Blog

The next webinar in the "Setting up Samba on AIX with SAMBA+" series will be held on September 14, 2023, from 10 to 11 a.m. (PDT). Registration for the event and more information can be found here. The platform used is GoTo Webinar.

In the webinar, participants will learn from our expert Björn Jacke how to set up Samba with SAMBA+ on AIX, IBM's Unix operating system, and integrate it into an Active Directory environment. Among other things, they will receive tips on how to overcome frequently occurring difficulties. Special attention will also be paid to parameter settings in AIX. There will also be an opportunity to clarify any questions.

This webinar will be held in English. Further dates will be announced shortly.

SAMBA+ 4.18.5, 4.17.10 and 4.16.11 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible.

These packages address several security related issues:

• CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.
• CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.
• CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. 
• CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results.

An update for SAMBA+ 4.18.4, 4.16.10 and 4.17.9 has been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address the following issue:

• Bug 15418 - secure channel faulty since Windows 10/11 update 07/2023
  The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. 

The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. Other implications are possible but require further investigation. The Samba Team and SerNet are already working on a solution. We will provide SAMBA+ updates as soon we have a fix.

Update: A fix for Samba 4.18.4 is already implemented and an update available.

Although many things in the world have changed in the last few years, chairman of sambaXP Jeremy Allison stated in his welcome note that „Open Source survives“. After two years of remote events it was great to meet everyone live at sambaXP 2023 at the Hotel FREIZEIT IN in Goettingen, Germany. From May 10-11 people from all over the world passionate about Samba exchanged the latest developments and talked about all things related to Samba.

A big thank you goes out to this year’s sponsors Google, Microsoft and SerNet.

The slides and recordings of the presentations are linked in the agenda at sambaxp.org. Recordings can also be found in the

Among others, these interesting presentations can be re-watched:

• Alexander Bokovoy & Andreas Schneider (Red Hat / Samba Team): Samba AD / MIT Kerberos: path out of experimental
• Volker Lendecke (SerNet / Samba Team): SMB3 POSIX Extensions: Reparse Points current status
• Douglas Bagnall (Catalyst IT / Samba Team): Active Directory Claims and conditional ACEs: how do they work and what are they for?
• Bradley M. Kuhn (Software Freedom Conservancy): GPL Compliance for Samba in Consumer Devices
• Tom Talpey: Beyond Microsoft – Keynote

The following presentations within the IO Track of the Microsoft team can also be re-watched:

• Hagit Galatzer: Introduction to The Microsoft Interoperability Commitment
• Jinlin Xu: Integrate the Power of Office365 through Co-Auth and File Synchronization Protocols
• Michael Bowen: Use the Capabilities of Azure Artificial Intelligence with the Open XML SDK to Protect Personally Identifiable Information
• Obaro Ogbo & Amalachukwu Offia: File Sharing test suites overview and demo
• Steve French: SMB3.1.1 POSIX Extensions & SMB3.1.1 improvements to the Linux client

Save the Date

Next year’s sambaXP will be held from April 16-18, 2024 as a remote event. On the first day there will be a webinar by Stefan Kania. Stay updated at https://sambaxp.org.