Blog

The Samba team at SerNet has completed another important milestone in the STF-funded development of the open-source Samba software: Milestone 3.3 focuses on improved integration with Linux desktop environments and is part of the broader SMB3 UNIX Extensions milestone group.

The goal of this work is to make Samba a more natural and consistent part of Unix-like operating systems. To achieve this, the team has extended libsmbclient, the client-side library used by major desktop environments such as GNOME and KDE to access SMB file shares. By enabling support for SMB3 POSIX extensions in this library, Samba now offers better handling of symbolic links, permissions, and metadata making file access on the desktop feel more like using a local Unix filesystem. The team also put in the work to provide the code needed for GNOME to enable the SMB3 Unix Extensions.

This milestone builds on earlier work within the SMB3 UNIX Extensions group: Milestone 3.1 focused on the server-side implementation of POSIX-compatible features. With Milestone 3.3, these improvements are now reaching Linux desktop environments and deliver the benefits of SMB3 UNIX Extensions directly to end users.

The achievement is part of the ongoing effort to enhance Samba’s security, scalability, and integration. The goal is to ensure that Samba remains a powerful, interoperable solution for sovereign IT environments and is funded by the Sovereign Tech Agency.

Patched SAMBA+ packages are now available to address the Netlogon protocol change introduced by Microsoft’s latest updates to Windows Active Directory Domain Controllers.

Following our initial announcement, the updates from Microsoft introduce a critical change that may impact Samba installations in certain configurations. To ensure compatibility, fixed SAMBA+ packages have been released for the following branches:

• SAMBA+ 4.21
• SAMBA+ 4.22

If you are still using an older release branch, we strongly recommend migrating to 4.21 or 4.22 to receive the necessary fix.

Who needs the update?
You only need to install the patched packages if:

• Samba is configured as a member server, and
• you're using the idmap backend ad

Other Samba setups are not affected.

For full technical details, please refer to the official Samba release notes:
Samba 4.21.7 Release Notes
Samba 4.22.3 Release Notes

If you need help updating your installation or have questions about compatibility, feel free to contact us – we’re happy to support you.

Debian 13 "Trixie" has not yet been officially released, but SAMBA+ packages are already available. Starting with version 4.22, SerNet provides prebuilt SAMBA+ packages for the upcoming Debian release. Supported architectures are amd64 and arm64, in line with Debian’s decision to discontinue 32-bit variants.

By offering early access to these packages, the SAMBA+ team ensures that administrators and IT professionals can plan and test ahead. This proactive approach supports smooth transitions and secure operations in demanding environments.

Built from the official Samba source code, SAMBA+ packages offer more than just compatibility. They include extended testing, continuous security updates and the option for enterprise-grade support directly from SerNet.

All supported platforms, including the new Trixie packages, are listed in our overview. Technical setup instructions and repository details are available in the How-to Section. 

For questions, feel free to contact us at sales@remove-this.sernet.com

(Last Update: July 8)

Please note: Updated packages are available

On July 8, Microsoft will release an important security update for Active Directory Domain Controllers for Windows Server versions prior to 2025.

This update modifies the Microsoft RPC Netlogon protocol to improve security by tightening access checks for a set of RPC requests. Samba running as domain members in these environments will be impacted by this change if a specific configuration is used. See below for details on the affected configurations.

Windows Server version 2025 is already equipped with these specific security hardenings. Microsoft plans to deploy them to all supported Windows Server versions down to Windows Server 2008. 

Who is affected?
Samba installations that act as member servers in Windows AD domains will be affected if they are configured to use the 'ad' idmapping backend. Samba servers that do not use this configuration will not be affected by the change – at least according to our current knowledge and understanding – and no further action is required.

However, current versions of Samba with the affected configuration will no longer function correctly once the Microsoft update has been applied. Users will not be able to connect to the SMB service provided by Samba for any domain that uses the ‘ad’ idmapping backend.

What is SerNet doing?
The SAMBA+ team at SerNet, along with other members of the international Samba team, has been collaborating with Microsoft. Changes to Samba are currently being developed and tested to ensure full compatibility between Samba and Microsoft products. The Samba team aims to release updated packages on Monday evening (UTC+2).

Updated SAMBA+ packages, which will restore full compatibility, are planned to be made available before Microsoft's rollout.

What you should do:

• Check your configuration if you’re running Samba in a Windows AD environment.
• Watch out for new SAMBA+ package updates early next week (starting July 7th) .
• Apply the update before Microsoft’s rolls out the patch.

All SAMBA+ updates are included in active subscriptions.

If you do not yet have a subscription, visit the SAMBA+ shop (EUR) or SAMBA+ shop (USD) for access.

For any questions or individual support, feel free to contact us directly – our team is here to help.

With Samba version 4.22, support for “reflink copies” has been extended. Reflink stands for Reference Links: a feature that significantly speeds up the copying of large files by creating only references to data blocks on supporting file systems.

The feature was developed by the Samba team at SerNet GmbH in close cooperation with storage manufacturer FAST LTA, who commissioned the implementation. The aim was to fulfill an essential step so that storage systems such as FAST LTA's Silent Bricks can also support Veeam's Fast Clone feature for SMB access under Linux.

Technical background

“Reflink copies” use features of modern file systems such as Btrfs, XFS, ZFS, or ReFS to make data duplication more efficient. With SMB-based access, clients can use SMB protocol features for “reflink copies,” provided that the server and its file system support this. Previously, support in Samba was limited to the Btrfs file system.

In Samba 4.22, general support is now enabled for all file systems that support the “reflink copies” functionality – by using the generic Linux ioctl FICLONERANGE. This enables the use of backup software such as Veeam, which regularly creates complete or differential copies of large amounts of data, with file systems other than Btrfs, ZFS, and XFS. Thanks to the extension in Samba, Linux-based SMB backends – such as those provided by FAST LTA with the Silent Bricks storage system – can now also support Veeam's Fast Clone. This significantly improves performance for so-called “forever incremental” and “synthetic full” backups. The result is a reduction in storage requirements, I/O load, and backup times.

Upstream tops proprietary

The technical implementation was carried out by the Samba team at SerNet lead by Ralph Böhme, who has been working on central components of the project for many years as a member of the Samba Core Team. The code has been fully integrated upstream and is now part of the official Samba release series 4.22.

“For us, it is an important signal when manufacturers such as FAST LTA specifically focus on the further development of open source components,” says Ralph Böhme. “Such contributions not only strengthen the functionality of individual systems, but also the sustainability and openness of the overall architecture.”

Christian Rogg, lead developer at FAST LTA, is enthusiastic about the collaboration with SerNet: “It started out as just an idea. The implementation with SerNet was extremely professional, and the results are impressive. Veeam users now save up to 50% in storage capacity and backup time with Fast Clone Support with Silent Bricks.”

Joint development initiatives

As part of its development services, SerNet offers specific enhancements and customizations of Samba – especially for manufacturers, OEMs, and operators of complex infrastructures. The aim of such collaborations is to combine individual requirements with open source practice: Developments are designed transparently, implemented with technical expertise, and merged into the official Samba source code base for the benefit of Samba users worldwide

Contact us for more development opportunities with SerNet!