Blog

The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. Other implications are possible but require further investigation. The Samba Team and SerNet are already working on a solution. We will provide SAMBA+ updates as soon we have a fix.

Update: A fix for Samba 4.18.4 is already implemented and an update available.


Ralph Böhme on "The new Samba VFS"

Recordings from the 2021 Storage Developer Conference (SDC)  are now online, including those from the SerNet Samba Team. Ralph Böhme talked about "The new Samba VFS" and Stefan Metzmacher presented an Status Update on "Samba Multi-Channel/io_uring".

"The new Samba VFS" video by Ralph Böhme is on YouTube: https://youtu.be/D9EZO3gkT9U, also available are the slides.

Abstract: Starting with version 4.14 Samba provides core infrastructure code that allows basing all access to the server's filesystem on file handles and not on paths. An example of this is using fstat() instead of stat(), or SMB_VFS_FSTAT() instead of SMB_VFS_STAT() in Samba parlance. Historically Samba's fileserver code had to deal a lot with processing path based SMB requests. While the SMB protocol itself has been streamlined to be purely handle based starting with SMB2, large parts of infrastructure code remains in place that will "degrade" handle based SMB2 requests to path based filesystem access. In order to fully leverage the handle based nature of the SMB2 protocol we came up with a straight forward way to convert this infrastructure code, so it can be converted to make use of a purely handle based VFS interface. The talk presents what we have achieved so far and what is left to do. It's intended audience is anyone working on the Samba fileserver code and anyone working on Samba VFS modules.

The "Samba Multi-Channel/io_uring Status Update" by Stefan Metzmacher is also on YouTube: https://youtu.be/fnA4imgBsUo, slides are available.

Abstract: Samba had experimental support for multi-channel for quite a while. SMB3 has a few concepts to replay requests safely. We now implement them completely (and in parts better than a Windows Server). The talk will explain how we implemented the missing features. With the increasing amount of network throughput, we'll reach a point where a data copies are too much for a single cpu core to handle. This talk gives an overview about how the io_uring infrastructure of the Linux kernel could be used in order to avoid copying data, as well as spreading the load between cpu cores. A prototype for this exists and shows excellent results.


ksmbd vs. Samba

"ksmbd" is a new Linux kernel module which implements an SMB server. It's aimed at being low overhead, low footprint, performant fileserver covering many basic usecases, running on smaller devices with limited resources being the most apparent one: OpenWRT, the Linux distribution for embedded devices, adopted ksmbd already 18 months ago while ksmbd was still being developed.

ksmbd hit the public in November 2021 as part of the next Linux kernel version 5.15. It is not meant to replace the existing Samba fileserver "smbd", but rather be an extension and will integrate with Samba in the future. Samba's fileserver smbd is much broader in scope and supports various usecases and features that ksmbd does not:

  • Running as a Active Directory domain member
  • Scale-out clustering
  • Optimize for specific filesystems like GlusterFS or Ceph via dedicated VFS modules
  • Shadow Copy support

While being a mostly feature complete SMB3 server, lacking only some advanced features like Durable Handles, Directory Leases and Multi-Channel, ksmbd currently can only make use of local users and passwords which precludes use in corporate environments where typically Active Directory or similar identity sources are used.

ksmbd claims performance improvements on a wide range of benchmarks: the graphs on this page show a doubling of performance on some tests. There was also the notion that an in-kernel server is likely an easier place to support SMB Direct, which uses RDMA to transfer data between systems.

Clearly, those numbers are impressive, but at the same time recent improvements in Samba's IO performance put this into perspective: by leveraging the new “io_uring” Linux API Samba is able to provide roughly 10x the throughput compared to ksmbd.

Time will tell whether it's better to reside in kernel-space like ksmbd or in user-space like Samba in order to squeeze the last bit of performance out of the available hardware.

How mature is ksmbd? Given that its was primarily developed by a Samsung engineer, it is likely that it is being used in Samsung products today. However, the November release is a .0 release with all caveats that come with it. Some of the details, including various security issues that were found and fixed quite late in the game, are described in an article over at LWN.

All in all, ksmbd is an impressive work and in order to facilitate and encourage collaboration, the main ksmbd developer Namjae Jeon has been invited to join the international Samba team. ksmbd already adds interesting capabilities to the mix and the SerNet Samba team is looking forward to working with and on ksmbd!


Technical milestones and improvements for Samba on the horizon

This two-part article focuses on the strengths and advantages that make Samba unique. While part one took a look at some of the organizational, technical, and conceptual issues that are often discussed, this second part discusses technical milestones and improvements on the horizon, highlighting key Samba contributions still being worked on by the SerNet Samba Team members Volker Lendecke, Stefan Metzmacher and Ralph Böhme.

Robust and scalable – Multichannel Support for high performance
Sometimes Samba is criticised for "low concurrent connections / low concurrent opens". Because of the multiprocess model, which is more robust than a single-process multithreaded server model, Samba has higher RAM requirements than possibly other solutions. This is more relevant for the embedded SOHO router market than for enterprise storage solutions and to help the former the next Samba version will ship with a rewritten RPC-Server written by Volker Lendecke which results in a much smaller memory footprint.

SMB3 Multichannel support in Samba has been available since version 4.15 released in September 2021. The SerNet Samba team can provide stable backports to 4.12, 4.13 and 4.14 as we already have (and use) them in SAMBA+ 4.14 and custom packages.

Improving IO performance
Samba's IO performance is limited by the frequent data buffer copies done in the kernel for servicing Samba user space IO requests, resulting in high CPU usage and a CPU bound performance limit. This is an architectural limitation deeply rooted in the UNIX design. Two years ago a modern Linux API called “io_uring” has been added to Linux that allows user space applications like Samba to achieve zero-copy zero-syscall IO for the full IO path from disk to network. 

Recently, research on Samba performance improvements had been sponsored, and a Samba prototype was developed leveraging “io_uring”. We were able to improve IO performance drastically from 4 GBytes/s on a given hardware to 10 GB/s, the line speed of the 100 GBit/s adapter, with a significantly reduced CPU load of only 25%. Further testing using the loopback interface saw the throughput max out at up to 30 GB/s, the bottleneck being the clients used in testing (smbclient), not the server.

For more details see the discussion on the Samba list or the SDC 2021 presentation "Samba Multi-Channel/io_uring Status Update" from Stefan Metzmacher.

It would only take a few weeks of work to integrate the prototype into mainline Samba. Companies interested in this feature, please contact us to possibly join the list of companies sponsoring Samba development!

Samba supports Enterprise features
When it comes to clustering, you will get an "enterprise ready" SMB cluster from Samba. It supports scale-out active/active clustering and has been used for many years along with industry-leading clustered enterprise file systems like GPFS. Samba has plans to support “SMB Transparent Failover” and Ralph Böhme gave a talk at the SNIA SDC in 2018 on Persistent Handles in Samba. Again, companies interested in this feature, please contact us to possibly join the list of companies sponsoring Samba development!

ksmbd
Starting with Linux kernel 5.15, Linux will ship an in-kernel SMB server called “ksmbd”. ksmbd and Samba plan to work closely together in the future, and the main developer of ksmbd is as of recently also a member of the international Samba Team. Both projects will work hand in hand to combine ksmbd’s in-kernel SMB engine with Samba's user space daemons and tools. For a brief introduction, see the presentation from sambaXP 2019 (Slides) or the status update from sambaXP 2021(Slides).

Do you still have questions? Or would you like to talk to us about using Samba / SAMBA+? Then please feel free to contact us.


Strength and Advantages of Samba

Samba is an open source SMB implementation and the reference for other projects. It is developed by an international community that is committed to highest technology standards and free software principles. Samba is available since 1992 and is used by many storage OEMs, often since decades.

A variety of strengths and advantages make Samba what it is: a highly reliable SMB stack that continues to evolve. We from SerNet, one of the main support and development companies of Samba, would like to present some of them in an two-part article. Part one takes a look at some of the organizational, technical and conceptual issues that are often discussed. Part two will present technical milestones and upcoming improvements.

SAMBA is Open Source
The open source Samba code is on the web and cannot be taken down. Everybody is free to use, run and modify the software from smallest to biggest environments in both closed and public settings.

Samba is the best option for security and compliance, because you can test and verify it yourself down to the core. And due it's long history the Samba code has been extensively tested and reviewed by the large community, it's users and companies shipping Samba in their products.

Most companies, including startups and blue chips, can easily work with the GPLv3 license on the basis of sane legal advice. We recommend watching the numerous video and audio contributions from companies using SAMBA which have been presented at SerNet's annual SAMBA conference sambaXP since 2002 (see the archive or our YouTube channel).

“SAMBA, Inc.” can‘t be sold - because there is none
Vendors naturally want to ensure that their efforts and investments are as solid and safe as possible. With Samba, there is no vendor of a proprietary SMB stack that could be acquired by competitors to discontinue the product as seen by the acquisition of Likewise by EMC.

Benefit from experience
A long track record and veritable experience with SMB is important. Many companies and vendors want to integrate a free, mature, peer reviewed open source SMB stack. There is no need to keep reinventing wheel – using Samba allows to build on what has already been achieved.

Experience the advantages of a vibrant community
For a key component, companies can work with the vibrant Samba community that is innovative, agile and open. Diversity is an asset!

Comprehensive and independent technical support
Technical support for Samba is provided by a wide range of companies around the world. In addition to SerNet (Germany) with customers in Europe, the US and worldwide, there is also Catalyst from New Zealand with its customers in many countries around the world as well as many other supporters. SerNet offers 24/7 support and development services for more than 20 years to customers from startups to blue chips and many Fortune 500 companies among them.

SAMBA keeps up with Microsoft’s latest SMB development
Microsoft and the SAMBA team are working together in a long-term collaboration. Microsoft learned to embrace open standards and is increasingly committed to open source software and free software principles. Communities like the SAMBA team may be slower than companies - but their progress is free to the public, reliable and irreversible. Samba does not aim to be first and the fastest, but follows the idea of “opening windows to a wider world” in collaboration with Microsoft. Members of the Samba team are regular presenters at international conferences and attend interop events hosted by Microsoft several times a year.

SAMBA has no GUI - intentionally!
There is no GUI provided by the SAMBA team because you simply do not need one. After setting up SAMBA within a few steps, you're able to configure your Microsoft-compatible SMB AD controller and file & print server with a Windows-based management console. Also, vendors need a GUI that is tailored to their product.

Embedded SAMBA use is possible – if you want to
Samba can be tailored for embedded use. If you want to take the challenge and customize Samba for your use case, you can start working on it right away - or work with someone like SerNet to help you.

SAMBA preserves its history
Often we hear: “SAMBA has a lot of legacy code.” Of course it has! SAMBA is the best backward compatible SMB stack on the market and legacy support is a crucial asset in a Windows world with its highly diverse Windows versions being run by users and companies.

Dive into the broadest variety of supported platforms
SerNet's SAMBA+ offering is diverse and complete – just take a look at the Subscription Management Portal OPOSSO to see which platforms are supported.

Do you have more questions? Or would you like to talk to us about the use of Samba / SAMBA+? Then please feel free to contact us.


Contact us
Contact
Deutsch English Français