Date: Wed, 23 Sep 2020 03:33:59 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 249539] net/samba413: samba 4.13.0 available Message-ID: <bug-249539-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D249539 Bug ID: 249539 Summary: net/samba413: samba 4.13.0 available Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.samba.org/samba/history/samba-4.13.0.html OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: vvd@unislabs.com CC: timur@FreeBSD.org NEW FEATURES/CHANGES =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Python 3.6 or later required ---------------------------- Samba's minimum runtime requirement for python was raised to Python 3.5 with samba 4.12. Samba 4.13 raises this minimum version to Python 3.6 both to access new features and because this is the oldest version we test with in our CI infrastructure. This is also the last release where it will be possible to build Samba (just the file server) with Python versions 2.6 and 2.7. As Python 2.7 has been End Of Life upstream since April 2020, Samba is dropping ALL Python 2.x support in the NEXT release. Samba 4.14 to be released in March 2021 will require Python 3.6 or later to build. wide links functionality ------------------------ For this release, the code implementing the insecure "wide links =3D yes" functionality has been moved out of the core smbd code and into a separate VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded by smbd as the last but one module before vfs_default if "wide links =3D ye= s" is enabled on the share (note, the existing restrictions on enabling wide links around the SMB1 "unix extensions" and the "allow insecure wide links" parameters are still in force). The implicit loading was done to allow existing users of "wide links =3D yes" to keep this functionality without having to make a change to existing working smb.conf files. Please note that the Samba developers recommend changing any Samba installations that currently use "wide links =3D yes" to use bind mounts as soon as possible, as "wide links =3D yes" is an inherently insecure configuration which we would like to remove from Samba. Moving the feature into a VFS module allows this to be done in a cleaner way in future. A future release to be determined will remove this implicit linkage, causing administrators who need this functionality to have to explicitly add the vfs_widelinks module into the "vfs objects =3D" parameter lists. The release notes will be updated to note this change when it occurs. NT4-like 'classic' Samba domain controllers ------------------------------------------- Samba 4.13 deprecates Samba's original domain controller mode. Sites using Samba as a Domain Controller should upgrade from the NT4-like 'classic' Domain Controller to a Samba Active Directory DC to ensure full operation with modern windows clients. SMBv1 only protocol options deprecated -------------------------------------- A number of smb.conf parameters for less-secure authentication methods which are only possible over SMBv1 are deprecated in this release. REMOVED FEATURES =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The deprecated "ldap ssl ads" smb.conf option has been removed. The deprecated "server schannel" smb.conf option will very likely removed in the final 4.13.0 release. smb.conf changes =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Parameter Name Description Default -------------- ----------- ------- ldap ssl ads Removed smb2 disable lock sequence checking Added No smb2 disable oplock break retry Added No domain logons Deprecated no raw NTLMv2 auth Deprecated no client plaintext auth Deprecated no client NTLMv2 auth Deprecated yes client lanman auth Deprecated no client use spnego Deprecated yes server schannel To be removed in 4.13.0 server require schannel:COMPUTER Added --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-249539-7788>