Samba 4.0.3 Available for Download

                   Release Notes for Samba 4.0.3
                         February 05, 2013

This is is the latest stable release of Samba 4.0.

Major enhancements in Samba 4.0.3 include:

o  check_password_quality: Handle non-ASCII characters properly (bug #9105).
o  Fix ACL problem with delegation of privileges and deletion of accounts
   over LDAP interface (bug #8909).
o  Fix 'smbd' panic triggered by unlink after open (bug #9571).
o  smbd: Fix memleak in the async echo handler (bug #9549).

Known issues:

o  For more details concerning the ACL problem with delegation of privileges
   and deletion of accounts over LDAP interface (bugs #8909 and #9267)
   regarding upgrades from older 4.0.x versions, please see

   which will be filled with details once we have worked out an upgrade

Changes since 4.0.2:

o   Michael Adam <>
    * BUG 9568: Document the command line options in dbwrap_tool(1).

o   Jeremy Allison <>
    * BUG 9196: defer_open is triggered multiple times on the same request.
    * BUG 9518: conn->share_access appears not be be reset between users.
    * BUG 9550: sigprocmask does not work on FreeBSD to stop further signals in
      a signal handler.
    * BUG 9572: Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients.
    * BUG 9586: smbd[29175]: disk_free: sys_popen() failed" message logged in
      /var/log/message many times.
    * BUG 9587: Archive flag is always set on directories.
    * BUG 9588: ACLs are not inherited to directories for DFS shares.

o   Andrew Bartlett <>
    * BUG 8909: Fix ACL problem with delegation of privileges and deletion of
      accounts over LDAP interface.
    * BUG 9461: FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT.
    * BUG 9564: Fix compilation of Solaris ACL module.
    * BUG 9581: gensec: Allow login without a PAC by default.
    * BUG 9596: Linked attribute handling should be by GUID.
    * BUG 9598: Use pid,task_id as cluster_id in process_single just like
    * BUG 9609: ldb: Ensure to decrement the transaction_active whenever we
      delete a transaction.
    * BUG 9609: Add 'ldbdump' tool.
    * BUG 9609: ldb: Remove no-longer-existing ltdb_unpack_data_free from
    * BUG 9609: ldb: Change ltdb_unpack_data to take an ldb_context.
    * BUG 9610: dsdb: Make secrets_tdb_sync cope with -H secrets.ldb.

o   Björn Baumbach <>
    * BUG 9512: wafsamba: Use additional xml catalog file.
    * BUG 9517: samba_dnsupdate: Set KRB5_CONFIG for nsupdate command.
    * BUG 9552: smb.conf(5): Update list of available protocols.
    * BUG 9568: Add dbwrap_tool.1 manual page.
    * BUG 9569: ntlm_auth(1): Fix format and make examples visible.

o   Ira Cooper <>
    * BUG 9575: Duplicate flags defined in the winbindd protocol.

o   Gönther Deschner <>
    * BUG 9474: Downgrade v4 printer driver requests to v3.
    * BUG 9595: s3-winbind: Fix the build of idmap_ldap.

o   David Disseldorp <>
    * BUG 9378: Add extra attributes for AD printer publishing.

o   Stephen Gallagher <>
    * BUG 9609: ldb: Move doxygen comments for ldb_connect to the right place.

o   Volker Lendecke <>
    * BUG 9541: Make use of posix_openpt.
    * BUG 9544: Fix build of vfs_commit and plug in async pwrite support.
    * BUG 9546: Fix aio_suspend detection on FreeBSD.
    * BUG 9548: Correctly detect O_DIRECT.
    * BUG 9549: smbd: Fix memleak in the async echo handler.

o   Stefan Metzmacher <>
    * BUG 8909: Fix ACL problem with delegation of privileges and deletion of
      accounts over LDAP interface.
    * BUG 9105: check_password_quality: Handle non-ASCII characters properly.
    * BUG 9481: samba_upgradeprovision: fix the nTSecurityDescriptor on more
    * BUG 9499: s3:smb2_negprot: set the 'remote_proto' value.
    * BUG 9508: s4:drsuapi: Make sure we report the meta data from the cycle
    * BUG 9540: terminate the irpc_servers_byname() result with
    * BUG 9598: Fix timeouts of some IRPC calls.
    * BUG 9609: Fix a warning by converting from TDB_DATA to struct ldb_val.

o   Matthieu Patou <>
    * BUG 8909: Add documentation.
    * BUG 9565: Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200
      functional level) produces dbcheck errors.

o   Arvid Requate <>
    * BUG 9555: s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup.

o   Rusty Russell <>
    * BUG 9609: tdb: Add '-e' option to tdbdump (and document it).
    * BUG 9609: tdb: 'tdbdump' should log errors, and fail in that case.
    * BUG 9609: tdb: Add tdb_rescue() to allow an emergency best-effort dump.

o   Samba-JP oota <>
    * BUG 9528: Remove superfluous bracket in samba.8.xml.
    * BUG 9530: Fix typo in vfs_tsmsm.8.xml.

o   Andreas Schneider <>
    * BUG 9574: Fix a possible null pointer dereference in spoolss.

o   Karolin Seeger <>
    * BUG 9591: Correct meta data in ldb manpages.

o   Pavel Shilovsky <>
    * BUG 9571: Fix 'smbd' panic triggered by unlink after open.

o   Andrew Tridgell <>
    * BUG 9609: ldb: Fix callers for ldb_pack_data() and ldb_unpack_data().
    * BUG 9609: ldb: move ldb_pack.c into common.

o   Jelmer Vernooij <>
    * BUG 9503: waf assumes that pythonX.Y-config is a Python script.