samba bug fix and enhancement update

Updated samba packages that fix various bugs and add enhancements are now
available.

Samba is a suite of programs used by machines to share files, printers, and
other information.

These updated packages fix the following bugs:

* the smbcacls "-M OWNER" and "-M GROUP" options did not change the owner
or the group.

* when using a samba recycle folder with "recycle:touch = yes" enabled,
touch failed when a user removed a file that was not created by that user.

* samba incorrectly changed the date and time on a file when it was opened
by Microsoft Excel.

* when "security = ads" was enabled, a memory leak caused the winbindd
process to consume memory until out-of-memory errors killed the windbind
process. Other processes may have been killed.

* samba did not recognize netgroups provided by LDAP servers.

* a segmentation fault occurred when running "net ads join [domain]" after
obtaining a Kerberos ticket for the domain administrator.

* when Samba is a Domain Master Browser, Microsoft Windows clients browsing
the network shares caused the nmbd daemon to hang.

* the smbclient and smbtree commands did not display share names that were
more than 12 characters long.

* smbd and nmbd now use a default port number when an invalid port is
specified.

* directory change notifications only worked for 1 minute when a samba
share was opened by Microsoft Windows Explorer. Red Hat Enterprise Linux 4
users need to install the "gamin" package, and set "vfs object =
notify_fam" in smb.conf to activate notifications.

* the netsamlogon_cache.tdb file failed to update after modifying user and
group membership in Microsoft Active Directory (AD), causing windbind and
nss to report inaccurate information.

* in certain situations the wrong free size value was returned for Samba
shares that were larger than 2 TB.

* mkfifo failed to create named pipes on CIFS file systems.

* some setfattr operations failed. This could be seen using the Linux
Test Project test suite. These are expected to fail due to the CIFS
security model.

* the smb init script returned incorrect values, causing the wrong status
to be returned by the status command.

* the vfs_full_audit module logged incorrect operations.

This update also adds the following enhancements:

* umount.cifs, allowing users to unmount CIFS file systems.

* smbclient support for the Microsoft Distributed File System.

* "host msdfs = yes" is now the default in smb.conf.

* support for Microsoft Print Migrator.

* CIFS UNIX extentions for use with the kernel CIFS module.

* new "Unix Users" and "Unix groups" domains for unmapped users and
domains.

WARNING: Note the following major changes, which may break certain
installations:

* a fully qualified user/group name is required for many options, otherwise
access may be denied.
* removed support for chaining multiple passdb backends.
* privilege delegation.
* better Schannel, SPNEGO and NTLMv2 support.
* Kerberos support for pam_winbindd.
* Winbindd offline mode authentication and AD Site discovery support.
* rewritten IDMAP subsystem to support multiple backends, added support
for AD with the SFU or the RFC2307 schema.

New Options:
idmap domains
idmap alloc backend
idmap cache time
idmap negative cache time
ldap password sync
winbind normalize names
winbindd nss info
winbind offline logon
winbind refresh tickets

Deprecated options:
acl group control
printer admin
write cache

Removed options:
change notify timeout
lock spin count
enable rid algorithm
hosts equiv
winbind max idle children
wins partners
ldap filter
min password length
winbind enable local account

Changed options (different defaults or new values):
dos filemode: no
host msdfs: yes
strict locking: auto
winbind enum users: no
winbind enum groups: no
winbind nested groups: yes

All samba users should upgrade to these updated packages, which resolve
these issues and add these enhancements.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This Release fixes numerous bugs, adds new features and improves
compatibility with other CIFS clients and servers especially with the
Microsoft Windows family of operating system up to Windows Vista.
To achieve this result some changes in behavior were required. Therefore
some configurations may need minor adjustments to function properly after
an upgrade.
We advice forward testing for critical production servers before applying
this upgrade.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

162130 - winbindd, memory leak
171897 - Bogus warning saving excel spreadsheet
172372 - net ads join dumped core
172713 - nmbd either crashes and dies or stops responding
187213 - smbcacls doesn't change ownership/group
191273 - Failure to mount samba shares under certain conditions
194210 - smbclient / smbtree returns <12 characters shares.
205353 - smbd allows ports higher than 65536.
206260 - Samba fails to recognise valid users = @netgroup under LDAP and no YP
218955 - Drirectory change notification work only for 1 min
221907 - Vista login problems
227325 - netsamlogon_cache.tdb group information becomes stale
228236 - RHEL4 samba needs -excel patch already in RHEL3
228989 - Samba shares with >= 2Tb filesystems can be return wrong free size.
229761 - mkdir -p foo/bar fails on CIFS clients / Samba server
240321 - Update to 3.0.25 or later.
241575 - fatal errors from mount.smbfs leading to an stale mount point
241870 - Module vfs_full_audit logs unwanted operation types
242753 - Missing character bug in latest security patches
244821 - Wrong init script