Blog

Join us on October 20, 2025, from 3:00–4:00 pm CEST for a free webinar on the Open Source Samba project – and learn how to protect your Active Directory with reliable backups and plan a smooth migration from Windows AD to Samba AD.

Active Directory is the backbone of many IT environments. Secure backups and clear migration strategies are essential for stability, security, and digital sovereignty. With Open Source Samba, organizations gain a proven alternative to Windows AD: independent, flexible, standards-based, and free from restrictive licensing.

What you will learn

  • Backing up Active Directory with Samba
  • Restoring a secure Samba AD
  • Migration strategies from Windows AD to Samba AD
  • Best practices for smooth, safe transitions
  • Live Q&A with Björn Jacke (SerNet GmbH

Register free of charge:Sign up here

Note: The webinar will be held in English.


The SerNet Samba team has published SAMBA+ 4.23 packages for a wide range of SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu. SAMBA+ 4.23 comes with major improvements for secure file sharing, monitoring, and interoperability. As always, we strongly recommend checking the release notes before upgrading.

New in Samba 4.23

One of the most important milestones is full support for SMB over QUIC, completed as part of the STA-funded development project. QUIC enables encrypted, low-latency access to Samba servers over the Internet – effectively turning Samba into a secure “SMB VPN” for mobile users and remote work scenarios, without the need for a traditional VPN infrastructure.

Another brand-new feature is the smb_prometheus_endpoint, which was developed by Volker Lendecke and Ralph Böhme from the SerNet Samba Team. This optional service exports Samba performance metrics in a Prometheus-compatible format, enabling seamless integration with Prometheus and Grafana dashboards. Administrators can now monitor Samba health and performance in real time, with standard tooling.

Additional enhancements in Samba 4.23 include:

  • SMB3 UNIX Extensions enabled by default for better POSIX interoperability.
  • Modernized write timestamp handling, consistent with current Windows servers.
  • Improved samba-tool domain backup --no-secrets to reliably exclude confidential attributes.
  • Per-share profiling stats for detailed performance analysis in complex setups.
  • CTDB tunables in directories, giving more flexibility in clustered environments.

Upgrading

Instructions for package access and upgrading are available in the SAMBA+ How-to collection. If you are upgrading from a SAMBA+ version older than 4.21 and use your own or third-party scripts that rely on Samba’s Python modules, you must install the sernet-samba-python3 package after upgrading to SAMBA+ 4.23 on Debian or Ubuntu systems. RHEL and SUSE-based systems are not affected.

For details on SAMBA+ pricing:

With this new release, Samba 4.22 enters maintenance mode. Samba 4.21 is now in security fixes only mode. With SAMBA+ 4.23, we are also discontinuing SAMBA+ 4.20. The 4.20 release series was the last one we built for Debian buster (10) and Ubuntu bionic (18.04). On request, however, we can still provide current SAMBA+ packages for these outdated platforms. The effort required will be assessed individually, depending on the specific requirements.

For further questions, contact the SAMBA+ Team.


SAMBA+ 4.21.8 has been released by SerNet, now available for immediate download. This update provides enhanced stability and improved support for a wide range of platforms, including SUSE, Red Hat, Debian GNU/Linux, Ubuntu, and AIX.

The latest release addresses multiple issues and includes important fixes for system reliability and performance. You can review all updates in the official release notes.

SAMBA+ packages are offered through a flexible software subscription model and are available for purchase directly in the SAMBA+ shop. Pricing information can be found here:

Existing subscribers automatically have access to the new SAMBA+ 4.21.8 packages. Active subscriptions provide download links in the SAMBA+ HowTo guides.

For questions, support, or to request a quote, our SAMBA+ Team is ready to help.


The Samba team has completed Milestone Group 5 of the STA-funded development project: Full support for SMB over QUIC is now implemented in Samba. This represents a major technological step in the evolution of secure file sharing and remote access capabilities.

QUIC, a modern transport protocol developed by Google and standardized by the IETF, offers encrypted, low-latency connectivity – especially over untrusted or high-latency networks like the public Internet. With this integration, Samba effectively becomes a secure "SMB VPN", enabling seamless access to file servers for remote users, mobile devices, and high-security environments – without requiring traditional VPN infrastructure.

The work was carried out across four interdependent milestones:

  • Integration of the Linux kernel QUIC driver into Samba's networking logic, enabling smbd to listen on UDP port 443.
  • Extension of the socket_wrapper tool, allowing QUIC functionality to be tested automatically without relying on kernel-level network access.
  • Implementation of a userspace QUIC fallback using ngtcp2, ensuring compatibility with older systems or development environments.
  • Support for SMB2_TRANSPORT_CAPABILITIES negotiation, which avoids redundant encryption by coordinating QUIC and SMB protocol layers.

All code contributions have been published in Samba’s public repositories and upstream projects, continuing Samba’s long-standing commitment to transparent, open development.

What’s next? Linux kernel catch-up!

With Samba’s side of SMB3 over QUIC now complete, the next big step depends on the Linux kernel itself. At present, QUIC support requires the external quic.ko module, tested against Linux 6.14. Out of the box, no current Linux release ships this functionality.

The good news: a dedicated upstream branch is already in review. Once merged, QUIC will become part of the Linux kernel – making SMB over QUIC broadly available for production use.

Strengthening open infrastructure and digital sovereignty

This achievement marks the successful completion of one of six major workstreams in the STA-funded project to advance Samba. It shows how targeted investment in open-source infrastructure delivers both technical progress and strategic independence.

By making SMB over QUIC freely available, Samba empowers organizations to rely on secure file services without lock-in to proprietary solutions. This is digital sovereignty in practice: critical IT functions remain transparent, community-driven, and under shared control.

The Sovereign Tech Agency (STA) and its Fund (STF) support this work as part of its mission to strengthen open-source infrastructure and digital resilience. With the funding, the Samba team ensures long-term development that is not only reliable today, but future-proof for sovereign and interoperable IT infrastructures.


SAMBA+ 4.22.4 has just been released by SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are 
available now. 

These packages address several issues, which are listed in the release notes: 
https://www.samba.org/samba/history/samba-4.22.4.html 

SAMBA+ packages are provided as part of a subscription model and can be purchased directly via the SAMBA+ shop. For pricing details, please visit:

With an active subscription, download links are available in the SAMBA+ HowTo or the SAMBA+ AIX HowTo

If you have any questions or need assistance, our SAMBA+ team will be happy to help. Don’t hesitate to get in touch.


Contact us
Contact
Deutsch English Français