Just another of my updates on where I think we are towards the tech
preview.
With major developers travelling, development has slowed down a lot.
I've put in some fixes for some of the migration cases we want to show
off, but I need to do some more work on the robustness of the Samba3
upgrade. In particular, the choice of a realm, and the need to perform
a 'self join' after the upgrade.
The biggest thing we need is release notes. These need to convey the
amount of work we have done, but also the things that are simply not
expected to work yet, and the pre-alpha state. (The last thing we
want is some production network running this, then screaming if we break
everything in an update).
The other outstanding things for me are ACLs on the registry and SWAT.
There is a debian upgrade bug out there (need for realm specification),
but otherwise, I think we are almost ready to go
Andrew Bartlett

Thu, 2006-01-19 at 00:29 +1100, Andrew Bartlett wrote:
Just another of my updates on where I think we are towards the tech
preview.

With major developers travelling, development has slowed down a lot.
I've put in some fixes for some of the migration cases we want to show
off, but I need to do some more work on the robustness of the Samba3
upgrade. In particular, the choice of a realm, and the need to perform
a 'self join' after the upgrade.

The biggest thing we need is release notes. These need to convey the
amount of work we have done, but also the things that are simply not
expected to work yet, and the pre-alpha state. (The last thing we
want is some production network running this, then screaming if we break
everything in an update).

I've attached (and committed as WHATSNEW.txt) some initial release
notes. Comments and improvements very much welcome.

The other outstanding things for me are ACLs on the registry and SWAT.
There is a debian upgrade bug out there (need for realm specification),
but otherwise, I think we are almost ready to go

I suspect we will ship without these, and the SIGTERM issue, unless I
get time at linux.conf.au, before we ship.

Andrew Bartlett

Thu, 2006-01-19 at 20:14 +1100, Brad Hards wrote:
Thursday 19 January 2006 18:12 pm, Andrew Bartlett wrote:
I've attached (and committed as WHATSNEW.txt) some initial release
notes. Comments and improvements very much welcome.
Your code is better than your PR writing :-)

That's why I've been putting it off all week :-)

Try this version. There are a couple of places where you are trying to tell us
what new features are provided, but I don't know why that feature might be
important. Look for square brackets [ ] for things to change, but also look
for other places to explain why you spent three years working on this

Thank you very much. I'll put this in, then answer the in-line
questions.

Andrew Bartlett

Thu, 2006-01-19 at 20:54 +1100, Andrew Bartlett wrote:
Thu, 2006-01-19 at 20:14 +1100, Brad Hards wrote:
Thursday 19 January 2006 18:12 pm, Andrew Bartlett wrote:
I've attached (and committed as WHATSNEW.txt) some initial release
notes. Comments and improvements very much welcome.
Your code is better than your PR writing :-)

That's why I've been putting it off all week :-)

Try this version. There are a couple of places where you are trying to tell us
what new features are provided, but I don't know why that feature might be
important. Look for square brackets [ ] for things to change, but also look
for other places to explain why you spent three years working on this

Thank you very much. I'll put this in, then answer the in-line
questions.

I've clarified a few things, how does this look? I'm happy to take
contributions from all comers :-)

Andrew Bartlett

A few more comments

| We expect that format changes will require that the user database be
| rebuilt from scratch a number of times before we make a final release,
| losing password data each time.
Hmmn, databases are usually pretty resilient under change,
even ones I build (;-))
You may want to say
| before we make a final release, requiring you to export,
| edit and re-import data each time.

This assumes, for each database type supported
- you can import and export (;-))
- new columns added can either be NULL
or populated by the person doing the
editing, or optionally by a program.

The latter will probably be desirable when using
swat to migrate from samba3 production to samba4
in any case, so it doesn't hurt to play
with it now. And yes, I'll happily volunteer
to write gawk scripts to migrate databases (;-))

| File system access should occur as the logged in user, much as
| Samba3 does.
Shouldn't that be "shall" ?

Andrew Bartlett wrote:
Thu, 2006-01-19 at 20:54 +1100, Andrew Bartlett wrote:

>Thu, 2006-01-19 at 20:14 +1100, Brad Hards wrote:
>>
Thursday 19 January 2006 18:12 pm, Andrew Bartlett wrote:

I've attached (and committed as WHATSNEW.txt) some initial release
notes. Comments and improvements very much welcome.

Your code is better than your PR writing :-)
>>
>>That's why I've been putting it off all week :-)
>>
>>
Try this version. There are a couple of places where you are trying to tell us
what new features are provided, but I don't know why that feature might be
important. Look for square brackets [ ] for things to change, but also look
for other places to explain why you spent three years working on this
>>
>>Thank you very much. I'll put this in, then answer the in-line
>>questions.

I've clarified a few things, how does this look? I'm happy to take
contributions from all comers :-)

Andrew Bartlett

What's new in Samba 4 Technology Preview

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

Samba 4 is currently not yet in a state where it is usable in
production environments. Note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work.

With 3 years of development under our belt since Tridge first proposed
a new Virtual File System (VFS) layer for Samba3 (a project which
eventually lead to our Active Directory efforts), it was felt that we
should create something we could 'show off' to our users. This is a
Technology Preview (TP), aimed at allowing users, managers and
developers to see how we have progressed, and to invite feedback and
support.

WARNINGS

Samba4 TP is currently a pre-alpha technology. It may eat your cat, but
is far more likely to choose to munch on your password database. We
recommend against upgrading any production servers from Samba 3 to
Samba 4 at this stage. If you are upgrading an experimental server,
you should backup all configuration and data.

We expect that format changes will require that the user database be
rebuilt from scratch a number of times before we make a final release,
losing password data each time.

Samba 4 Technology Preview includes basic Access Control List (ACL)
protection on the main user database, but due to time constraints,
none on the registry at this stage. We also do not currently have
ACLs on the SWAT web-based management tool. This means that Samba 4
Technology Preview is not secure.

File system access should occur as the logged in user, much as Samba3
does.

Again, we strongly recommend against use in a production environment
at this stage.

NEW FEATURES

Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.

Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.

SWAT is now integrated into Samba 4 as the user-friendly interface to
Samba server management. SWAT provides easy provides access to our
setup and migration tools. Using SWAT, you can migrate windows
domains in Samba 4, allowing easy setup of initial user databases, and
upgrades from Samba 3.

The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations. This includes file
annotation information (in streams) and NT ACLs in particular. The
VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing
JavaScript programs to interface to Samba's internals.

The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends. of the backends supports
standards compliant LDAP servers (including LDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.

CHANGES

Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.

KNWN ISSUES

- Standalone server and domain member roles are not currently
supported. While we have much of the infrastructure required, we
have not collected these pieces together.
- There is no printing support in the current release.
- SWAT can be painful with <TABand forms. Just use the mouse, as
the JavaScript layer doing this will change.
- Domain logons (using Kerberos) from windows clients incorrectly
state that the password expires today.

RUNNING Samba4

A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.

DEVELPMENT and FEEDBACK

Bugs can be filed at https://bugzilla.samba.org/. Please
look at the STATUS file before filing a bug to see if a particular
is supposed to work yet.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).

Thu, 2006-19-01 at 21:31 +1100, Andrew Bartlett wrote:
I've clarified a few things, how does this look? I'm happy to take
contributions from all comers :-)

Andrew Bartlett

"SWAT is now integrated into Samba 4 as the user-friendly
interface to Samba server management. SWAT provides easy
provides access to our setup and migration tools. Using
SWAT, you can migrate windows domains in Samba 4,
allowing easy setup of initial user databases, and
upgrades from Samba 3."

We need to remind people that this is a new SWAT. How about:
"A completely new SWAT is now integrated" ?