Blog

The Samba team at SerNet has completed Milestone Group 5 of the STA-funded development project: Full support for SMB over QUIC is now implemented in Samba. This represents a major technological step in the evolution of secure file sharing and remote access capabilities.

QUIC, a modern transport protocol developed by Google and standardized by the IETF, offers encrypted, low-latency connectivity – especially over untrusted or high-latency networks like the public Internet. With this integration, Samba effectively becomes a secure "SMB VPN", enabling seamless access to file servers for remote users, mobile devices, and high-security environments – without requiring traditional VPN infrastructure.

The work was carried out across four interdependent milestones:

• Integration of the Linux kernel QUIC driver into Samba's networking logic, enabling smbd to listen on UDP port 443.
• Extension of the socket_wrapper tool, allowing QUIC functionality to be tested automatically without relying on kernel-level network access.
• Implementation of a userspace QUIC fallback using ngtcp2, ensuring compatibility with older systems or development environments.
• Support for SMB2_TRANSPORT_CAPABILITIES negotiation, which avoids redundant encryption by coordinating QUIC and SMB protocol layers.

All code contributions have been published in Samba’s public repositories and upstream projects, continuing Samba’s long-standing commitment to transparent, open development.

What’s next? Linux kernel catch-up!

With Samba’s side of SMB3 over QUIC now complete, the next big step depends on the Linux kernel itself. At present, QUIC support requires the external quic.ko module, tested against Linux 6.14. Out of the box, no current Linux release ships this functionality.

The good news: a dedicated upstream branch is already in review. Once merged, QUIC will become part of the Linux kernel – making SMB over QUIC broadly available for production use.

Strengthening open infrastructure and digital sovereignty

This achievement marks the successful completion of one of six major workstreams in the STA-funded project to advance Samba. It shows how targeted investment in open-source infrastructure delivers both technical progress and strategic independence.

By making SMB over QUIC freely available, Samba empowers organizations to rely on secure file services without lock-in to proprietary solutions. This is digital sovereignty in practice: critical IT functions remain transparent, community-driven, and under shared control.

The Sovereign Tech Agency (STA) and its Fund (STF) support this work as part of its mission to strengthen open-source infrastructure and digital resilience. With the funding, the Samba team ensures long-term development that is not only reliable today, but future-proof for sovereign and interoperable IT infrastructures.

SAMBA+ 4.22.4 has just been released by SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are 
available now. 

These packages address several issues, which are listed in the release notes: 
https://www.samba.org/samba/history/samba-4.22.4.html 

SAMBA+ packages are provided as part of a subscription model and can be purchased directly via the SAMBA+ shop. For pricing details, please visit:

• USD Pricing: US SAMBA+ Shop
• EUR Pricing: World SAMBA+ Shop

With an active subscription, download links are available in the SAMBA+ HowTo or the SAMBA+ AIX HowTo. 

If you have any questions or need assistance, our SAMBA+ team will be happy to help. Don’t hesitate to get in touch.

The Samba team at SerNet has completed another important milestone in the STF-funded development of the open-source Samba software: Milestone 3.3 focuses on improved integration with Linux desktop environments and is part of the broader SMB3 UNIX Extensions milestone group.

The goal of this work is to make Samba a more natural and consistent part of Unix-like operating systems. To achieve this, the team has extended libsmbclient, the client-side library used by major desktop environments such as GNOME and KDE to access SMB file shares. By enabling support for SMB3 POSIX extensions in this library, Samba now offers better handling of symbolic links, permissions, and metadata making file access on the desktop feel more like using a local Unix filesystem. The team also put in the work to provide the code needed for GNOME to enable the SMB3 Unix Extensions.

This milestone builds on earlier work within the SMB3 UNIX Extensions group: Milestone 3.1 focused on the server-side implementation of POSIX-compatible features. With Milestone 3.3, these improvements are now reaching Linux desktop environments and deliver the benefits of SMB3 UNIX Extensions directly to end users.

The achievement is part of the ongoing effort to enhance Samba’s security, scalability, and integration. The goal is to ensure that Samba remains a powerful, interoperable solution for sovereign IT environments and is funded by the Sovereign Tech Agency.

Patched SAMBA+ packages are now available to address the Netlogon protocol change introduced by Microsoft’s latest updates to Windows Active Directory Domain Controllers.

Following our initial announcement, the updates from Microsoft introduce a critical change that may impact Samba installations in certain configurations. To ensure compatibility, fixed SAMBA+ packages have been released for the following branches:

• SAMBA+ 4.21
• SAMBA+ 4.22

If you are still using an older release branch, we strongly recommend migrating to 4.21 or 4.22 to receive the necessary fix.

Who needs the update?
You only need to install the patched packages if:

• Samba is configured as a member server, and
• you're using the idmap backend ad

Other Samba setups are not affected.

For full technical details, please refer to the official Samba release notes:
Samba 4.21.7 Release Notes
Samba 4.22.3 Release Notes

If you need help updating your installation or have questions about compatibility, feel free to contact us – we’re happy to support you.