Samba

Blog

2017-07-12

SAMBA+ Security Releases: 4.6.6, 4.5.12 and 4.4.15 packages available

SAMBA+ 4.6.6, 4.5.12 and 4.4.15 have just been released. These are important security releases, please update affected systems as soon as possible! The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The releases address the following issue:

  • CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass

    A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data.

Details:

  • All versions of Samba from 4.0.0 include an embedded copy of Heimdal Kerberos. Heimdal has made a security release, which disclosed:

    • CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

      This is a critical vulnerability. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks.

      Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

      See www.orpheus-lyre.info for more details.

    The impact for Samba is particularly strong for cases where the Samba DRS replication service contacts another DC requesting replication of user passwords, as these could then be controlled by the attacker.

Updates for the new SAMBA+ 4.7 preview packages will follow. Please note that SAMBA+ preview packages are intended for test purposes only.

 

2017-07-06

New SAMBA+ version 4.5.11 and package updates for 4.6.5

SAMBA+ 4.5.11 and new sets of 4.6.5 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

The release notes for 4.5.11 are available here:

www.samba.org/samba/history/samba-4.5.11.html

The new 4.6.5 packages include:

  • the fix for bug 10490. This avoids smbd crashes, which are related to the "kerberos method = secrets and keytab" smb.conf option.
  • improvements for systemd's systemctl redirection for RHEL and CentOS 7 init scripts.

 

2017-06-15

SAMBA+ for openSUSE Leap 42 and Debian 9 Stretch

SerNet now provides SAMBA+ 4.6.5 for openSUSE Leap 42 and the upcoming Debian 9 Stretch.

Besides this latest addition to the SAMBA+ family, a wide range of SAMBA+ packages for various platforms is available. Supported are:

  • RHEL 6
  • CentOS 6
  • RHEL 7
  • CentOS 7
  • SLES 11
  • SLES 12
  • openSUSE 11.1
  • openSUSE 12.1
  • openSUSE 12.2
  • openSUSE 12.3
  • openSUSE 13.1
  • openSUSE 13.2
  • openSUSE Leap 42
  • Debian 7 (wheezy)
  • Debian 8 (jessie)
  • Debian 9 (stretch)
  • Ubuntu 12.04 LTS (precise)
  • Ubuntu 14.04 LTS (trusty)
  • Ubuntu 16.04 LTS (xenial)
  •  

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

2017-06-06

SAMBA+ 4.6.5 Available for Download

New SAMBA+ 4.6.5 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

2017-05-29

New SAMBA+ packages: Updates for 4.5.10

SerNet provides new sets of SAMBA+ 4.5.10 packages. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a smbd crash bug #12798. Only versions 4.5.9-16 and 4.5.10-16 are affected by this bug.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

2017-05-24

SAMBA+ Security Releases: 4.6.4, 4.5.10 and 4.4.14 packages available

SAMBA+ 4.6.4, 4.5.10 and 4.4.14 have just been released. These are very important security releases, please update affected systems (Samba 3.5.0 and newer) immediately! The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The releases address the following issue:

  • CVE-2017-7494: Remote code execution from a writable share (aka "SambaCry")

    All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

2017-05-18

SAMBA+ 4.5.9 Available for Download

New SAMBA+ 4.5.9 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

2017-04-25

SAMBA+ 4.6.3 Available for Download

New SAMBA+ 4.6.3 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

Please note that we skipped the last upstream Samba versions, because we did provide packages based on the same code before the official release. E.g. SAMBA+ 4.6.1-6 includes the regression fix which the official Samba 4.6.2 was made for. The same applies to Samba 4.5 and 4.4.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

2017-04-02

sambaXP 2017 in GΓΆttingen

sambaXP 2017 is the 16th event of the yearly Samba show and a nice anniversary if written in hex: 0x10 :-) The schedule is fully packed with talks from the international samba team, from customers with user experience reports and vendors that integrate Samba into their products.

The complete schedule has been published on sambaXP.org. Registration is open for the conference on Wednesday and Thursday and an optional Tutorial with Stefan Kania on Tuesday to refresh your Samba skills.

This year's conference again is about the progress and future roadmap of Samba - but also the time to look back on the existing code: After a first analysis Samba is not vulnerable regarding the Shadow Broker attacks - but even besides this annoying facts there are bugs and other challenges in Samba to report about.

The organisers at SerNet love to report that Google, Microsoft and Red Hat again appear as partners and sponsors of sambaXP. With their support all Samba team members can attend the show for free and students and other younger folks can be given cost reducing grants.

This conference is dedicated to Lars MΓΌller, who died in 2016 after long illness. He was a long term Samba Team member, a good friend of many people at SerNet and a diligent sambaXP participant.

2017-03-29

New SAMBA+ packages: Updates for 4.6.1, 4.5.7 and 4.4.12

SerNet provides new sets of SAMBA+ 4.6.1, 4.5.7 and 4.4.12 packages. These packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The fixes for the recent security issue CVE-2017-2619 introduced a regression, which affects shares using the option "follow symlinks = no".

In addition to the "follow symlinks" regression, the new 4.6.1-6 packages address the following issues:

  • Bug #12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case
  • Bug #12554: The kerberos client should not only rely on automatic cross-realm referrals
  • Bug #12704: smbclient should not print an error if kerberos is not enforced
  •  

From now on, Debian users can use the 'apt-get changelog sernet-samba' command to show the changelog file, which is stored in all new repositories.

Starting with 4.6.1, you can use the 'pam-auth-update' Debian command to enable pam winbind authentication on your Samba servers.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-23

SAMBA+ 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download

New SAMBA+ 4.6.1, 4.5.7 and 4.4.12 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address the following defect:

  • CVE-2017-2619: Symlink race allows access outside share definition

    All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

    Samba uses the realpath() system call to ensure when a client requests access to a pathname that it is under the exported share path on the server file system.

    Clients that have write access to the exported part of the file system via SMB1 unix extensions or NFS to create symlinks can race the server by renaming a realpath() checked path and then creating a symlink. If the client wins the race it can cause the server to access the new symlink target after the exported share path check has been done. This new symlink target can point to anywhere on the server file system.

    This is a difficult race to win, but theoretically possible. Note that the proof of concept code supplied wins the race reliably only when the server is slowed down using the strace utility running on the server. Exploitation of this bug has not been seen in the wild.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-16

New SAMBA+ version: SerNet releases 4.6.0 packages

SAMBA+ 4.6.0 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

This is the first release of the Samba 4.6 release series. Please test thoroughly before upgrading and read the release notes carefully!

SerNet's SAMBA+ packages additionally include the following fixes:

  • Bug #12624: Memory leak in pthreadpool
  • Bug #12613: idmap autorid only creates new ranges after a successful authentication of any user in new domain
  •  

With the release of Samba 4.6.0, Samba 4.3 has been marked as discontinued. This means that Samba 4.3 will not receive any further updates.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-16

SAMBA+ 4.4.11 Available for Download

New SAMBA+ 4.4.11 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-10

SAMBA+ 4.5.6 Available for Download

New SAMBA+ 4.5.6 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-08

New SAMBA+ packages: Updates for 4.3.13

SerNet provides new sets of SAMBA+ 4.3.13.

The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The new packages address the following issue:

  • Bug #12262: 'net ads testjoin' and smb access fails after winbindd changed the trust password

With the release of Samba 4.6.0 yesterday, Samba 4.3 has been marked as discontinued. This means that Samba 4.3 will not receive any further updates. Please update affected systems to a more recent version.

SAMBA+ 4.6 packages will be available soon.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-03

New SAMBA+ packages: Updates for 4.5.5 and 4.4.10 packages

SerNet provides new sets of SAMBA+ 4.5.5 (4.5.5-14 RPMs and DEBs) and 4.4.10 (4.4.10-38 RPMs and 4.4.10-22 DEBs) packages to address several bugs.

The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The 4.5.5 packages address the following issues:

  • Bug #12262: 'net ads testjoin' and smb access fails after winbindd changed the trust password
  • Bug #12577: 'samba-tool dbcheck' gives errors on one-way links after a rename
  • Bug #12585: NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE mismatch for DCERPC_NCA_S_FAULT_INVALID
  • Bug #12586: netlogon_creds_cli_LogonSamLogon doesn't work without netr_LogonSamLogonEx
  • Bug #12587: winbindd child segfaults on connect to an NT4 domain
  • Bug #12588: cm_prepare_connection may return NT_STATUS_OK without a valid connection
  • Bug #12591: vfs_streams_xattr: use fsp, not base_fsp
  • Bug #12600: dbcheck does not find or fix dangling links on live objects
  • Bug #9048: Samba4 ldap error codes

The 4.4.10 packages address the following issue, which has been introduced with the last 4.4.10 release:

  • Bug #12605: Winbindd endless looping in forest trust scan

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

2017-03-01

SAMBA+ 4.4.10 Available for Download

New SAMBA+ 4.4.10 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2017-02-06

SAMBA+ 4.5.5 Available for Download

 

New SAMBA+ 4.5.5 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages solve a service restart issue, which occurred on some systems after a SAMBA+ package update. Affected systems were SUSE Linux Enterprise Server 12 and possibly others.

Additionally SAMBA+ 4.5.5 includes the fix for bug 12427, which affects the fruit vfs module.

Further addressed issues are listed in the Samba release history.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

 

2017-01-18

SAMBA+ 4.5.4 Available for Download

New SAMBA+ 4.5.4 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2017-01-04

SAMBA+ 4.4.9 Available for Download

New SAMBA+ 4.4.9 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-12-22

SAMBA+ with a new GlusterFS package

After releasing new packages fΓΌr SAMBA+ 4.5.3 SerNet's Samba team added a new package to SAMBA+, enabling users to configure and run a GlusterFS based cluster with SAMBA+.

GlusterFS is an OpenSource scale-out network-attached storage file system, initiated in 2005 by Z Research and acquired by Red Hat in 2011. The GlusterFS packages for SAMBA+ are available for SAMBA+ Linux platforms like CentOS, Debian and others - with the exception of SUSE Linux.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-12-19

SAMBA+ 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download

New SAMBA+ 4.5.3, 4.4.8 and 4.3.13 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address the following defects:

  • CVE-2016-2123: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability
  • CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
  • CVE-2016-2126: Flaws in Kerberos PAC validation can trigger privilege elevation

Please have a look at the release notes for more information:

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-12-07

SAMBA+ 4.5.2 Available for Download

New SAMBA+ 4.5.2 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. Have a look at the release notes for more information.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-11-22

New SAMBA+ packages: Updates for 4.5.1 and 4.4.7 packages

 

SerNet provides new sets of SAMBA+ 4.5.1 (4.5.1-8 RPMs and debs) and 4.4.7 (4.4.7-35 RPMs and 4.4.7-22 debs) packages to address several bugs.

The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The 4.5.1 packages address the following issues:

  • Bug #12399: replmd_update_rpmd_rdn_attr doesn't normalize rdn attribute name
  • Bug #12423: Avoid debug noise on successful updates
  • Bug #10297: REGRESSION: Writing to a directory with -wx permissions on a share fails with ACCESS_DENIED
  • Bug #12372: ctdb: Fix bad free in ctdbd_migrate()
  • Bug #12392: CTDBD child processes keep running at high priority on RHEL6 and RHEL7
  • Bug #12422: loopback addresses get registered in DNS
  • libcli: Increase the debug level for expired tickets

The 4.4.7 packages address the following issues:

  • Bug #12423: Avoid debug noise on successful updates
  • Bug #10297: REGRESSION: Writing to a directory with -wx permissions on a share fails with ACCESS_DENIED
  • Bug #12372: ctdb: Fix bad free in ctdbd_migrate()
  • Bug #12392: CTDB child processes keep running at high priority on RHEL6 and RHEL7
  • Bug #12422: loopback addresses get registered in DNS
  • libcli: Increase the debug level for expired tickets

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-11-04

New SAMBA+ version: SerNet releases 4.3.12 packages

 

SAMBA+ 4.3.12 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

Please note that this is the last bug-fix release of the Samba 4.3 release series. There will be only security release beyond this point. You should upgrade to a maintained version as soon as possible. Please see Release Planning for details.

These packages address a lot of issues, which are listed in the Samba Release Notes.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-10-26

SerNet releases new SAMBA+ 4.5.1 and 4.4.7 packages

SAMBA+ 4.5.1 and 4.4.7 have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now. These packages address a lot of issues, which are listed in detail in the Samba release history:

Release Notes Samba 4.5.1

Release Notes Samba 4.4.7

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-10-18

SerNet releases new SAMBA+ 4.5.0, 4.4.6 and 4.3.11 packages

New SAMBA+ 4.5.0, 4.4.6 and 4.3.11 packages have just been released by SerNet. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

The 4.5.0 packages address the following issues:

  • Bug #12369 kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred
  • Bug #12045 samba cannot allocate memory
  • Bug #12268 Files opened with O_NONLOCK can return ETIMEDOUT on pread
  • Bug #12261 Set FILE_ATTRIBUTE_DIRECTORY as necessary if the VFS module doesn't do it
  • Bug #12285 "DriverVersion" registry backend parsing incorrect in spoolss
  • Bug #8618 nt_printing_migrate writes path to driver files into registry
  • Bug #10297 REGRESSION: Writing to a directory with -wx permissions on a share fails with ACCESS_DENIED, fixes loading of roaming profiles
  • Bug #12275 ctdb_recovery_helper crashes
  • Bug #12259 CTDB recovery does not complete on big-endian ppc64
  • Bug #12374 spoolss: Fix caching of printername->sharename

The 4.4.6 packages address the following issues:

  • Bug #12369 kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred
  • Bug #12045 samba cannot allocate memory
  • Bug #12285 "DriverVersion" registry backend parsing incorrect in spoolss
  • Bug #8618 nt_printing_migrate writes path to driver files into registry
  • Bug #10297 REGRESSION: Writing to a directory with -wx permissions on a share fails with ACCESS_DENIED, fixes loading of roaming profiles
  • Bug #12374 spoolss: Fix caching of printername->sharename

The 4.3.11 packages address the following issues:

  • Bug #12369 kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred
  • Bug #11992 Overwriting hidden files fails
  • Bug #12021 smbd Crashing (Signal 4) on File Delete
  • Bug #12016 cleanupd terminates main smbd on exit
  • Bug #12105 smbclient connection to not reachable IP eats 100% CPU
  • Bug #12005 parse_share_modes() chokes on ctdb tombstone record from ltdb
  • Bug #12129 let samba-tool ldapcmp ignore whenChanged
  • Bug #12154 Don't print the machine account password into the log
  • Bug #12139 Race between break oplock and check for share_mode
  • Bug #12268 Files opened with O_NONLOCK can return ETIMEDOUT on pread
  • Bug #12045 samba cannot allocate memory
  • Bug #12285 "DriverVersion" registry backend parsing incorrect in spoolss
  • Bug #8618 nt_printing_migrate writes path to driver files into registry
  • Bug #11994 smbclient fails to connect to Azure or Apple share spnego fails with no mechListMIC
  • Bug #12374 spoolss: Fix caching of printername->sharename

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-09-30

SerNet releases SAMBA+ 4.4.6

SAMBA+ 4.4.6 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now. SAMBA+ 4.4.6 packages address a lot of issues, which are listed in the Samba release history.

These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

 

 

2016-09-16

SAMBA+ 4.5.0 Available for Download

SAMBA+ 4.5.0 has just been released. This is the first stable SAMBA+ release of SerNets Samba 4.5 release series. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

With this release, Samba 4.2 release series is discontinued and will no longer receive updates or security fixes.

UPGRADING NOTES:
NTLMv1 authentication is now disabled by default. This have impact to very old clients which doesn't support NTLMv2. Moreover, NTLMv2 authentication is only allowed within extended security (NTLMSSP).

NEW FEATURES/CHANGES:
The new Samba 4.5 release series includes a large number of improvements and new features. They are all listed in the Release Notes. Additionally, the new SAMBA+ packages contain fixes for the CTDB bugs #12244 and #12254.

KNOWN ISSUES:
The sernet-samba-ad package conflicts with the current version of libtdb package in Red Hat Enterprise Linux 6.7. The libtdb package with the version 1.3.8-1.el6_7 and the sernet-samba-ad package can not be installed on one system at the same time: RedHat bug #1328195.

ABOUT SAMBA+:
SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at shop.samba.plus. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO (oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.5.0 packages are included in existing subscriptions.

 

 

2016-08-30

SAMBA+ 4.4.5 for Ubuntu 16.04 LTS

SerNet now provides SAMBA+ 4.4.5 for Ubuntu 16.04 LTS (Xenial Xerus). These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.

Besides this latest addition to the SAMBA+ family, a wide range of SAMBA+ packages for various platforms is available. Supported and included in a subscription are packages for:

  • RHEL 6
  • CentOS 6
  • RHEL 7
  • CentOS 7
  • SLES 11
  • SLES 12
  • OpenSUSE 11.1
  • OpenSUSE 12.1
  • OpenSUSE 12.2
  • OpenSUSE 12.3
  • OpenSUSE 13.1
  • OpenSUSE 13.2
  • Debian 7 (wheezy)
  • Debian 8 (jessie)
  • Ubuntu 12.04 LTS (precise)
  • Ubuntu 14.04 LTS (trusty)
  • Ubuntu 16.04 LTS (xenial)

Please note that the SAMBA+ packages do not install systemd services. The packages rely on the systemd-sysv-generator - Unit generator for SysV init scripts - which generates wrapper .service scripts automatically. This is a common solution, which is also used by many other native Ubuntu services.Starting with this release, SerNet switches the GPG signatures of all SAMBA+ 4.4 package repositories for Debian and Ubuntu to the stronger SHA-512. All supported systems are compatible with the new signatures. No changes on the repository configuration are needed.

 

 

2016-07-11

15. sambaXP in retrospect: Audio recordings and slides

From May 10th - 12th 2016 the 15th SAMBA eXPerience took place. The conference was hosted by SerNet and the international Samba Team. Audio recordings and slides of the presentations are now available at www.sambaxp.org.

This year the sambaXP made it to Berlin for the first time. Despite of the new venue the event was a meeting point for developers and users from around the world which was also reflected in the variety of topics: Stefan Metzmacher kicked off the conference with a deep insight into Badlock (audio / slides), while Denis Cardon told "Samba 4-AD, it works: stories of battles fought and won" (audio / slides). Cardons lecture is a proven toolbox to prepare and execute the migration of large networks to Samba4-AD.

 

 

2016-07-07

Security Releases: SAMBA+ 4.4.5, 4.3.11 and EnterpriseSAMBA 4.2.14

SAMBA+ 4.4.5 and 4.3.11 and EnterpriseSAMBA 4.2.14 have just been released. These are security releases, please update affected systems as soon as possible. The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following security issue:

  • CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)

For more information about the security issues, please visit:

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.4.5 and 4.3.11 packages are included in existing subscriptions.

SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via https://portal.enterprisesamba.com for free. Please note that users don't have to register anymore to be able to access the packages, but instead can use a public user

 

 

2016-07-04

New SAMBA+ 4.4.4 packages

SerNet provides a new set of SAMBA+ 4.4.4 packages (4.4.4-29 RPMs and 4.4.4-16 debs). These packages contain an additional vfs module (vfs_ring) which provides an efficient "get_real_file_name" operation. Updating to this version is only necessary if you are going to use this vfs module.

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.  The new SAMBA+ 4.4.4 packages are included in existing subscriptions.

 

 

2016-06-30

New SAMBA+ 4.4.4 packages

SerNet provides a new set of SAMBA+ 4.4.4 (4.4.4-28 RPMs and 4.4.4-15 debs) and 4.3.10 (4.3.10-27 RPMs and 4.3.10-14 debs) packages. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following bugs:

  • BUG 11982: Invalid auth_pad_length is not ignored for BIND_* and ALTER_* pdus
  • BUG 11948: Total dcerpc response payload more than 0x400000

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.  The new SAMBA+ 4.4.4 packages are included in existing subscriptions.

 

 

2016-06-07

New SAMBA+ version: SerNet releases 4.4.4 packages

SAMBA+ 4.4.4 has just been released by the Samba team at SerNet. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a lot of issues, which are listed in the Samba 4.4.4 release history.

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.  The new SAMBA+ 4.4.4 packages are included in existing subscriptions.

 

 

2016-05-26

New SAMBA+ and EnterpriseSAMBA packages

SerNet provides a new set of SAMBA+ 4.4.3 (4.4.3-27 RPMs and 4.4.3-14 debs), 4.3.9 (4.3.9-26 RPMs and 4.3.9-13 debs) and EnterpriseSAMBA 4.2.12 (4.2.12-22 RPMs and 4.2.12-10 debs) packages. These packages contain fixes for regressions introduced in the last security releases. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following regressions:

  • BUG 11910: New install 4.4.3 from sources fails smbclient test.
  • BUG 11912: NTLM Authentication issue.
  • BUG 11914: NTLM Authentication issue with squid.

Additionally,these packages add:

  • Support for smartcard offline logins (4.4 only)
  • Fix for secure DNS updates (bug #11520) (4.3 and 4.4 only)

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.4.3 and 4.3.9 packages are included in existing subscriptions.

SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via https://portal.enterprisesamba.com for free. Please note that users don't have to register anymore to be able to access the packages, but instead can use a public user.

 

 

2016-05-03

New SAMBA+ versions: SerNet releases 4.4.3 and 4.3.9 packages

SAMBA+ 4.4.3 and 4.3.9 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now. These packages address the following regressions introduced with the last security release:

  • BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
  • BUG 11847: Only validate MIC if "map to guest" is not being used.
  • BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego option for testing.
  • BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
  • BUG 11858: Allow anonymous smb connections.
  • BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
  • BUG 11872: Fix 'wbinfo -u' and 'net ads search'.

Several other issues are addressed also. For more details, please see:

Additionally, SAMBA+ 4.4 provides a new feature: If samba is running as an active directory domain controller, it is possible to store cleartext passwords in a PGP/GnuPG encrypted form. This offers the option to import the passwords of other authentication systems later or to sync with another system, e.g. an OpenLDAP server. More documentation will be published soon at samba.plus.

In addition to the upstream Samba fixes, SAMBA+ 4.3 packages contain a backport of the cleanup daemon. This might be useful in cluster setups to avoid smbd from stopping because of CTDB recoveries.

With this release, we remove Data Management API (DMAPI) support and the depending tsmsm VFS module in our Debian based packages. DMAPI support was not available in our RPM packages.

Please note that these packages change the behaviour for anonymous CIFS Linux Kernel mounts. There is a bug in the cifs module that prohibits mounting shares when using the guest option. On Samba file servers you can work around this issue by setting the option "map to guest = bad user" in your smb.conf. See the bug #11889 for more information.

 

 

 

2016-04-21

New SAMBA+ version: SerNet releases 4.4.2 packages

SAMBA+ 4.4.2 has just been released. This is the first stable release of Samba 4.4 published by SerNet. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

New SAMBA+ Feature

SAMBA+ 4.4.2 is built with Spotlight support for OS X clients (new additional package sernet-samba-spotlight). It enables OS X clients to search indexed files on the Samba server using their native Spotlight search. This feature is available for RHEL 7, SLES 12, Debian and Ubuntu. Detailed instructions on how to configure the server are listed in the Samba Wiki (Spotlight). 

New Features / Changes

Since this is the first release of the SAMBA+ 4.4 release series there are a lot of new features and changes. Please consult the Samba 4.4.0 Release History for detailed information.

SAMBA+ 4.4 packages are not available for Debian Squeeze (6) and Ubuntu Lucid (10.4) - also future SAMBA+ release series won't be available for these distributions. 

Security Release 

SAMBA+ 4.4.2 packages include all relevant updates to address the following security issues:

The security updates include new smb.conf options and a number of stricter behaviours to prevent Man in the Middle attacks. Between these changes, compatibility with a large number of older software versions has been lost in the default configuration.

For more information about the related behaviour changes and the security issues please visit:

About SAMBA+

Starting with Samba 4.3 SerNet's Samba packages are available as software subscription under the label SAMBA+. They can be purchased at the SAMBA+ Shop. Detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.4.2 packages are included in existing subscriptions.

 

 

2016-04-12

SAMBA+ and EnterpriseSAMBA Security Releases: 4.3.8 and 4.2.11 packages available

SAMBA+ 4.3.8 and EnterpriseSAMBA 4.2.11 have just been released. These are security releases. Please update your systems as soon as possible.

We decided to shift the release of the SAMBA+ 4.4 release series since we do not want to mix up a new feature set with this security release. However SAMBA+ 4.4.2 packages will be released in a matter of days.

The SAMBA+ 4.3.8 and EnterpriseSAMBA 4.2.11 packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

Please note that Samba 4.1.X and older versions are also affected by the issues fixed with this release but are not supported anymore. We strongly recommend to upgrade to a recent version at your earliest convenience.

The packages address the following issues:

The security updates include new smb.conf options and a number of stricter behaviours to prevent Man in the Middle attacks. Between these changes, compatibility with a large number of older software versions has been lost in the default configuration.

For more information about the related behaviour changes and the security issues please visit:

Starting with Samba 4.3 SerNet's Samba packages are available as software subscription under the label SAMBA+. They can be purchased at the SAMBA+ Shop. Detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. SAMBA+ 4.4.1 and 4.3.7 will be included in existing subscriptions.

SerNet's Samba 4.2 packages - including the Samba 4.2.11 security release – will be maintained as EnterpriseSAMBA and distributed via https://portal.enterprisesamba.com for free. Please note that users don't have to register anymore to be able to access the packages, but instead can use a public user.

 

 

2016-03-31

SAMBA+ 4.4.1 and Security Releases

Update: We decided to shift the release of the SAMBA+ 4.4 release series since we do not want to mix up a new feature set with this security release. However SAMBA+ 4.4.2 packages will be released in a matter of days.

The Samba Team released the latest stable version of the 4.4 release series. Therefore SAMBA+ packages for the 4.4 release series will be published as well. However, packages for 4.4 will be available starting with version 4.4.1 – they will be released on April 12th, 2016 and will already include the "badlock patch" (see http://badlock.org). Security releases for SAMBA+ 4.3 and EnterpriseSAMBA 4.2 will also be issued on April 12th around 17:00 UTC.

The packages will be available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

Starting with Samba 4.3 SerNet's Samba packages are available as software subscription under the label SAMBA+. They can be purchased at the SAMBA+ Shop. Detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. SAMBA+ 4.4.1 and 4.3.7 will be included in existing subscriptions.

SerNet's Samba 4.2 packages - including the upcoming Samba 4.2.10 security release – will be maintained as EnterpriseSAMBA and distributed via https://portal.enterprisesamba.com for free.

 

 

2016-03-22

Severe bug announcement: Badlock is coming

On April 12th, 2016 SerNet, the Samba Team and Microsoft will disclose a severe bug that affects almost all versions of Microsoft Windows and Samba. The bug is called "Badlock". Due to the fundamental functions that are affected by the bug there will be no detailed information prior to the release of fixes by Microsoft and the Samba Team. More information will be available at http://badlock.org β€“ the page will receive updates regularly. SysAdmins should mark the release date already.

Badlock has been discovered, analyzed and fixed by Stefan Metzmacher, a renowned member of the international Samba core developer team. He notified Microsoft about his findings and a consecutive strong collaboration lead to fixes for both platforms. Patches are currently reviewed and prepared for release, including SerNet's special SAMBA+ offering (see http://samba.plus). Please check http://badlock.org during the next weeks for information on which versions will get patches.

SerNet, the Samba Team and Microsoft agreed on the joint release date April 12th, 2016. The Badlock bug will entail exploits soon after being exposed. The coordinated efforts are meant to ensure a reasonable time to get the maximum number of systems repaired in short time.

 

 

2016-03-08

SAMBA+ and EnterpriseSAMBA Security Releases: 4.3.6, 4.2.9 and 4.1.23 packages available

SAMBA+ 4.3.6 and EnterpriseSAMBA 4.2.9 and 4.1.23 have just been released. These are security releases published by SerNet, please update affected systems as soon as possible. The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following issues:

  • CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
  • CVE-2016-0771 (Out-of-bounds read in internal DNS server)

For more information about the security issues, please visit:

Please note that we have introduced a new package dependency with the release of SAMBA+ 4.3.5 to

  • m2crypto on RedHat based systems
  • python-crypto on all other systems

This is needed for the "samba-tool domain trust" command, which is part of the sernet-samba-ad package.

On Debian based systems, you might have to upgrade with "apt-get dist-upgrade" instead of "apt-get upgrade" in order to upgrade to the new version.

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.6 packages are included in existing subscriptions.

SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via https://portal.enterprisesamba.com for free. Please note that users don't have to register anymore to be able to access the packages, but instead can use a public user.

 

 

2016-02-24

New SAMBA+ version: SerNet releases 4.3.5 packages

SerNet's SAMBA+ 4.3.5 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a lot of issues, which are listed in the release history for Samba 4.3.5.

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ Shop, detailed information and prices are listed there.

The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.5 packages are included in existing subscriptions.

 

 

2016-02-03

EnterpriseSAMBA 4.2.8 packages available

SerNet's EnterpriseSAMBA 4.2.8 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at the EnterpriseSAMBA portal.

These packages address a lot of issues, which are listed in the release history for Samba 4.2.8.

Please note that SerNet's 4.2 packages and older versions will still be
maintained as EnterpriseSAMBA and distributed via portal.enterprisesamba.com for free. Users don't even have to register anymore to be able to access the packages, but instead can use a public user. Starting with Samba 4.3 SerNet's packages are published as SAMBA+, available as software subscription. They can be purchased at the SAMBA+ shop. Detailed information and prices are listed at the SAMBA+ Shop.

 

2016-01-25

sambaXP moves to Berlin – Call for Papers and ticket sales are under way

From May 10th to 12th 2016 the SerNet GmbH and the international Samba Team will host the SAMBA eXPerience. The 15th edition of the conference comes along with an innovation: For the first time Berlin will be the place for developers and users from around the world to meet. Sale of "Early Bird" tickets has started already.

"By moving our long established conference to Berlin, we're experimenting a little and looking forward to it", says Chen-Yu Lin, event manager at SerNet. Additionally the organizing committee meets with a wish expressed by the participants. Lin: "Most of our guests have a long journey ahead of them in order to attend the sambaXP. Berlin makes it easier for them and – as an overall attractive venue – may garner additional interest from new participants." The conference hotel RAMADA Berlin Alexanderplatz (Karl-Liebknecht-Str 32nd , 10178 Berlin) is centrally located and "moreover, it is very close to SerNet's Berlin offices", says Lin.

The "Call for Papers" section at  sambaxp.org offers all information about the conference topics and more details. Abstracts can be submitted until February 29th. Technical presentations are welcome as are case studies. The conference language is English. However, the organizing team would be glad to see submissions in German or any other language as well.

"Early Bird" tickets for the two conference days are available at 399 Euros until February 29th. As usual the sambaXP kicks off on Tuesday (May 10th) with a tutorial: Tickets for "Managing Samba 4 as domain controllers and Implementing domain trusts" are priced 450 Euro.

John Terpstra is chairman of the sambaXP 2016 again. He is a founding member of the international Samba Team and highly respected author. 

 

 

2016-01-13

New SAMBA+ version: SerNet releases 4.3.4 packages

SAMBA+ 4.3.4 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a lot of issues, which are listed in the Samba release history:

Additionally, the SerNet packages are built with tar mode support now. That means that e.g. smbclient is able to create tar files again.

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop where detailed information and prices are listed. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.3 packages are included in existing subscriptions.

 

 

2015-12-16

SAMBA+ and EnterpriseSAMBA Security Releases: 4.3.3, 4.2.7 and 4.1.22 packages available

SAMBA+ 4.3.3 and EnterpriseSAMBA 4.2.7 and 4.1.22 have just been released. These are security releases, please update affected systems as soon as possible. The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following issues:

  • CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
  • CVE-2015-3223 (Denial of service in Samba Active Directory server)
  • CVE-2015-5252 (Insufficient symlink verification in smbd)
  • CVE-2015-5299 (Missing access control check in shadow copy code)
  • CVE-2015-5296 (Samba client requesting encryption vulnerable to downgrade attack)
  • CVE-2015-8467 (Denial of service attack against Windows Active Directory server)
  • CVE-2015-5330 (Remote memory read in Samba LDAP server)

In addition to the security patches SerNet's packages include one additional patch that fixes a crash bug in the file server:

  • Crash: Bad talloc magic value - access after free (bug #11394)

For more information about the security issues visit:

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop where detailed information and prices are listed. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.3 packages are included in existing subscriptions.

SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via https://portal.enterprisesamba.com for free. Please note that users don't have to register anymore to be able to access the packages, but instead can use a public user.

 

 

2015-12-03

SAMBA+ 4.3.2 packages available

SAMBA+ 4.3.2 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a lot of issues, which are listed in the Samba release history:

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed there. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO: Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.2 packages are included in existing subscriptions.

 

 

2015-10-28

EnterpriseSAMBA 4.2.5 packages available

SerNet's Samba 4.2.5 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at the EnterpriseSAMBA portal.

These packages address a lot of issues, which are listed in the release history for Samba 4.2.5.

Please note that SerNet's 4.2 packages and older versions will still be
maintained as EnterpriseSAMBA and distributed via portal.enterprisesamba.com for free. Users don't even have to register anymore to be able to access the packages, but instead can use a public user. Starting with Samba 4.3 SerNet's packages are published as SAMBA+, available as software subscription. They can be purchased at the SAMBA+ shop. Detailed information and prices are listed at the SAMBA+ Shop.

 

 

2015-10-23

New SAMBA+ version: SerNet releases 4.3.1 packages

SAMBA+ 4.3.1 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a lot of issues, which are listed in the Samba release history.

Additionally SerNet's SAMBA+ packages fix another bug (bug 11327):

 "Running an AD member server based on Samba 4.2 or 4.3 is unstable if
 the domain is hosted by a Samba 4.0 or 4.1 based AD DC."

SAMBA+ packages now include the Snapper VFS module. From the vfs_snapper man page:

 "The vfs_snapper VFS module exposes snapshots managed by snapper for
 use by Samba. This provides the ability for remote SMB clients to
 access shadow-copies via Windows Explorer using the "previous
 versions" dialog.
 Snapshots can also be created and remove remotely, using the File
 Server Remote VSS Protocol (FSRVP). Snapshot creation and deletion
 requests are forwarded to snapper via DBus."

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop , where you will find detailed information and prices. The subscriptions bought at the SAMBA+ shop are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.1 packages are included in existing subscriptions.  

 

 

2015-10-16

EnterpriseSAMBA 4.1.21 released

SerNet's Samba 4.1.21 has just been released. Packages for various SUSE
and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are
available at the EnterpriseSAMBA portal.

These packages address the following issues:

  • Avoid quoting problems in user's DNs (bug #11488)
  • Logging with an account which has the "User must change password on next logon" flag cause winbindd to use 100% cpu and stop answering request (bug #11038)

This is the last regular bug-fix release of the Samba 4.1 release
series. From now on there will be security releases only. Samba 4.2 will
be continued in maintenance mode. Samba 4.3 is the current stable
release series.

Please note that SerNet's 4.2 packages and older versions will still be
maintained as EnterpriseSAMBA and distributed via
portal.enterprisesamba.org for free. Users don't even have to register
anymore to be able to access the packages, but instead can use a public
user. Starting with Samba 4.3 SerNet's packages are published as SAMBA+,
available as software subscription. They can be purchased at the SAMBA+
shop. Detailed information and prices are listed at the SAMBA+ Shop.

 

 

2015-10-12

SAMBA+ 4.3 released

SerNet's Samba 4.3 packages are available - and SerNet announces some changes that come along with this new version. First of all: Formerly known as EnterpriseSAMBA SerNet's packages are now published as SAMBA+ (read why). Furthermore SAMBA+ 4.3 packages and all later versions are available as software subscription. Starting immediately they can be purchased at the SAMBA+ shop. Detailed information and prices are listed at shop.samba.plus. The subscriptions bought at the SAMBA+ shop are managed at a new platform called OPOSSO (oposso.samba.plus). Users can activate their subscriptions here and manage access credentials.

The major enhancements and new features within SAMBA+ 4.3 are:

  • Client and server support for SMB 3.1.1 - improves the secure negotiation of SMB dialects and features
  • New FileChangeNotify subsystem - with new notify daemon to scale a lot better
  • New id-map module idmap_script - use a script to perform id-mapping
  • New VFS-modules

    • vfs_unityed_media - allow multiple Avid clients to share a network drive
    • vfs_shell_snap - provides shell-script callouts for snapshot handling

  • Logging - support for logging to multiple backends
  • CTDB logging improvements
  • Improved CTDB NFS support
  • Improved sparse file support
  • New smbclient subcommands - server side copy and change notification queries for directories
  • New rpcclient subcommands
  • Improved security with kerberos DCERPC man in the middle detection when using kerberos
  • Improved Knowledge Consistency Checker (KCC) - for large networks
  • Configurable TLS protocol support - disables SSLv3 by default, which is no longer considered secure
  • Samba-tool now supports all 7 FSMO roles
  • Partial (only Kerberos) support for trusted domains (as AD DC) - see full release notes

Please refer to the Samba 4.3 release notes for more details.

As usual packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu. For a detailed list of changes and explanations we recommend to read the official Samba release announcement. The packages address a lot of issues, which are listed in the history.

We already improved the subscription model due to customer feedback. Please do not hesitate to send us your comments and to discuss SAMBA+ with us.

SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via portal.enterprisesamba.com for free. Users don't even have to register anymore to be able to access the packages but instead can use a public user.

 

 

2015-09-14

EnterpriseSAMBA 4.2.4 released

SerNet's Samba team just released EnterpriseSAMBA 4.2.4 packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu. They are available at https://portal.enterprisesamba.com

These packages address a lot of issues, which are listed in the Samba 4.2 history.  

Please note that you no longer need to register to be able to access the packages. To access the download server you just need to login with your username and accesskey or the new public user shown on our EnterpriseSAMBA portal

 

 

2015-09-07

SerNet updates EnterpriseSAMBA to 4.1.20

SerNets EnterpriseSAMBA 4.1.20 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are
available at the Samba portal.

These packages address a lot of issues, which are listed in the Samba history.

Please note that you no longer need to register to be able to access the
packages. To access the download server you just need to login with your
username and accesskey or the new public user shown on
https://portal.enterprisesamba.com

 

 

2015-07-24

SerNet releases EnterpriseSAMBA 4.2.3

SerNets EnterpriseSAMBA 4.2.3 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are
available at the Samba portal.

These packages address a lot of issues, which are listed in the Samba history.http://www.samba.org/samba/history/samba-4.2.3.html

Please note that you no longer need to register to be able to access the
packages. To access the download server you just need to login with your
username and accesskey or the new public user shown on
https://portal.enterprisesamba.com

 

 

2015-07-10

sambaXP: Listen to the 2015 recordings - and save the date for 2016

Recordings and slides of the sambaXP 2015 talks are now available at www.sambaxp.org. In addition there's a date set for the sambaXP 2016 and the Call for Papers already started. 

The 14th Samba eXPerience took place from May 19th - 22nd 2015 and SerNet once again was proud to host it in Goettingen (see article). Samba developers and users from all around the world gathered and put together a divers program with talks like Volker Lendeckes "The past, present and future of Samba messaging" (Audio / Slides) or "Using Samba libraries outside Samba" from Jakub Hrozek (Audio / Slides) - both are now ready to listen to. 

Save the date: sambaXP 2016

While we finished postprocessing the sambaXP 2015, we also started planning the sambaXP 2016. And we already got a date for you to look forward to: May 10th - 12th 2016 is marked in our calendar for the 15th samba eXPerience. We also started the Call for Papers: Until February 28th 2016 we are looking for contributions to the sambaXP 2016. Details and paper registration: www.sambaxp.org/#papers

 

 

2015-06-30

New EnterpriseSAMBA 4.1.19 packages

SerNets Samba team just released the EnterpriseSAMBA packages in version 4.1.19 They  are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu. 

 

The packages are accessible at the EnterpriseSAMBA Portal. They address a lot of issues, which are listed in the Samba release history

 

Please note that you no longer need to register to be able to access the packages. To access the download server you just need to login with your username and accesskey or the new public user shown at the portal.

 

 

 

2015-06-16

Updated: EnterpriseSAMBA 4.2.2

A new set of SerNets EnterpriseSAMBA 4.2.2 packages has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at:

The new packages are also available for Debian 8 Jessie, now.

These packages address the following issues, in addition to the last
SerNet Samba 4.2.2 release:

  • Querying 500 shares from a MMC results in a hanging smbdprocess. (bug 11312)
  • The OS X client kernel panics when doing compound reads from Samba, because it expects the compound read response to be padded to an 8 byte boundary. (bug 11277)
  • smbd crashes if using the MMC to close the connection that the MMC is currently using. (bug 11218)

Please note that you no longer need to register at the EnterpriseSAMBA-Portal to be able to access the packages. To access the download server you just need to login with your username and accesskey or the new public user shown.

 

 

2015-05-29

Enterprise Samba 4.2.2

SerNets Enterprise Samba 4.2.2 is available for download. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at:

These packages address a lot of issues, which are listed here.

Please note that you need to register on the EnterpriseSAMBA-Portal to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password).

 

 

2015-05-21

SerNet Enterprise Samba 4.1.18 and 4.0.26

SerNets Enterprise Samba has just been released in versions 4.1.18 and 4.0.26. This is the last bug-fix release of the Samba 4.0 release series. From now on there will be only security releases. Samba 4.1 will be continued in the maintenance mode. Samba 4.2 is the current stable release series.

The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu:

These packages address a lot of issues listed in the Samba history (for 4.1, for 4.0). For more information about the Samba release system visit the Samba Wiki.

Please note that you need to register on the EnterpriseSAMBA-Portal to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password).

 

 

2015-04-30

Get the App: The 14th sambaXP is starting soon

It's nearly time for SAMBA eXPerience 2015: And for the first time there is an event App available. From May 19th to May 21st SerNet and the international SAMBA Team organise the annual gathering in Goettingen at the Hotel Freizeit In. The schedule is  filled with a variety of lectures and a limited amount of tickets can still be purchased.

The conference starts on Wednesday, May 20th, with the keynote "What Samba needs to do to accomplish user and enterprise requirements. The full agenda is online at http://www.sambaxp.org and integrated in the sambaXP App as well. The App, offered for the first time this year, is designed to make the conference experience as comfortable as possible for the attendants. Information on the sambaXP in general, the schedule as well as abstracts are available and on their fingertips whenever needed. It is online in the PlayStore for Android as well as in the App Store for iOS. 

As usual the real SAMBA experience starts with the tutorials on Tuesday, May 19th, and the Barcamp on Thursday afternoon, May 21st. The tutorials cover the topics "Migration to Samba 4" (German only) and "Interoperability Protocol Test Tools Workshop". They offer all-day know-how transfer and concentrated work on one issue. The final Barcamp on Thursday is an additional opportunity to discuss own Samba topics and to revisit the newly gained impressions from the conference. 

 

 

2015-04-21

EnterpriseSAMBA 4.2.1 is available

SerNets Samba 4.2.1 packages have just been released. This is our first stable release of Samba 4.2.

The major enhancements and new features within Samba 4.2 are:

  • Clustering support, CTDB as a part of Samba
  • vfs_fruit, a VFS module for OS X clients
  • vfs_worm, a VFS module for basic WORM (write once read many) support
  • Transparent File Compression (with btrfs)
  • Previous File Versions with Snapper (with btrfs)
  • Bad Password Lockout in the AD DC
  • Winbindd/Netlogon improvements
  • Winbindd use on the Samba AD DC (instead of internal winbind service)
  • Winbind now requires secured connections
  • Larger IO sizes for SMB2/3 by default
  • SMB2 leases
  • Improved DCERPC man in the middle detection
  • Overhauled "net idmap" command
  • TDB improvements
  • Correct defaults in the smb.conf manpages
  • Consistent behaviour between samba-tool testparm and testparm
  • Smbclient archival improvements
  • Messaging improvements

For a detailed list of changes and explanations we recommend to read the official release announcement.The packages address a lot of issues, which are listed in the history.

Download

Attention! Please verify that your Samba AD DC was not set up using the classic upgrade method. If the classic-upgrade was used, we highly recommend to NOT upgrade to the new 4.2 release. The bug report contains detailed information on this issue.

Packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux, Ubuntu and now also for SLES 12

Please note that you need to register on the Samba portal to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on the portal.

 

 

2015-02-24

Important Security Updates: EnterpriseSAMBA 4.1.17, 4.0.25 and 3.6.25

New EnterpriseSAMBA packages from SerNet are ready to download. The new versions 4.1.17, 4.0.25 and 3.6.25 deal with a critical remote code execution flaw. The EnterpriseSAMBA packages are available for SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

These security releases address:

  • CVE-2015-0240 (Unexpected code execution in smbd).

    All versions of SAMBA from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.

    A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.

Please update affected systems as soon as possible.

The packages are available at

EnterpriseSAMBA Portal. You need to login with your username and accesskey (not password).

 

 

2015-01-21

Enterprise SAMBA 4.0.24 and 4.1.16 Packages available for Download

The EnterpriseSAMBA packages 4.0.24 and 4.1.16 from SerNet have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available:

These are security releases in order to address:

  • CVE-2014-8143: Samba's AD DC allows the administrator to delegate creation of user or computer accounts to specific users or groups. However, all released versions of Samba's AD DC did not implement the additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl attributes.

Please update affected systems as soon as possible.

These packages include one additional patch for:

  • net sam addgroupmem too strict (bug #11051)

In addition to the bug fixes we've fixed some package dependencies in our RPM packages.

To access the packages visit the EnterpriseSAMBA Portal. You need to login with your username and accesskey (not password).

 

 

2015-01-05

Call for Papers for sambaXP 2015: SAMBA 4.2, the universe and everything

From May 19. to May 21. 2015 SerNet GmbH and the international SAMBA team will organize the SAMBA eXPerience in Goettingen at the Hotel Freizeit In. The conference in its 14th edition is again a meeting place for developers and users from around all the world. The "Call for Papers" as well as the sale of the "Early Bird" tickets starts now.

The "sambaXP" is the world's only conference that focuses exclusively on SAMBA. It is therefore an important opportunity for SAMBA users and developers to discuss all SAMBA topics and meet the Core SAMBA team.

With the upcoming release of SAMBA 4.2 (early 2015) sambaXP provides a platform for a lot of topics: The current status of SMB3 implementation, cloud challenges and the latest developments in OpenStack esp. regarding authentication. Like every year Data Management as well as clustering and performance optimization remain the key buzzwords that keep the SAMBA universe busy and are topics for talks we would like to hear at the conference. Also interoperability with AFP file servers, and compatibility with Apple SMB clients are candidates for the agenda. A look at SAMBA 4.3 is promised by the SAMBA team.

Detailed information on the conferences topics is listed in the Call for Papers section on sambaXP.org. Abstracts can be submitted here as well. We are looking for both sides: technical presentations and user reports. The conference language is English; submissions in German are welcome nonetheless.

The "Call for Papers" runs until February 28th.

Until then, early bird tickets for the two-day conference including a BarCamp are available at a reduced rate of 299 Euros. Traditionally, the sambaXP starts on Tuesday, May 19th with tutorials. The tutorial "SAMBA 4 and CTDB" is already available, another tutorial organized by Microsoft can be booked by mid January.

Chairman of the SambaXP 2015 is again John Terpstra. He is a founding member of the SAMBA team and an acclaimed technical writer. The sambaXP 2015 is supported by the sponsors Google, IBM and Microsoft.

 

 

2014-12-04

SerNet SAMBA 4.1.14 released

SerNet Samba 4.1.14 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at:

https://download.sernet.de/packages/samba/4.1/

These packages address a lot of issues, which are listed at:

http://www.samba.org/samba/history/samba-4.1.14.html

Please note that you need to register on https://portal.enterprisesamba.com/ to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on https://portal.enterprisesamba.com/

 

 

2014-11-03

SerNet SAMBA 4.1.13 available

SerNet SAMBA 4.1.13 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at:

https://download.sernet.de/packages/samba/4.1/

The SerNet SAMBA team has also released these packages for Red Hat Enterprise Linux 7 and CentOS 7.

These packages address a lot of issues, which are listed at: http://www.samba.org/samba/history/samba-4.1.13.html

Please note that you need to register on https://portal.enterprisesamba.com/ to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on https://portal.enterprisesamba.com/.

 

 

2014-09-22

SerNet SAMBA 4.0.22 released

Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at:

https://download.sernet.de/packages/samba/4.0/

These packages address the following issues amongst others: 

  • New parameter "winbind request timeout" has been added (bug #3204).

A complete list of changes is available at: http://www.samba.org/samba/history/samba-4.0.22.html

Please note that you need to register on https://portal.enterprisesamba.com/ to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on https://portal.enterprisesamba.com/.

 

 

2014-09-10

SerNet Samba 4.1.12 has just been released

Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at:

https://download.sernet.de/packages/samba/4.1/

These packages address the following issues amongst others:

  • New parameter "winbind request timeout" has been added (bug #3204).
  • Fix smbd crashes when filename contains non-ascii character (bug #10716).

A complete list of changes is available at: http://www.samba.org/samba/history/samba-4.1.12.html

In addition these packages include the fix for:

  • samba-tool ldapcmp reports differences for non-replicated attributes (bug #10788)

Please note that you need to register on https://portal.enterprisesamba.com/ to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on https://portal.enterprisesamba.com/.

 

2014-08-20

Updates for SerNet SAMBA 4.1.11

A new set of SerNet SAMBA 4.1.11 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available as of now. 

These packages address a few issues:

  • Fix bug #10369 - configure flag --without-dmapi is not honored. Due to this fix, the SerNet binary RPMs do not have a dependency on any DMAPI library any more. When rebuilding from the source RPM, by default no DMAPI library is linked, unless "--with dmapi" is passed to rpmbuild.
  • Fix bug #10737 - idmap: irritating level 1 debug message from idmap_init_domain().
  • Fix bug #10741 - VFS gpfs offline bit is flapping. This fixes a long standing problem with Samba serving files from GPFS in combination with "store dos attributes = yes" and "gpfs:winattr = yes". 
  • Partial fix for bug #10749 - Support for DNS_TYPE_TOMBSTONE records. DNS_TYPE_TOMBSTONE records are created, but not periodically cleaned up. The cleanup task will be added in future releases. As DNS tombstone records will now be recycled automatically, this fix will prevent /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,*.ld from growing significantly over time.

Please note: If you upgrade an active directory domain controller from a version prior to 4.1.10 to Samba 4.1.10 or newer, consider that it can take SAMBA several minutes  (or even hours in very large installations) to complete startup due to a re-indexing of the AD database.

In a multi-DC setup, be sure to update the DCs one after another, waiting for one DC to be fully up and running again before updating the next one.

To access the packages  visit the EnterpriseSAMBA Portal. You need to login with your username and accesskey (not password).

 

2014-08-01

SerNet SAMBA 4.0.21 and 4.1.11 Packages available for download

Please note that these are security releases in order to address:

     

  • CVE-2014-3560: SAMBA 4.0.0 to 4.1.10 are affected by a remote code execution attack on unauthenticated nmbd NetBIOS name services
  •  

To access the aforementioned packages you need to register at the EnterpriseSAMBA Portal.

2014-07-29

SerNet SAMBA 4.1.10 Packages available for download

The SerNet SAMBA 4.1.10 Packages have just been released. They are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

The issues addressed are listed here.

Please note that a registration at the EnterpriseSAMBA Portal is necessary in order to access the packages.

2014-07-02

SerNet Samba 3.6.24 Packages Available for Download

Please note that this is a security release in order to address:

2014-06-26

SerNet Samba 4.0.19 and 4.1.9 Packages Available for Download

Please note that these are security releases in order to address:

2014-06-04

SerNet Samba 4.0.18 and 4.1.8 Packages Available for Download

Please note that those bug fix releases also address two minor security issues without being a dedicated security release:

     

  • CVE-2014-0239: dns: Don't reply to replies (bug #10609).
  • CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response (bug #10549).
  •  

2014-04-22

SerNet Samba 4.0.17 and 4.1.7 Packages Available for Download

These packages address a lot of issues, which are listed at:

2014-03-11

Samba 4.1.6, 4.0.16 and 3.6.23 Security Releases Available for Download

These are security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls will remove the ACL on a file or directory when changing owner or group owner.).

 

Please update affected systems as soon as possible.

2014-02-21

SerNet Samba 4.1.5 Packages Available for Download

Samba 4.1.5 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.1/.

These packages fix the following issue amongst others:

     

  • Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork (bug #10358).
  • smbd: Fix memory overwrites (bug #10415).
  •  

2014-02-19

SerNet Samba 4.0.15 Packages Available for Download

Samba 4.0.15 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

These packages address a lot of issues.

Additionally these packages include the fix for:

     

  • dfs: always call create_conn_struct with root privileges (bug #10378).
  •  

2014-01-10

SerNet Samba 4.1.4 and new set of 4.0.14 Packages Available for Download

Samba 4.1.4 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.1/.

These packages fix the following issue amongst others:

     

  • Fix segfault in smbd (bug #10284).
  • Fix SMB2 server panic when a smb2 brlock times out (bug #10311).
  •  

Additionally all new 4.0.14 and 4.1.4 packages for Debian based systems provide now packages to satisfy the dependencies of different other packages.

2014-01-07

SerNet Samba 4.0.14 Packages Available for Download

Samba 4.0.14 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

These packages fix the following issue amongst others:

     

  • Fix segfault in smbd (bug #10284).
  • Fix SMB2 server panic when a smb2 brlock times out (bug #10311).
  •  

2013-12-09

SerNet Enterprise Samba 4.1.3, 4.0.13 and 3.6.22 packages Available for Download.

These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).

Please update affected systems as soon as possible.

Download Samba 3.6.22 packages.
Download Samba 4.0.13 packages.
Download Samba 4.1.3 packages.

2013-11-29

SerNet Samba 3.6.21 Packages Available for Download

This release addresses several issues.

Please refer to the release notes for a full list of bug fixes.

Download Samba 3.6.21 packages.

2013-11-22

SerNet Enterprise Samba 4.1.2 Packages Available for Download.

Samba 4.1.2 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

2013-11-19

SerNet Samba 4.0.12 Packages Available for Download

Samba 4.0.12 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

These packages fix the following issue amongst others:

     

  • RW Deny for a specific user is not overriding RW Allow for a group (bug #10196).
  •  

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-11-13

SerNet Enterprise Samba 4.1.1 Packages Available for Download.

Starting with Samba 4.1.1, SerNet does now provide Samba 4.1 packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu!

Download Samba 4.1.1 packages.

2013-11-11

SerNet Enterprise Samba 4.0.11 and 3.6.20 packages Available for Download.

These are security releases in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory). For more information, please refer to the security advisory.

Please update affected systems as soon as possible.

Download Samba 3.6.20 packages.
Download Samba 4.0.11 packages.

2013-10-30

A new set of SerNet Samba 4.0.10 Packages Available for Download

New Samba 4.0.10 packages have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

These packages fix the following issue:

     

  • Internal Error: Signal 11 PANIC on one of two DCs (bug #10052).
  •  

Additionally, the packages "sernet-samba-libwbclient0" and "sernet-samba-libpam-smbpass" have been removed. The content of theses packages has been merged into the "sernet-samba-libs" package. These changes were needed to fix a dependency loop between "sernet-samba-libwbclient0" and "sernet-samba-libs".

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-10-08

SerNet Samba 4.0.10 Packages Available for Download

Samba 4.0.10 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

Samba 4.0.10 fixes the following issues amongst others:

     

  • NetBIOS related samba process consumes 100% CPU (bug #10158).
  • smbd: Clean up share modes after hard crash (bug #10138).
  • Fix POSIX ACL mapping when setting DENY ACE's from Windows (bug #10162).
  •  

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-08-30

SerNet Samba 4.0.9-5 RPMs and 4.0.9-6 deb Packages Available for Download

Samba 4.0.9-5 RPMs and 4.0.9-6 deb have just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

Samba 4.0.9 fixes the following issues:

     

  • Move gencache.tdb from /var/lock/samba (tmpfs) to /var/cache/samba to avoid removal during reboot (bug #9802).
  • Move tdb files with non-persistent data from /var/lock/samba to /var/cache/samba to avoid crashes caused by small tmpfs partitions.
  •  

The gencache.tdb file includes the server affinity cache and should not be deleted when rebooting. After updating to this version, please stop all Samba services, move /var/lock/samba/gencache.tdb to /var/cache/samba/ and restart the services afterwards. Thank you!

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-08-20

SerNet Samba 4.0.9 Packages Available for Download

Samba 4.0.9 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

Samba 4.0.9 fixes the following issues amongst others:

     

  • Fix crash of Winbind after 'ls -l /usr/local/samba/var/locks/sysvol' (bug #9820).
  • Fix segmentation fault while reading incomplete session info (bug #10003).
  • smbd: Fix a 100% loop at shutdown time (bug #10013).
  •  

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-08-14

SerNet Samba 3.6.18 Packages Available for Download

This release addresses the following issues amongst others:

  • Windows 8 Roaming profiles fail (bug #9678).
  • Linux kernel oplock breaks can miss signals (bug #10064).

Download Samba 3.6.18 packages.

2013-08-05

SerNet Samba 4.0.8, 3.6.17 and 3.5.22 Packages Available for Download

These are security releases in order to address CVE-2013-4124 (Denial of service attack on authenticated or guest connections).

Please update affected systems (Samba 3.0.x - 4.0.7) as soon as possible.

Download Samba 3.5.22 packages.

Download Samba 3.6.17 packages.

Download Samba 4.0.8 packages.

2013-07-02

SerNet Samba 4.0.7 Packages Available for Download

Samba 4.0.7 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at download.sernet.de/packages/samba/4.0/.

Samba 4.0.7 fixes the following issues amongst others:

     

  • Fix a core dump with invalid lock order while opening/editing or copying MS files (bug #9794).
  • Fix crash bug from search of mail= (bug #9967).
  • winbind4: talloc use after free (bug #9832).
  •  

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-06-20

SerNet Samba 3.6.16 Packages Available for Download

This release addresses the following issues:

  • Fix crash bug during Win8 sync (bug #9822).
  • Properly handle Oplock breaks in compound requests (bug #9722).

Download Samba 3.6.16 packages.

2013-06-11

SerNet Samba 4.0.6-3 (deb) packages and 4.0.6-2 (RPMs) have just been released.

These are available at download.sernet.de/packages/samba/4.0/.

These packages fix several issues amongst others:

     

  • ldaps was not working (affects openSUSE packages only).
  • Fix possible leak on domain controllers (bug #9929).
  • is_printer_published GUID retrieval (bug #9900).
  • Only initial signed DNS update for a host works (bug #9559).
  • winbind4: talloc use after free (bug #9832).
  •  

Furthermore, dlz_bind9.so has been added to the sernet-samba-ad package.

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-05-29

Samba4 Training

Heinlein Support does now provide a Samba4 training based on a collaboration with SerNet.

2013-05-29

SerNet Samba 4.0.6-2 Packages for Debian/Ubuntu Available for Download

SerNet Samba 4.0.6-2 packages for Debian/Ubuntu have just been released. These are available at download.sernet.de/packages/samba/4.0/.

Samba 4.0.6-2 fixes an issue with broken shebang lines in some python scripts (e.g. samba_spnupdate, samba_dnsupdate, samba_kcc).

     

  • Broken python shebang e.g. in samba_dnsupdate (bug #9909).
  •  

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-05-22

SerNet Samba 4.0.6-1 Packages Available for Download

Samba 4.0.6-1 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux are available at download.sernet.de/packages/samba/4.0/.

Samba 4.0.6 fixes the following issues amongst others:

     

  • Fix crash during Win8 sync (bug #9822).
  • Fix segfault when loging in with wrong password from w2k8r2 (bug #9834).
  •  

Please note that you need to register on portal.enterprisesamba.com to be able to access the packages. To visit the URL mentioned above directly, you need to login with your username and accesskey (not password) shown on portal.enterprisesamba.com.

2013-05-14

SerNet Samba 4.0.5 Packages Available for Download

SerNet does now provide Samba 4 packages for free. You need to register to be able to download them.

More information on how to install the packages etc. will be available on the web site after logging in.

2013-05-08

SerNet Samba 3.6.15 Packages Available for Download

This release addresses the following issues:

     

  • Fix crash bug in Winbind (bug #9854).
  • Fix "guest ok", "force user" and "force group" for guest users (bug #9746).
  • Fix panic in nt_printer_publish_ads (bug #9830).
  • Fix 'map untrusted to domain' with NTLMv2 (bug #9817).
  •  

With Samba 3.6.14, a regression in Winbind has been introduced. Please see bug #9854 for details.

Updating from 3.6.14 is highly recommended in setups running Winbind.

2013-04-29

SerNet Samba 3.6.14 Packages Available for Download

This release addresses the following issues amongst others:

  • Certain xattrs cause Windows error 0x800700FF (bug #9130).

Download new Enterprise Samba Packages.

2013-03-18

SerNet Samba 3.6.13 Packages Available for Download

This release addresses the following issues amongst others:

  • Fix two resource leaks in winbindd (bug #9684).
  • Unlink after open causes smbd to panic (bug #9571).
  •  

Download new Enterprise Samba Packages.

2013-01-30

Samba 3.6.12 and 3.5.21 Security Releases Available for Download

These are security releases in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT).

Download new Enterprise Samba Packages

2013-01-21

SerNet Samba 3.6.11 Packages Available for Download

This release addresses the following issues amongst others:

  • defer_open is triggered multiple times on the same reques (bug #9196).
  • Fix SEGV wh_n using second vfs module (bug #9471).

Download new Enterprise Samba Packages.

2012-12-17

SerNet Samba4 Appliance v0.6 has just been released

  • The Samba-Package is based on the stable Samba 4.0.
  • New Zarafa AD schema-extension from zcp-7.1.1-37812 imported.
  • Adapted dcpromo script to work with Samba 4.0.
  • Adapted status script to work with Samba 4.0.
  • Further minor improvements and fixes.

Read more

2012-12-17

SerNet Samba 3.5.20 Packages Available for Download

This release addresses the following issues amongst others:

     

  • Fix segfaults in log level = 10 on Solaris (bug #9390).
  • Apply ACL masks correctly when setting ACLs (bug #9236).
  •  

Download new Enterprise Samba Packages

2012-12-10

Samba 3.6.10 Available for Download

This release addresses the following issues amongst others:

     

  • Respond correctly to FILE_STREAM_INFO requests (bug #9460).
  • Fix segfault when "default devmode" is disabled> (bug #9433).
  • Fix segfaults in "log level = 10" on Solaris (bug #9390).
  •  

Download new Enterprise Samba Packages

2012-11-05

SerNet Samba 3.5.19 Packages Available for Download

This release addresses the following issues amongst others:

     

  • Connection to outbound trusted domain goes offline (bug #9016).
  • ACL masks incorrectly applied when setting ACLs (bug #9236).
  • Samba panics if a user specifies an invalid port number (bug #9218).
  •  

Download new Enterprise Samba Packages

2012-10-30

SerNet Samba 3.6.9 Packages Available for Download

This release addresses the following issues amongst others:

  • When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries (bug #9236).
  • Winbind can't fetch user or group info from AD via LDAP (bug #9147).
  • Fix segfault in smbd if user specified ports out of range (bug #9218).

Download new Enterprise Samba Packages

2012-09-24

Samba 3.5.18 Available for Download

This release addresses the following issues amongst others:

  • Fix a smbd crash in reply_lockingX_error (bug #9084).
  • Fix Winbind crashes caused by mis-identified idle clients (bug #9104).
  • Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in

    _pam_winbind_change_pwd() when password is expiring bug #9013).

Download new Enterprise Samba Packages

2012-09-21

SerNet Samba4 Appliance v0.5 has just been released

  • The Samba-Package is based on the new version Samba 4.0 rc1.
  • Adapted dcpromo script to work with Samba4 rc1.
  • Small server status script with link on appliance users desktop.
  • New password complexity check.
  • Samba4 Appliance splash screen for installer.
  • Fixed typos.
  • Further minor improvements and fixes.

Read more

2012-09-17

Samba 3.6.8 Available for Download

This release addresses the following issues amongst others:

  • Crash bug in smbd caused by a blocking lock followed by close (bug #9084).
  • Winbind panic if we couldn't find the domain (bug #9135).

Download new Enterprise Samba Packages

2012-08-13

Samba 3.5.17 Available for Download

This release addresses the following issues amongst others:

  • Typo in set_re_uid() call when USE_SETRESUID selected in configure (bug #9034).
  • Build without ads support (bug #8996).
  • Build on HP-UX (bug #9011).
  • Make vfs_gpfs less verbose in get/set_xattr functions (bug #9022).

Download new Enterprise Samba Packages

2012-08-06

Samba 3.6.7 Available for Download

This release addresses the following issues amongst others:

  • Resolving our own "Domain Local" groups (bug #9052).
  • Migrating printers while upgrading from 3.5.x (bug #9026).

Download new Enterprise Samba Packages

2012-07-02

Samba 3.5.16 Available for Download

This release addresses the following issues amongst others:

  • Possible memory leaks in the Samba master process (bug #8970)
  • Uninitialized memory read in talloc_free()
  • Fix smbd crash with unknown user (bug #8314).

Download new Enterprise Samba Packages

2012-06-25

Samba 3.6.6 Available for Download

This release addresses the following issues amongst others:

  • Possible memory leaks in the Samba master process (bug #8970)
  • Uninitialized memory read in talloc_free()
  • Joining of XP Pro workstations to 3.6 DCs (bug #8373)

Download new Enterprise Samba Packages

2012-06-13

SerNet Samba4 Appliance v0.4 has just been released

  • The Samba-Package is based on the new version Samba 4.0 beta1. Binaries are not stripped with the purpose of being debuggable.
  • The 's3fs' file server is now used instead of 'ntvfs'. That means essentially, that the smbd file server from the Samba 3.x release stream is being used.
  • New Linux kernel 3.2.15 from Debian backports with Microsoft Hyper-V support.
  • A signed NTP (MS-SNTP) service provides the Appliances system time.
  • The "dcpromo" script sets the hostname of the Linux system.
  • Provide opportunity to rerun dcpromo by using desktop icon.
  • Place auto generated krb5.conf in /etc/krb5.conf with the purpose to provide opportunity to do signed dns updates in future.
  • Additional preinstalled packages: rsync, ntp
  • Option to do schema updates is enables per default.
  • Further minor improvements and fixes.

Read more

2012-05-02

SerNet Samba4 Appliance v0.3 has just been released

  • The Samba package is based on the new snapshot of Samba 4.0 alpha19.
  • The dcpromo script now offers an option to install the AD schema extensions for the Zarafa Groupware.
  • The dcpromo script will save and remember some settings once they have been set.
  • A bug with setting the host name via dcpromo script has been fixed.
  • nsupdate is used for unsigned ns updates by default.
  • Samba4 paths are now set also for sudo users.

Read more

2012-04-30

Samba 3.6.5, 3.5.15 and 3.4.17 Security Releases Available for Download

These are security releases in order to address CVE-2012-2111 ( Incorrect permission checks when granting/removing privileges can compromise file server security.).

Download new Enterprise Samba Packages

2012-04-12

SerNet Samba4 Appliance v0.2 has just been released

  • The Samba4-Package is based on the new Samba 4.0 alpha19 release with many bug fixes and new features.
  • The "dcpromo" script now offers an option to configure a forwarder DNS server.

Read more

2012-04-10

Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available for Download

These are security releases in order to address CVE-2012-1182 ("root" credential remote code execution).

Download new Enterprise Samba Packages

2012-03-23

SerNet Samba4 Appliance v0.1 available for download

SerNet has created a Samba4 software appliance with the purpose to make it very easy to test Samba's new Active Directory functionality already now before it is made officially available with the Samba 4.0 release.

Click here for more information.

2012-03-12

Samba 3.5.13 Available for Download

This release addresses the following issues amongst others:

  • Fix a crash bug in cldap_socket_recv_dgram() (bug #8593).
  • Fully observe password change settings (bug #8561).
  • Fix NT ACL issue (bug #8673).
  • Fix segfault in Winbind if we can't map the last user (bug #8678).
2012-01-30

Samba 3.6.3 Security Release Available

This release is a Security Release in order to address the following issue:

  • CVE-2012-0817: Memory leak/Denial of service (bug #8724).

Latest News

2017-07-12

SAMBA+ Security Releases: 4.6.6, 4.5.12 and 4.4.15 packages available

SAMBA+ 4.6.6, 4.5.12 and 4.4.15 have just been released. These are important security releases, which address CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass

Updates for the new SAMBA+ 4.7 preview packages will follow. Please note that SAMBA+ preview packages are intended for test purposes only.

Have a look at the SAMBA+ News section for more information.

2017-07-06

New SAMBA+ version 4.5.11 and package updates for 4.6.5

SAMBA+ 4.5.11 and new sets of 4.6.5 packages have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

Have a look at the SAMBA+ News section for more information.