Blog

The Samba team at SerNet has reached the fourth milestone in the Sovereign Tech Agency-funded project: Regression tests and server adjustments for SMB3 UNIX Extensions have been successfully completed and integrated.

This milestone supports Samba’s goal to deliver local filesystem semantics over SMB – especially for Linux clients, but with future potential for broader adoption (e.g., macOS). The extended SMB3 UNIX feature set improves handling of symbolic links, file permissions, and Unix-specific metadata when accessing files over a network. This closes the gap between traditional Unix behavior and the SMB protocol, enhancing cross-platform compatibility. Extensive regression testing ensures that recent enhancements don't introduce unintended side effects.

With this milestone, Samba moves closer to providing seamless UNIX-like behavior over SMB3. All developments are available via the public Samba repositories. Learn more about the full project and all milestones: https://samba.plus/stf-project

The project and the ongoing development is made possible through funding by the Sovereign Tech Agency, which supports critical open-source infrastructure. The STA’s broader mission is to strengthen digital sovereignty, security, and resilience by enabling long-term development and maintenance of critical technologies. SerNet has secured the funding for Samba and manages the milestones.

The Samba team at SerNet GmbH has reached the second milestone (2/17) in the Sovereign Tech Agency.-funded project to enhance Samba’s functionality and interoperability. This milestone focuses on introducing SMB3 Directory Leases, a feature designed to improve performance and efficiency when working with shared files and folders. With this implementation, clients can establish leases on directories, enabling caching of directory contents, reducing network overhead for directory metadata operations, and enhanced responsiveness in shared environments.

The development team conducted in-depth research and testing to ensure compatibility with Microsoft's SMB3 implementation. This led to the identification of multiple bugs and deficiencies in Samba. As a result, the team thoroughly investigated the current SMB2 Leases implementation in Samba, fixing all bugs and enhancing Samba's continuous integration testing framework with rigorous testing.

This highlights the team’s commitment to maintaining seamless interoperability between Samba and Microsoft environments, a cornerstone of the project’s objectives.

The work on this milestone has been published and will be available in the public Samba repositories:

• Implementation of SMB3 Directory Leases

This achievement, like others in the project, ensures that the open-source community and organizations relying on Samba benefit from new features and robust cross-platform compatibility. The ongoing funding secured by SerNet and assigned by the Sovereign Tech Agency (STA, formerly known as Sovereign Tech Fund) enables these advancements, underscoring the collaborative effort behind the project.

For further information about the project, visit https://samba.plus/stf-project. The project is a long-term initiative aimed at strengthening Samba’s role as a critical open-source software for file sharing, interoperability, and identity access management. Over the course of 18 months, the project will complete 17 milestones to enhance Samba’s security, scalability, and functionality. Each milestone’s results are made publicly available, ensuring that the wider open-source community and IT infrastructures worldwide can benefit.

The Samba team at SerNet GmbH has reached the first milestone (1/17) in its project funded by Sovereign Tech Agency. This milestone focuses on strengthening the security of the MS-NRPC component and hardening Netlogon communication, addressing critical requirements in upcoming Windows versions. By transitioning domain controller communication and client-controller interactions to Kerberos-based authentication, the Samba team is ensuring enhanced security and interoperability. This work has been made possible through funding secured by SerNet and funds assigned by the Sovereign Tech Agency (STA, formerly known as Sovereign Tech Fund).

The Samba development team has successfully implemented and published the following improvements and optimizations:

• DCE/RPC client improvements, add support for security context multiplexing
• winbindd optimizations for connecting to domain controllers
• Fix handling of invalid bind packets in the DCE/RPC server
• Implement NetrGetLogonCapabilities QueryLevel 2
• gsskrb5 enhancements: GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG as acceptor
• Implementation of netr_ServerAuthenticateKerberos in client and server: Preparation, Server Support, Client Support

The implemented security enhancements will be available in the public Samba software repositories, ensuring that all users of Samba benefit from the ongoing development work. This milestone represents not only a technical achievement but also a commitment to the open-source community, made possible through SerNet’s efforts in securing funding and providing development leadership.

For further information about the project, have a look at the project overview. The Samba STA project is an initiative to enhance the functionality, security, and scalability of Samba, a critical open-source software for interoperability and identity access management in mixed-OS environments. The project, funded by the STA, focuses on completing 17 milestones over 18 months, covering areas such as modern security protocols, failover functionality, and UNIX extensions. Development results are continuously made publicly available.