load_rc_config_var so that platforms with older versions of /etc/rc.subr
can run smbd.sh and winbindd.sh without updating /etc/rc.subr.
Bump PKGREVISION to 3.
for samba-3.0.20b that are applied as part of this update include:
http://www.samba.org/samba/patches/print_lprm.patchhttp://www.samba.org/samba/patches/quota.patchhttp://www.samba.org/samba/patches/bug3201_wbinfo.patch
This fixes PRs pkg/31352 and pkg/31991. Important changes that were
made as part of porting this Samba release to pkgsrc include the
following:
* The new release model for Samba includes distributing patches for
urgent bug fixes that will be included in the next release of Samba,
and are available at http://www.samba.org/samba/patches/. Since
these patches are rather generically named, we download all DISTFILES
and PATCHFILES for Samba into a ${DISTNAME}-specific directory.
* The default configuration for the samba package no longer builds the
"winbind" portions of samba, which are really only useful when
attempting to unify logons between Unix and Microsoft Windows. When
the "winbind" option is specified, we also build the RID and AD idmap
backends, which allow sharing UIDs/GIDs across Unix machines.
* New package options have been added to the build: "mysql", "pgsql",
and "xml" allow adding optional support for experimental passdb
storage backends, and "winbind" allows for optionally building the
winbindd daemon and associated plugins.
* Two new smb.conf options were added -- "passwd expand gecos" and
"state directory". The first describes whether "&" in the GECOS
field of a passwd db entry is expanded to the login name. The
second describes the location where the persistent-state database
files are stored.
* Luke Mewburn contributed code to allow nss_winbind.so to work properly
on supported NetBSD systems. The FreeBSD NSS winbind code should
probably be replaced with a suitably tweaked version of the NetBSD
code since the latter is much more complete in the functions that are
provided, but I'll leave that to freebsd-pkg-people.
* Samba dumps all of its files into "lock directory", but some of them
need to persist across reboots. We make a distinction between these
files and the temporary files that are re-created by the Samba
daemons when they are restarted -- the former are now stored in a
"state directory" and the latter are stored in the "lock directory".
This is modeled after the Debian patch to Samba located in:
packaging/Debian/debian-unstable/patches/fhs.patch
The "lock directory" default has been moved to ${VARBASE}/run/samba
to emphasize the temporary status of the files stored in that
directory.
* Samba persists in using PAM_AUTHTOK_RECOVER_ERR, when there is almost
universal agreement that PAM_AUTHTOK_RECOVERY_ERR is the right
constant to use. Even the Linux-PAM distribution ensures that
PAM_AUTHTOK_RECOVERY_ERR is correctly defined. To work around this,
we define PAM_AUTHTOK_RECOVER_ERR appropriately in all the places
where it is used.
* The configure script checks for OpenSSL's libcrypto.so by looking
for the symbol "des_set_key". However, libcrypto.so might not
contain that symbol because the DES functions might come from a
separate library, e.g. libdes.so. In this case, the configure script
will think that libcrypto.so is not available, when it actually may
be. Instead, look for EVP_des_cbc, which is always provided by
libcrypto.so.
* Add some missing $(PASSDB_LIBS) references to the Makefile to fix
compilation problems if the experimental passdb backends are statically
compiled into the Samba suite programs.
* Fix compilation problems in sam/idmap_rid.c and sam/idmap_ad.c if the
"rid" and "ad" idmap backends are statically compiled into winbindd.
Changes between version 3.0.14a and 3.0.20b include:
o Reporting files as read-only instead of returning the correct error
code of "access denied"
o File system quota support defects
o Crash bugs caused by incompatibilities on 64-bit systems.
o User Manager interoperability problems.
o Support for several new Win32 rpc pipes.
o New 'net rpc service' tool for managing Win32 services.
o Capability to set the owner on new files and directory based on the
parent's ownership.
o Experimental, asynchronous IO file serving support.
o Support for Microsoft Print Migrator.
o New Winbind IDmap plugin (ad) for retrieving uid and gid from AD
servers which maintain the SFU user and group attributes.
o Rewritten support for POSIX pathnames when utilizing the Linux CIFS
fs client.
o New asynchronous winbindd.
o New Windows NT registry file I/O library.
o New user right (SeTakeOwnershipPrivilege) added.
o New "net share migrate" options.
* Building and installing the PAM modules if USE_PAM is defined.
* Installing the NSS loadable modules.
* Making the samba rc.d script run the winbindd script, too.
* Active Directory support. Samba is able to join a ADS realm as
a member server and authenticate using LDAP/Kerberos.
* Unicode support.
* New, more flexible authentication (passdb) system.
* A new "net" command that is similar to the "net" command in Windows.
* Samba now negotiates NT-style status32 codes on the wire, which
greatly improves error handling.
* Better Windows 2K/2K3/XP printing support.
* Loadable module support for passdb backends and character sets.
* More performant winbindd.
* Support for migrating from a Windows NT4 domain to a Samba domain
and maintaining user, group, and domain SIDs.
* Support for establishing trust relationships with Windows NT4 DCs.
* Initial support for a distributed Winbind architecture using an
LDAP directory for storing SID-to-uid/gid mappings.
* Major updates to the Samba documentation tree.
* Full support for client and server SMB signing to ensure
compatibility with default Windows 2K3 security settings.
* Improvement of ACL mapping features.
adduser and deluser scripts into ${PKG_SYSCONFDIR} that are capable of
dealing with usernames containing a "$". These scripts basically
accept the same options as useradd/userdel. They're meant to be used
in "add user script" and "delete user script" to deal with samba
machine accounts.
version 2.2.4nb1 is that there are the usual minor bug fixes, plus some
important ones:
* fix printing with Win2K/XP clients
* fixes related to using LDAP for the SAM
* fixes related to changing passwords
Pkgsrc changes:
* Fetch the .tar.bz2 file -- it's smaller.
* Use smb.conf.default as the sample config file and get rid of
the homegrown files/smb.conf.sample. smb.conf.default is more
informative and is a better resource.
* Remove irrelevant examples.
* Move convert_smbpasswd script to the examples/samba/misc
directory. It's pretty much outlived it's usefulness at this
point of the Samba release cycle.
as they might not be there depending on whether INSTALL_RCD_SCRIPTS is set
in /etc/mk.conf when the package is built. Instead, assume that the other
rc.d scripts are in the same place as this "meta" script and locate them
using "dirname $0". Problem noted by Stoned Elipot <seb@netbsd.org> in
private email.
provided by Luke Mewburn <lukem@wasabisystems.com> with modifications by
me to allow running on older NetBSD systems (so any errors in the script
are mine alone).
scripts need for the nmbd and smbd programs to always start in daemom-mode,
which is why the "-D" flag was set via command_args in the scripts
themselves. Any additional options should be passed in through the
{nmbd,smbd}_flags settings in /etc/rc.conf. Add comments to reflect this
in the scripts.
The error reported by the PR author is most likely due to either installing
these scripts with ".sh" extensions, which is not how these are installed
into the ${PREFIX}/etc/rc.d and is definitely wrong, or in directly
sourcing these files from an rc.local script, which is again, definitely
wrong.
* Integration between Windows oplocks and NFS file opens (IRIX and Linux
2.4 kernel only). This gives complete data and locking integrity between
Windows and UNIX file access to the same data files.
* Ability to act as an authentication source for Windows 2000 clients as
well as for NT4.x clients.
* Integration with the winbind daemon that provides a single
sign on facility for UNIX servers in Windows 2000/NT4 networks
driven by a Windows 2000/NT4 PDC.
* Support for native Windows 2000/NT4 printing RPCs. This includes
support for automatic printer driver download.
* Support for server supported Access Control Lists (ACLs).
* On PAM (Pluggable Authentication Module) based systems - better debugging
messages and encrypted password users now have access control verified via
PAM - Note: Authentication still uses the encrypted password database.
* Rewritten internal locking semantics for more robustness.
This release supports full 64 bit locking semantics on all
(even 32 bit) platforms. SMB locks are mapped onto POSIX
locks (32 bit or 64 bit) as the underlying system allows.
* Conversion of various internal flat data structures to use
database records for increased performance and
flexibility.
* Support for acting as a MS-DFS (Distributed File System) server.
* Support for manipulating Samba shares using Windows client tools
(server manager). Per share security can be set using these tools
and Samba will obey the access restrictions applied.
* Samba profiling support
* Compile time option for enabling a (Virtual file system) VFS layer
to allow non-disk resources to be exported as Windows filesystems
(such as databases etc.).
supplied by Osamu OISHI <oishi@ims.ac.jp>.
Changes from 2.0.7.1.2a to 2.0.7.1.3:
- fixed bug that caused garbled output in browsing when
Samba was LMB.
- fixed bug that wrong file name length is sent to client in
short file name. It fixes bug that MS Access cannot run
under NT4 environment.
- multibyte characters are now allowed at fstype in
smb.conf.
- fixed bug that wrong string length is sent to client when
multibyte characters are used in Volume name.
- fixed bug that one extra memory block allocated in every
time and wasted it.
- included tools for administrating e.g. Coding System
modifier, replacement of `ls' or `cd' when CAP/HEX Coding
System is used.
- fixed bug about utmp.
complete list of changes can be found at http://www.samba.org/.
New Documentation in 2.0.7
--------------------------
O'Reilly and Associates have donated their book "Using Samba"
to the Samba community to be updated in a collaberative way
along with the Samba software. Starting with this release the
html of "Using Samba" will be distributed with the Samba software
as the online documentation for Samba. Bug fixes for the book
are encouraged as is new material. Please help us make this
documentation the best it can be for Samba !
Windows 2000 Issues
-------------------
This version of Samba has been tested with Windows 2000 and
the five known incompatibilities with Windows 2000 have been
fixed. See the "Changes in 2.0.7" list below for details.
New/Changed parameters in 2.0.7
-------------------------------
There are 5 new parameters in the smb.conf file.
utmp
utmp dir
utmp hostname
utmp consolidate
wtmp directory
These parameters are only available if the "--with-utmp"
option was selected at configure time. The yes/no option "utmp"
specifies whether utmp records should be recorded on user
logon/logoff. It defaults to "no". The "utmp dir" and "wtmp dir"
are string parameters specifying pathnames to the directories containing
the utmp/wtmp file databases. See the smb.conf man page for more details.
inherit permissions
This boolean parameter causes newly created files and directories
to inherit their initial permissions from their parent directory.
This can be very useful in propagating such things as the set-group
bit in directory heirarchies. See the smb.conf man page for more
details.
write cache size
This integer parameter specifies (in bytes) the size of a user level
per-file write cache that smbd will create for an oplocked file. This
can improve performance significantly for writing files by causing
writes to be done in large chunk sizes. If this parameter is set (it
defaults to zero which means no write cache) to the stripe size of
a raid volume then it will cause writes to be much more efficient.
Up to 10 write caches can be active simultaneously per smbd (allocated
for the first 10 oplocked file opens). All normal warnings about the
dangers of user level caching of data apply. See the smb.conf man page
for more details.
source environment
This pathname parameter causes Samba to read a list of environment
variables from a named file on startup. This can be useful in setting
up Samba in a clustered environment. See the smb.conf man page for more
details.
Ability to delete users added
-----------------------------
SWAT and smbpasswd can now delete users from the Samba smbpasswd file.
See the man page for smbpasswd for details.
Roving profile behavior finalized
---------------------------------
The change in behavior with roving profiles (using the "logon home"
parameter instead of the "logon path" parameter) introduced in 2.0.6
has been discovered to be consistant with the way Windows NT behaves,
and has been left as the default action. Please see the additional
notes in the "logon home" parameter description in the smb.conf man
page for more details.
* It turns out -lreadline also needs -ltermcap to link under ELF. I had
to patch the GNU configure script to make it correctly detect readline.
Are we going to have to do this to all the packages which depend upon
readline?
New/Changed parameters in 2.0.6
-------------------------------
There are 6 new parameters in the smb.conf file.
wins hook
This parameter allows an external program to be called
on all changes to a Samba WINS database, allowing dynamic
DNS updates.
debug hires timestamp
debug pid
debug uid
The above 3 parameters provide greater debug information.
preexec close
rootpreexec close
The above 2 parameters control the action taken on the
success or failure of a 'preexec' script.
There is also one removed parameter.
mangle locks
The addition of these new parameters and the removal of the old
is described in more detail in the smb.conf man page,
When using "security=domain" the "password server"
parameter can now be set to the string "*', which will
cause Samba to search for Domain controllers in the
same way that Windows NT does. See the smb.conf man
page for more details.
The "interfaces" parameter in smb.conf can now be dynamically
detected on startup and can also now take an interface name
such as eth0. See the smb.conf man page for the details
on the new features of the "interfaces" parameter.
nmbd has been enhanced to use this feature.
The syntax for the Linux-specific smbmount command has been changed
and is now compatible with the standard mount command. See the modified
smbmount man page for details.
Support for the UNIX CUPS printer standard has been added.
See www.cups.org for details. Thanks to the folks at Easy Software
Products for this code. Set the printcap name to "cups" to
enable this. See the smb.conf man page for details.
Changes in 2.0.6
-----------------
1). 64-bit locking removed from Linux autoconf build. This fixes
several Linux specific locking issues.
2). Crash bug fix in smbclient recursive processing. Fix from
E. Jay Berkenbilt (ejb@ql.org).
3). "history" command added to smbclient if readline available.
4). smbtar - updates files and directory message on restore.
5). smbmnt - 'u', 'g', 'r', 'f', 'd' options added by Andrew. See
man page for details.
6). smbmount updated to be useable by autofs on Linux. See the
samba/examples/autofs/README file for details.
7). Bug fixed where TCP_NODELAY was not being used by default in smbd.
8). Many oplock fixes. Samba now waits 30 seconds, not 45. Also
smbd no longer aborts on client break failure, but logs a message
and continues. This is what NT does. This should fix many "oplock
break" message problems people have been having.
9). New code from Andrew to dynamically detect interfaces. nmbd will
now attempt to dynamically detect interface changes and register names
as an interface goes "up".
10). Win95 ioctl for print jobs added by Matt.
11). Mapping for ISO8859-1 extended for codepage 437 and 850.
12). Code Page 737 -> ISO-8859-7 (Greek-Hellenic) mapping added.
13). Character strings now correctly converted from UNIX character set
format to DOS codepage when read from smb.conf or external passwd or
group files. Samba is now much more careful about what format external
strings should be converted to/from.
14). snprintf crash fix for IRIX 6.2 and below.
15). Increased timestamp debug fixes (adds milliseconds and uid/pid if
requested).
16). Optimisation for wildcard exact match requests.
17). Win95 wildcard semantics fix - unused code removed.
18). 'mangle locks' parameter removed. This now done automatically.
19). setXid() routines re-written to provide asserts and also to fix
AIX versions prior to 4.1.x.
20). MSG_WAITALL optimisation removed due to bugs in FreeBSD.
21). Length fix when writing UNICODE string.
22). oplock processing added to libsmb client code.
23). Added more client error message strings.
24). Fix bug with connecting to encrypted server when non-encrypted
password given.
25). In security=domain, password server extended to search for DC's
if parameter = '*'.
26). "root did not create samaphore" bug fixed.
27). random generator initialized early to prevent icons not showing
up in Win9x.
28). Logging fix after SIGHUP.
29). WINS hook external call added when nmbd is a WINS server.
30). Support for CUPS printer protocol added by Michael Sweet.
31). Support for NIS+ backend password database updates.
32). Handle dashes in print job id's. Fix from Dom.Mitchell@palmerharvey.co.uk
33). Race condition in UNIX password sync on some platforms fixed by Matt.
34). Dirptr leak from Win98 fixed.
35). Logic bug in handling of level II oplocks fixed.
36). smbd crash bug fix when opening directories.
37). Paranoia oplock fix from Charles Hoch (hoch@exemplary.com)
38). Fix Win2k problem where DCE/RPC is done on SMBwrite as well as SMBwriteX.
39). Fix Win95 redirector alignment bug that caused oplock break failures.
40). Preexec close code added.
41). Extra sanity checks in testparm code.
42). oplock tests added to smbtorture.
43). Tell SWAT user if logged in as root or not.
44). Solaris packaging fixes donated by VERITAS.
While here clean up the package somewhat:
- Remove confusion about where the SAMBA_PRIVATE directory is.
- Don't gratitously create yet another world writeable directory.
- Don't use $PREFIX as the WEB_ROOT, use the htdocs directory from the
Apache pkg instead.
- Enable use of netgroups, checking of disk quotas and the password
changing feature.
- Use /var/run/samba for runtime status files.
- Always install the example startup file.
- Misc. minor modification for better maintainability.
This version unites the samba and the uncommitted samba-des packages,
as it includes a "castrated" DES implementation that is only usable as
a hash function.
Some very minor typos in the description file corrected by myself.
collection, thanks to Ty Sarna (tsarna@endicor.com), and addresses the
first part of PR pkg/4746.
The Samba software suite is a collection of programs that implements
the SMB protocol for UNIX systems.
