                      Likewise CIFS 6.2.1 Release Notes
                      =================================

Introduction
------------

Likewise CIFS 6.2.1 provides authentication, identity management, file
system protocol interfaces, and a reference file system implementation for
Linux and FreeBSD on x86 and x64.

New Features and Functionality
------------------------------

* Doxygen Documentation

New documentation generated using Doxygen is provided as part of this
release. In addition, the README bundled with the release has been
completely updated with information about building, configuring, and running
the software.

* Service Containers:

Likewise services are now managed through a flexible container system
handled by lwsmd.  Likewise services are now implemented as shared object
(.so) files that are dynamically loaded into container processes.  Services
can be configured to run in dedicated containers or to share containers to
reduce memory usage and IPC overhead.

The service manager includes watchdog functionality that allows it to
automatically restart any service that dies unexpectedly.  This can be
configured in the registry under:

  [HKEY_THIS_MACHINE\Services\lwsm\Parameters\Watchdog]
   "Enabled"=dword:<0 or 1>

The current in-memory watchdog setting can be fetched via "lwsm settings"
and can be set via "lwsm set watchdog".  (Note that this does not query or
modify the registry.)  See the "Troubleshooting" section in the README for
additional information.

Likewise services now have a flexible logging system that is centrally
controlled through lwsmd.  Logging settings are controlled on a
per-container basis.  Within a container, each facility may be configured
with a separate log target and log level.  Log targets and log levels can be
dynamically configured through the lwsm service.

Default log settings for a service can be specified in the registry as
follows:

  [HKEY_THIS_MACHINE\Services\<service>]
   "DefaultLogType"=dword:<type>
   "DefaultLogTarget"="<target>"
   "DefaultLogLevel"=dword:<level>

  - for <type> and <level>, see lwsm/include/lwsm/lwsm.h.
  - for file logging, the <target> is the path for the log file.

The in-memory log settings can be queried and set with "lwsm get-log", "lwsm
set-log-target", and "lwsm set-log-level".  See the "Troubleshooting"
section in the README for additional information.

* Privileges Support

Windows-style privileges have been added.  They can be configured via
"lw-lsa account-rights" or via RPC.  It is also possible to configure custom
privileges directly in the registry.

* Basic SMB 2.1 Support

The CIFS server will negotiate SMB 2.1.  In this release, only SMB 2.1
write-through is supported.  SMB 2.1 lease and large MTU capabilities are
not supported in this release.

* SMB 2.0 Durable Handles:

Durable handle support has been added to SMB 2.0.

* domainjoin-cli Removed

The domainjoin-cli tool has been removed.  The nsswitch and PAM
configuration capabilities are now in the lw-sysauth utility.  To join, use
"lw-lsa join".

* Access Token Owner Information

The new lsass configure option "--lsa-builtin-admins-ownership" controls
whether the owner information for an access token is set to the
BUILTIN\Administrators group (instead of the token's user) when the user is
a member of that group.  This allows security descriptors created by the
user to be owned by BUILTIN\Administrators instead of the user SID.  Version
of Windows after Windows XP (such as Windows Server 2003 and up and Windows
Vista and up) have this behavior.  Currently, the new behavior must be
explicitly enabled with the configure option.

* EA Support in SRV

EAs are supported in SRV, but not PVFS.  At this time, only SMB1 support is
fully implemented.

* FSD for SRV Is Now Configurable in Registry

The FSD for SRV is now configurable in the registry via:

  [HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\srv]
  "FileSystemRoot"=<device path>

This is used in conjunction with the "DefaultSharePath" to bootstrap the C$
share.

* Replaceable Share Database Backend

The share database backend in SRV can be replaced with a custom
implementation.  The backend API is defined in
lwio/server/srv/shares/sharerepository.h.  The default implementation is in
lwio/server/srv/shares/backend.

Changes
-------

* Packaging Changes

The new package name is likewise-storage.  The package no longer configures
nsswitch or PAM on install or uninstall.  If configuring PAM (with
lw-sysauth or manually), make sure to unconfigure it before uninstalling.
(Otherwise, the system may prevent you from logging in.)

Known Issues
------------

* Users Who Are Members of No Groups Cannot Authenticate

An access token cannot be created for a local user not belonging in any
groups.  Authentication will fail with STATUS_INSUFFICIENT_RESOURCES.

* No EA support in SMB2

SMB2 currently does not pass through all EA requests.

* Potential lsass shutdown hang

There are certain cases where RPC to lsass may cause lsass to hang on
shutdown.
