can be found on the wiki:
>
> http://wiki.samba.org/index.php/Samba4/HOWTO
>
>
> File Services
> =
>
> Samba 4.0.0 ships with two distinct file servers. We now use the
> file server from the Samba 3.x series 'smbd' for all file serving by
> default.
>
> Samba 4.0 also ships with the 'NTVFS' file server. This file server
> is what was used prior to the beta2 release of Samba 4.0, and is
> tuned to match the requirements of an AD domain controller. We
> continue to support this, not only to provide continuity to
> installations that have deployed it as part of an AD DC, but also as a
> running example of the NT-FSA architecture we expect to move smbd to in
> the longer term.
>
> For pure file server work, the binaries users would expect from that
> series (smbd, nmbd, winbindd, smbpasswd) continue to be available.
>
>
> DNS
> ===
>
> As DNS is an integral part of Active Directory, we also provide two DNS
> solutions, a simple internal DNS server for 'out of the box' configurations
> and a more elaborate BIND plugin using the BIND DLZ mechanism in versions
> 9.8 and 9.9. During the provision, you can select which backend to use.
> With the internal backend, your DNS server is good to go.
> If you chose the BIND_DLZ backend, a configuration file will be generated
> for bind to make it use this plugin, as well as a file explaining how to
> set up bind.
>
>
> NTP
> ===
>
> To provide accurate timestamps to Windows clients, we integrate with
> the NTP project to provide secured NTP replies. To use you need to
> start ntpd and configure it with the 'restrict ... ms-sntp' and
> ntpsigndsocket options.
>
>
> Python Scripting Interface
> ==
>
> A new scripting interface has been added to Samba 4, allowing
> Python programs to interface to Samba's internals, and many tools and
> internal workings of the DC code is now implemented in python.
>
>
> Known Issues
>
>
> - Replication of DNS data from one AD server to another may not work.
> The DNS data used by the internal DNS server and bind9_dlz is stored
> in an application partition in our directory. The replication of
> this partition is not yet reliable.
>
> - Replication may fail on FreeBSD due to getaddrinfo() rejecting names
> containing _. A workaround will be in a future release.
>
> - samba_upgradeprovision should not be run when upgrading to this release
> from a recent release. No important database format changes have
> been made since alpha16.
>
> - Installation on systems without a system iconv (and developer
> headers at compile time) is known to cause errors when dealing with
> non-ASCII characters.
>
> - Domain member support in the 'samba' binary is in its infancy, and
> is not comparable to the support found in winbindd. As such, do not
> use the 'samba' binary (provided for the AD server) on a member
> server.
>
> - There is no NetBIOS browsing support (network neighbourhood)
> available for the AD domain controller. (Support in
