Blog

SerNet has secured significant funding from the German Sovereign Tech Fund (STF) to advance the Samba project, a vital open-source software that enables identity and access management (IAM) and seamless interoperability between Windows, Linux, and Unix systems via the SMB protocol. Over the next 18 months, Samba core developers will tackle 17 key milestones in six target groups aimed at enhancing Samba’s security, scalability, and functionality. The project's focus is on areas like transparent failover, SMB3 UNIX extensions, and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure that is as independent as possible of proprietary software regimes, but including optimal interoperability.

This project aligns perfectly with the mission of the Sovereign Tech Fund. By funding work on Samba the fund is bolstering one of the most critical technologies that underpin global IT infrastructures, particularly in sectors where cross-platform compatibility is vital.

Jeremy Allison, long standing member of the Samba core team said: "I'm very pleased that the Sovereign Tech Fund has recognised the importance of Samba in providing critical open source infrastructure to enterprises worldwide. The commissioned work will ensure that Samba remains a competitive and secure choice to create data storage and authentication services for all users."

Johannes Loxen, founder of SerNet and long-time fundraiser for the Samba project, was very impressed by the constructive and targeted work at the STF: "We are very grateful for the support of everyone at the Sovereign Tech Fund and their efforts in making this funding possible."

After the contract was signed, development work began as early as September 1 and is expected to be completed by the end of February 2026 for all milestones. Work results will be uploaded to the public Samba software repositories for public use immediately after the milestones and tests have been completed. A detailed project report will be published after the first milestone is reached in November 2024 and will be continuously updated.

About Samba:
Samba is an essential free and open-source implementation of the SMB protocol, enabling seamless interoperability between systems running Windows, Linux, and Unix. It is a cornerstone in Identity and Access Management (IAM), playing a crucial role in Active Directory environments by facilitating file sharing and authentication across mixed-OS networks. As part of all major Linux distributions, Samba’s wide adoption spans public institutions, enterprises, and educational facilities worldwide. For more input refer to https://samba.org.

About Sovereign Tech Fund:
The Sovereign Tech Fund supports the development, improvement, and maintenance of open digital infrastructure. The funds' goal is to sustainably strengthen the open source ecosystem with focus on security, resilience, technological diversity, and the people behind the code. Read more on https://www.sovereigntechfund.de.

About SerNet:
SerNet is part of the Open Source community and offers products and services for commercial users of Samba like software subscriptions, support, consulting and development services. SerNet GmbH has been founded in Germany in 1997 together with members of Samba Team. SerNet, Inc. in California is a 100% subsidiary of SerNet GmbH. Get more information about Samba by SerNet here: https://samba.plus.


Storage Developer Conference

SerNet Inc. will be participating as a Silver Sponsor at this year's Storage Developer Conference (SDC). The conference is hosted by the Storage Networking Industry Association (SNIA) in Fremont, CA on September 18-21.

Our Samba team will be presenting on September 20: 

Topic: Reparse Points Current Status
Speaker: Volker Lendecke, Developer at SerNet/Samba Team
8:30am - 9:20am (PST)

Topic: Samba io_uring Status Update
Speaker: Stefan Metzmacher, Developer at SerNet/Samba-Team
9:30am - 10:20am (PST)

Topic: net use //samba/cloud: Scaling Samba
Speaker: Ralph Böhme, Samba Team Lead at SerNet/Samba Team
10:35am - 11:25am (PST)

In addition to these sessions, we invite all attendees to meet our team, discuss our recent endeavors, and explore potential collaborations. To ensure in-depth discussions and address specific inquiries, we are offering scheduled appointments. Those interested can contact us in advance to secure a meeting slot. Please use the contact form or mail us at sales@remove-this.sernet.com – we look forward to a constructive dialogue and a successful conference.


The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. Other implications are possible but require further investigation. The Samba Team and SerNet are already working on a solution. We will provide SAMBA+ updates as soon we have a fix.

Update: A fix for Samba 4.18.4 is already implemented and an update available.


Ralph Böhme on "The new Samba VFS"

Recordings from the 2021 Storage Developer Conference (SDC)  are now online, including those from the SerNet Samba Team. Ralph Böhme talked about "The new Samba VFS" and Stefan Metzmacher presented an Status Update on "Samba Multi-Channel/io_uring".

"The new Samba VFS" video by Ralph Böhme is on YouTube: https://youtu.be/D9EZO3gkT9U, also available are the slides.

Abstract: Starting with version 4.14 Samba provides core infrastructure code that allows basing all access to the server's filesystem on file handles and not on paths. An example of this is using fstat() instead of stat(), or SMB_VFS_FSTAT() instead of SMB_VFS_STAT() in Samba parlance. Historically Samba's fileserver code had to deal a lot with processing path based SMB requests. While the SMB protocol itself has been streamlined to be purely handle based starting with SMB2, large parts of infrastructure code remains in place that will "degrade" handle based SMB2 requests to path based filesystem access. In order to fully leverage the handle based nature of the SMB2 protocol we came up with a straight forward way to convert this infrastructure code, so it can be converted to make use of a purely handle based VFS interface. The talk presents what we have achieved so far and what is left to do. It's intended audience is anyone working on the Samba fileserver code and anyone working on Samba VFS modules.

The "Samba Multi-Channel/io_uring Status Update" by Stefan Metzmacher is also on YouTube: https://youtu.be/fnA4imgBsUo, slides are available.

Abstract: Samba had experimental support for multi-channel for quite a while. SMB3 has a few concepts to replay requests safely. We now implement them completely (and in parts better than a Windows Server). The talk will explain how we implemented the missing features. With the increasing amount of network throughput, we'll reach a point where a data copies are too much for a single cpu core to handle. This talk gives an overview about how the io_uring infrastructure of the Linux kernel could be used in order to avoid copying data, as well as spreading the load between cpu cores. A prototype for this exists and shows excellent results.


ksmbd vs. Samba

"ksmbd" is a new Linux kernel module which implements an SMB server. It's aimed at being low overhead, low footprint, performant fileserver covering many basic usecases, running on smaller devices with limited resources being the most apparent one: OpenWRT, the Linux distribution for embedded devices, adopted ksmbd already 18 months ago while ksmbd was still being developed.

ksmbd hit the public in November 2021 as part of the next Linux kernel version 5.15. It is not meant to replace the existing Samba fileserver "smbd", but rather be an extension and will integrate with Samba in the future. Samba's fileserver smbd is much broader in scope and supports various usecases and features that ksmbd does not:

  • Running as a Active Directory domain member
  • Scale-out clustering
  • Optimize for specific filesystems like GlusterFS or Ceph via dedicated VFS modules
  • Shadow Copy support

While being a mostly feature complete SMB3 server, lacking only some advanced features like Durable Handles, Directory Leases and Multi-Channel, ksmbd currently can only make use of local users and passwords which precludes use in corporate environments where typically Active Directory or similar identity sources are used.

ksmbd claims performance improvements on a wide range of benchmarks: the graphs on this page show a doubling of performance on some tests. There was also the notion that an in-kernel server is likely an easier place to support SMB Direct, which uses RDMA to transfer data between systems.

Clearly, those numbers are impressive, but at the same time recent improvements in Samba's IO performance put this into perspective: by leveraging the new “io_uring” Linux API Samba is able to provide roughly 10x the throughput compared to ksmbd.

Time will tell whether it's better to reside in kernel-space like ksmbd or in user-space like Samba in order to squeeze the last bit of performance out of the available hardware.

How mature is ksmbd? Given that its was primarily developed by a Samsung engineer, it is likely that it is being used in Samsung products today. However, the November release is a .0 release with all caveats that come with it. Some of the details, including various security issues that were found and fixed quite late in the game, are described in an article over at LWN.

All in all, ksmbd is an impressive work and in order to facilitate and encourage collaboration, the main ksmbd developer Namjae Jeon has been invited to join the international Samba team. ksmbd already adds interesting capabilities to the mix and the SerNet Samba team is looking forward to working with and on ksmbd!


Contact us
Contact
Deutsch English Français