Samba 2.2.2 is the first release to include the winbind daemon. This code allows UNIX systems that implement the name service switch (nss) to be entered into a Windows NT/2000 domain and use the Domain controller for all user and group enumeration.
This allows a Samba server added to a Windows domain to serve file and print services with NO local users needed in /etc/passwd and /etc/group - all users and groups are read directly from the Windows domain controller. In addition with pam_winbind which allows a PAM enabled UNIX system to use a Windows domain for authentication service this allows single sign on and account control across UNIX and Windows systems.
The current version of winbindd shipped in 2.2.2 does have some memory leaks, which will be addressed for the next Samba release, so it is advisable to monitor the winbind process. This code is being used in production by several vendors, so the leaks are managable. In addition, this version of winbind does not work correctly against a Samba PDC, due to some missing calls on the PDC side. These problems are being addressed for the next Samba release, but it was thought better to release the code now rather than delay the main Samba code to match the winbind release schedule.
For more information on using winbind, see the man pages for winbindd and wbinfo. Note that winbindd is not installed by default. Changes in 2.2.2
1). mmap tdb code disabled on HPUX. This should prevent the reports of
tdb corruption on HUPX.
2). Large file support set to off in Solaris 5.5 and below.
3). Better CUPS detection.
4). New SAM (password database) backends - smbpasswd (traditional),
LDAP, NIS+ and Samba TDB.
5). Quota fixups on Linux.
6). libsmbclient stand-alone code added. Can be built as a shared library
7). Tru64 ACL suppport added.
8). winbindd option added.
9). Realloc fail tidyup fixes all over the code.
10). Large improvement in hash table code efficiency - would be found with
large stat caches.
11). Error code consistency improved (still needs more work).
12). Profile shared memory support added to nmbd.
13). New Windows 2000/NT passthrough info levels added.
14). readraw/writeraw code rewritten - many bugs fixed.
15). UNIX password sync (non pam) code fixed, use correct wildcard matcher.
16). Reverse DNS lookup avoided on socket open.
17). Bug preventing nmbd re-registering names on WINS server timeout fixed.
18). Zero length byte range lock code added. Much closer to Windows semantics.
19). Alignment fault fixes for Linux/Alpha.
20). Error checking on tdb returns vastly improved.
21). Handling of delete on close fixed. No longer possible to leave 'dead'
22). Handling of oplock break failure cleanups improved. Should not be
able to leave 'dead' entries.
23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts.
24). Misc. MS-DFS code fixes.
25). Ignore logon packets if not a PDC (needed for PDC/BDC failover).
26). winbind pam module added.
27). Order N^^2 enumeration of printers problem fixed.
28). Password backend database code re-ordered to allow different password
backends (at compile time currently).
29). Improved print driver version detection for Windows 2000.
30). Driver DEVMODE initialization fixes.
31). Improved SYSV print parse code.
32). Fixed enumeration of large numbers of users/groups from Windows clients.
Code still too slow.
33). Fix for buggy NetApp RPC pipe clients.
34). Fix for NT sending multiple SetPrinterDataEx calls.
35). Fix for logic bug where smbd could delay oplock break request messages
from other smbd daemons whilst client kept us busy.
36). Fix deadlock problem with connections tdb on enumeration.
37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways.
38). Removed unused readbmpx/writebmpx code.
39). Attempt to fix Linux 2.4.x quota mess.
40). Improved ctemp code for Windows 2000 compatibilty.
41). Finally understood difference between set EOF and set allocation requests.
Added strict allocate parameter to help.
42). Correctly return name types on name to SID lookups.
43). tdb spinlock code update.
44). Use pread/pwrite on systems that have it to fix race condition in tdb code.