diff --git a/.gitignore b/.gitignore
index 0e31560..16a3f14 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ samba-3.6.0pre1.tar.gz
 /samba-4.1.0rc2.tar.xz
 /samba-4.1.0rc3.tar.xz
 /samba-4.1.0rc4.tar.xz
+/samba-4.1.0.tar.xz
diff --git a/samba-4.1.0rc4-add_support_for_krb5_keyring.patch b/samba-4.1.0rc4-add_support_for_krb5_keyring.patch
deleted file mode 100644
index d2ede37..0000000
--- a/samba-4.1.0rc4-add_support_for_krb5_keyring.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From d0279ff5b87a40ea2e59d9f4ca96b2d4c8189d26 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 10 Sep 2013 09:28:50 +0200
-Subject: [PATCH 1/3] s3-winbind: Don't set a default directory for DIR.
-
-There is not default so you should always have to specify a directory in
-the config file.
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/winbindd/winbindd_pam.c | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 7b67154..957dde3 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -492,10 +492,6 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
- 			gen_cc = talloc_asprintf(
- 				mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
- 		}
--		if (strequal(type, "DIR")) {
--			gen_cc = talloc_asprintf(
--				mem_ctx, "DIR:/run/user/%d/krb5cc", uid);
--		}
- 
- 		if (strnequal(type, "FILE:/", 6) ||
- 		    strnequal(type, "WRFILE:/", 8) ||
--- 
-1.8.4
-
-
-From 266e5cea14109530b513ba7f48fa18f370333de3 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 10 Sep 2013 09:30:04 +0200
-Subject: [PATCH 2/3] s3-winbind: Add support for the kernel krb5 keyring
- buffer.
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
----
- source3/winbindd/winbindd_pam.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
-index 957dde3..c356686 100644
---- a/source3/winbindd/winbindd_pam.c
-+++ b/source3/winbindd/winbindd_pam.c
-@@ -492,6 +492,10 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
- 			gen_cc = talloc_asprintf(
- 				mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
- 		}
-+		if (strequal(type, "KEYRING")) {
-+			gen_cc = talloc_asprintf(
-+				mem_ctx, "KEYRING:persistent:%d", uid);
-+		}
- 
- 		if (strnequal(type, "FILE:/", 6) ||
- 		    strnequal(type, "WRFILE:/", 8) ||
--- 
-1.8.4
-
-
-From 3884f6bb3e7c1e0a4445231f0c2bb7f3335a5b79 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 10 Sep 2013 09:43:32 +0200
-Subject: [PATCH 3/3] doc: Update documentation of pam_winbind krb5 support.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-
-Autobuild-User(master): Günther Deschner <gd@samba.org>
-Autobuild-Date(master): Tue Sep 10 15:35:20 CEST 2013 on sn-devel-104
----
- docs-xml/manpages/pam_winbind.conf.5.xml | 26 +++++++++++++++++---------
- 1 file changed, 17 insertions(+), 9 deletions(-)
-
-diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
-index be7f684..725e809 100644
---- a/docs-xml/manpages/pam_winbind.conf.5.xml
-+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
-@@ -106,16 +106,24 @@
- 		<term>krb5_ccache_type = [type]</term>
- 		<listitem><para>
- 
--		When pam_winbind is configured to try kerberos authentication by
--		enabling the <parameter>krb5_auth</parameter> option, it can
--		store the retrieved Ticket Granting Ticket (TGT) in a credential
--		cache. The type of credential cache can be controlled with this
--		option.  The supported values are: <parameter>FILE</parameter>
--		and <parameter>DIR</parameter> (when the DIR type is supported
--		by the system's Kerberos library). In case of FILE a credential
-+		When pam_winbind is configured to try kerberos authentication
-+		by enabling the <parameter>krb5_auth</parameter> option, it can
-+		store the retrieved Ticket Granting Ticket (TGT) in a
-+		credential cache. The type of credential cache can be
-+		controlled with this option.  The supported values are:
-+		<parameter>KEYRING</parameter> (when supported by the system's
-+		Kerberos library and Kernel), <parameter>FILE</parameter> and
-+		<parameter>DIR</parameter> (when the DIR type is supported by
-+		the system's Kerberos library). In case of FILE a credential
- 		cache in the form of /tmp/krb5cc_UID will be created -  in case
--		of DIR it will be located under the /run/user/UID/krb5cc
--		directory.  UID is replaced with the numeric user id.</para>
-+		of DIR you NEED to specify a directory. UID is replaced with
-+		the numeric user id.</para>
-+
-+		<para>When using the KEYRING type, the supported mechanism is
-+		<quote>KEYRING:persistent:UID</quote>, which uses the Linux
-+		kernel keyring to store credentials on a per-UID basis. This is
-+		the recommended choice on latest Linux distributions, as it is
-+		the most secure and predictable method.</para>
- 
- 		<para>It is also possible to define custom filepaths and use the "%u"
- 		pattern in order to substitue the numeric user id.
--- 
-1.8.4
-
diff --git a/samba.spec b/samba.spec
index e2db88e..328f529 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,7 +1,7 @@
 # Set --with testsuite or %bcond_without to run the Samba torture testsuite.
 %bcond_with testsuite
 
-%define main_release 8
+%define main_release 1
 
 %define samba_version 4.1.0
 %define talloc_version 2.0.8
@@ -10,7 +10,7 @@
 %define tevent_version 0.9.18
 %define ldb_version 1.1.16
 # This should be rc1 or nil
-%define pre_release rc4
+%define pre_release %nil
 
 %if "x%{?pre_release}" != "x"
 %define samba_release 0.%{main_release}.%{pre_release}%{?dist}
@@ -77,8 +77,6 @@ Source6: samba.pamd
 Source200: README.dc
 Source201: README.downgrade
 
-Patch0: samba-4.1.0rc4-add_support_for_krb5_keyring.patch
-
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 Requires(pre): /usr/sbin/groupadd
@@ -449,8 +447,6 @@ module necessary to communicate to the Winbind Daemon
 %prep
 %setup -q -n samba-%{version}%{pre_release}
 
-%patch0 -p1 -b .samba-4.1.0rc4-add_support_for_krb5_keyring.patch
-
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
 %global _tevent_lib ,tevent,pytevent
@@ -1492,6 +1488,9 @@ rm -rf %{buildroot}
 %{_mandir}/man8/pam_winbind.8*
 
 %changelog
+* Fri Oct 11 2013 - Andreas Schneider <asn@redhat.com> - 4.1.0-1
+- related: #985609 - Update to Samba 4.1.0.
+
 * Tue Oct 01 2013 - Andreas Schneider <asn@redhat.com> - 2:4.1.0-0.8
 - related: #985609 - Update to Samba 4.1.0rc4.
 - resolves: #1010722 - Split out a samba-winbind-modules package.
diff --git a/sources b/sources
index 7c57abe..be0303a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f956690eda1243ab2b7d54bd1fded747  samba-4.1.0rc4.tar.xz
+0414c344cc0cf68f4fa37d241a6fa004  samba-4.1.0.tar.xz