Samba 3.0.28a Available for Download

                   Release Notes for Samba 3.0.28a
                            Mar 8, 2008

This is the second production release of the Samba 3.0.28 code 
base and is the version that servers should be run for for all 
current bug fixes.  

Major bug fixes included in Samba 3.0.28a are:

  o Failure to join Windows 2008 domains
  o Windows Vista (including SP1 RC) interop issues


smb.conf changes

    Parameter Name                      Description     Default
    --------------                      -----------     -------
    administrative share                New             No
    ldap debug level                    New             0
    ldap debug threshold                New             10

Changes since 3.0.28

o   Michael Adam 
    * Fix bug in version string's vendor tag.
    * Prevent net getdomainsid from crashing when called as non-root.
    * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
    * Fixes for internal LookupNames() calls for unqualified users and 
    * Remove unnecessary functions when managing domain trust 
    * Fix winbindd on a Samba DC talking to a trusted domain DC
    * Consolidate the detection of the machine_account_name when
      obtaining trust credentials from the local database.
    * Refactor trust account database routines and session key
    * Fix retrieval of trusted domain password policies when
      authenticating a user (only when WBFLAG_PAM_GET_PWD is config
      flags is set).
    * Refactor Winbind's cm_connect_sam().
    * Enable building the notify_fam module.
    * Add "ldap debug level" and "ldap debug threshold" smb.conf options.

o   Jeremy Allison 
    * Fix cut-n-paste bug when filling in form values for Printer
    * Fix SMB signing bug found by Volker.
    * Create locking.tdb when running smbstatus before smbd to avoid
      confusing error messages.
    * Add a portable version of strlcpy and strlcat.
    * BUG 4780: Cause user mounts to inherit uid= and gid= from the
      calling user when called as non-root, except when overridden on
      the command line.  Original patch by Steve Langasek.
    * BUG 5802: Recent versions of Linux-PAM support localization of
      user prompts, so Samba must use the C locale when invoking PAM
    * Merge Vista principal detection changes by Andreas Schneider
      from 3.2 branch.
    * BUG 5121: Fix problems running unix passwd sync on streams based 
    * BUG 4612: Fix smbd crash when connecting from an OS/2 client.
    * Back port Volker's ACL fixes on newly create files form 3.2.
    * Ensure that send_getdc_request() matches the 3.2 code base.
    * BUG 3617: Fix crash in nmbd caused by referencing freed memory.
    * Fixes for issues reported by IBM checker.
    * Fixes for issues reported by Coverity.
    * Back port Volker's fix for nlink count.
    * Back port SAMR flag fixes from Matt Geddes
    * BUG 4929: Cope with protected ACL set correctly (based on work
      from Jim McDonough).
    * Fix ACL set bug when group being set is the primary group.
    * Ensure NDR wire-reads of string types are always null
    * BUG 5247: Fix mget wildcard expansion in smbclient.
    * Fix bug in SPNEGO negotiation.
    * BUG 3617: Fix "Invalid read of size 4" errors.
    * BUG 5267: Prevent nmbd from shutting down when no network
      interfaces can be located.

o   Kai Blin 
    * libsmb: Do not upper-case target name on NTLMv2 hash generation.
    * Fix an incompatible pointer type warning.

o   Gerald Carter 
    * Restrict the enctypes in the generated krb5.conf files to
      Win2003 types.

o   Steven Danneman 
    * Error path memory leak fixes.

o   Guenther Deschner 
    * Fix PAC decoding from Vista SP1 client.
    * Fix get_trust_creds() to return always an upper-cased krb5
    * Back port additional fixes necessary for support Windows 2008
      domain joins from the 3.2 branch.

o   Mathias Gug 
    * BUG 5802: Recent versions of Linux-PAM support localization of
      user prompts, so Samba must use the C locale when invoking PAM

o   Steve Langasek 
    * BUG 3727: Fix smbpasswd abort when called by non-root user.
    * BUG 4784: Prevent umount.cifs from allowing all users to unmount shares.
    * BUG 5802: Recent versions of Linux-PAM support localization of
      user prompts, so Samba must use the C locale when invoking PAM

o   Volker Lendecke 
    * When allocating a new vuid, also avoid partial ones.  Also
      fully invalidate intermediate ones.
    * Fix error path exit in create_local_nt_token() to correctly roll 
      back security contexts.
    * Fix valgrind warnings in nmbd.
    * Pointer initialization fixes in notify_marshall_changes().
    * BUG 5208: Fix uninitialized variables in vfs_hpuxacl.c (reported 
      by David Leonard ).
    * Copy the 3.2 version of string_replace to 3.0.
    * Port SMB_FS_OBJECTID_INFORMATION from 3.2 (Patch by Corinna
    * Memory leak fixes.
    * Fix error code propagation from cli_session_setup_kerberos().
    * BUG 5217: Fix inotify detection.
    * BUG 5279: Correctly check return of rename().
    * BUG 5252: Fix confusing error messages in mount.cifs.
    * BUG 5307: Respect FAMChanged (Thanks to Ricardo Santos).
    * Work around a handle leak in XP 64 bit.

o   Guenter Kukkukk 
    * OS/2 returns eclass == ERRDOS && ecode == ERRnofiles for a zero 
      entry directory listing.

o   Tom Maher 
    * BUG 5175: Support krb5 auth in smbcacls.

o   Hans Mayer 
    * BUG 5141: Solaris 9 compile fix.

o   Stefan Metzmacher 
    * Fix default printing system detection in libreplace. 

o   Laurent Pinchart 
    * BUG 5163: Return better error codes when a password cannot be
      set in and LDAP directory.

o   Jiri Sasek 
    * BUG 4866: Correct password routine detection on Solaris.

o   Andreas Schneider 
    * Remove trailing slashes on server names when parsing input from
    * Support Windows 2008 domain joins (variant of Todd Stecher's
      original patch).
    * Add "administrative share" service parameter for defining hidden
      administrative shares that cannot be managed from Windows.

o   Karolin Seeger 
    * Use the "ldap user suffix" when enumerating a users group

o   Simo Sorce 
    * Don't assume NULL termination when copying the principal name
      in kerberos_get_default_realm_from_ccache().
    * Fix winbindd running on a Samba DC (again).

o   Bo Yang 
    * Fix bad private_data pointer in winbindd_lookupname_async().

Please refer to the original Samba 3.0.28 Release Notes for more details regarding changes in previous releases.