New Samba version released today 3.0.20a

We are proud to announce the production release of Samba 3.0.20a. This is the latest stable release
of Samba. This is the version that production Samba servers should be running for all current
bug-fixes. Please read the specific changes in the Release Notes.

The Samba 3.0.20a source code can be downloaded now. The GnuPG signature for the uncompressed
tarball is also available. If you prefer to download just the diff between 3.0.20 to 3.0.20a, the
patch file (gpg signature) is also available. Precompiled packages for Solaris, Fedora Core 4, and
RedHat 9 are available in the Binary_Packages download area. Packages for other platforms will be
available shortly.

Samba 3.0.20a is also available via BitTorrent (samba-3.0.20a.tar.gz.torrent). Note that when
downloading via BitTorrent, you are encouraged to verify the resulting uncompressed tarball\'s GPG
signature.

Release notes :

===============================
Release Notes for Samba 3.0.20a
Sept 30, 2005
===============================

This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. Please read the following important changes in this
release.

Common bugs fixed in 3.0.20a include:

o Stability problems with winbindd.
o Crash bugs caused by incompatibilities on 64-bit systems.
o Missing files from directory listings on AIX servers
o User Manager interoperability problems.
o Minor build difficulties on various platforms such as
Solaris and OpenBSD,


Winbind, security = domain, and Active Directory
================================================

Recent security updates for Windows 2000 and Windows 2003 have
changed the fashion in which user and group lists can be obtained
from domain controllers. In short, the RPC mechanisms used by
\"security = domain\" to retrieve users and groups is not compatible
with these changes. The \"security = ads\" configuration is not
affected by the Windows protocol changes.

Samba developers are actively working to correct this problem in
the 3.0.21 release. In the meantime, Administrators who are unable
to migrate to \"security = ads\" and must continue using \"security =
domain\", can define credentials to be used by winbindd for account
enumeration by executing the following command as root.

wbinfo --set-auth-user=\'DOMAIN\\username%password\'



######################################################################
Changes
#######


Changes since 3.0.20
--------------------

commits
-------

o Jeremy Allison
* BUG 3065: Fix for legacy clients retrieving a listing of
an empty directory.
* Added external library for accessing Samba\'s share mode
database.
* Fix winbindd credentials chain which caused logon failures
after attempting to authenticate an unknown user.
* Fix recursive looping bug in winbindd.
* Fix build errors on 64-bit systems.
* Posix ACL memory leak and crash bug fixes.
* BUG 3044: Ensure OPEN-EXEC is honored as read-only.
* BUG 3060: Ensure SMBcreate truncates the file if it exists.
* Hide dot files and directory logic fixes.
* Correct display of open file modes by smbstatus.
* BUG 3010: Fix missing files bug on AIX systems.


o Gerald (Jerry) Carter
* Allow the root user to automatically pass se_access_checks()
in the registry and service control server code.
* Ensure that winbindd uses the correct name in the net_auth2()
request when running on a Samba PDC.
* Fix linking problem with tdb utilities.
* BUG 3080: Fix regression in \'net rpc shutdown\' command.
* Fix segv in \'net rpc\' when the pipe open fails.
* Fix upload bug when installing 64-bit Windows printer drivers.
* Fix regression in the smburi syntax used by smbspool.
* Fix sorting of subkey hash records in registry files.
* Correct REG_CREATE_KEY_EX parsing error.
* Interoperability issues with usrmgr.exe and Samba groups.
* Use the display names and not the Unix names when enumerating
groups in the ldapsam passdb backend.
* Ensure that Windows domain user names are converted to lower case.


o Guenther Deschner
* Prevent BUILTIN sids returned in the user\'s token from
a Windows DC from being applied to any local group mappings
on the Samba host.
* Plug memory leaks in the kerberos keytab code.
* Ensure BUILTIN groups are returned from winbindd\'s idmap_rid
backend when \'winbind nested groups\' is enabled.
* Fix crash bug in winbindd caused by 64-bit build issues.
* Improve debug messages in smbspool.
* Give better error-message when \"NDS Universal Password\" change fails.
* Fix password history error in the eDirectory schema file.
* Ensure that Windows domain group names are converted to lower case.


o Steve French
* Allow disabling mandatory byte range lock mount flag, and fix
corresponding entry in mtab.


o Volker Lendecke
* Fix race condition in the NTcreate&X open code when the
disposition is NTCREATEX_DISP_CREATE.
* Correct logic error when checking the pid for pending print
change notify messages.
* Ensure that winbindd child process complete startup even when
the parent is receiving authentication requests.
* Return the full NTSTATUS code to ntlm_auth and pam_winbindd
when authentication fails.


o Jason Mader
* Compile warning fixes.


o Uli Meis
* Patches for pdb_*sql.c


o Luke Mewburn
* Autoconf syntax fixes.


o James Peach
* Correct problem with creating a core file in Linux.


o Stefan Metzmacher
* Quota fixes in smbd.


o Peter Rindfuss
* Patches for pdb_*sql.c


o Jiri Sasek
* Solaris toolchain patches for autoconf scripts.


o Andrew Tridgell
* Fix for tdb clear-if-first race condition.


o Leo Weppelman
* BUG 3104: Don\'t allow time updates to files on read-only shares.


o Steve Williams
* BUG 3052: Fix compile issues on OpenBSD.