Blog

Logo SDC 2018

Samba developers from SerNet gave talks at his year’s SDC - Storage Developer Conference (September 24 to 27, 2018 in Santa Clara, California/USA). Video recordings from the conference are available on YouTube now.

Here are the links:


SerNet released the first SAMBA+ packages of the 4.9 release series. These packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu. One of the new features in Samba 4.9 is improved support for trusted domains when Samba is running as Active Directory Domain Controller (AD DC). This main improvement was made possible by a sponsorship from SerNet.

In addition, the new 4.9 series includes many improvements and features, which are documented in the Samba 4.9.0 release notes.

Improved support for trusted domains (as AD DC)

The support for trusted domains/forests has been further improved. External domain trusts, as well as transitive forest trusts, are now supported in both directions (inbound and outbound) for Kerberos and NTLM authentication. Stefan Metzmacher, long time Samba team member and valued SerNet colleague, worked on the topic. SerNet has made this possible through a six-figure development sponsoring.

The following features are new in 4.9 (compared to 4.8):

  • It’s now possible to add users/groups of a trusted domain into domain groups. The group memberships are expanded on trust boundaries.
  • foreignSecurityPrincipal objects (FPO) are now automatically created when members (as SID) of a trusted domain/forest are added to a group.
  • The 'samba-tool group *members' commands allow members to be specified as foreign SIDs.


However there are currently still a few limitations:

  • Both sides of the trust need to fully trust each other!
  • No SID filtering rules are applied at all!
  • This means DCs of domain A can grant domain admin rights in domain B.
  • Selective (CROSS_ORGANIZATION) authentication is not supported. It's possible to create such a trust, but the KDC and winbindd ignore them.
  • Samba can still only operate in a forest with just one single domain.
CTDB changes and further notes

Due to major changes, users should pay a visit to the Samba release notes to carefully read the 'CTDB changes' section and instructions if they use CTDB. The configuration style has been overhauled. The configuration needs to be migrated to run CTDB with the new release. The configuration migration script, which can assist to migrate the old CTDB configuration into the new style, is stored at /usr/share/ctdb/scripts/config_migrate.sh in the new packages. The script takes the /etc/default/sernet-samba-ctdb configuration file and creates a directory including a new example configuration. If CTDB manages Samba services, the created commands.sh file shows how the event scripts can be enabled.

This is the first release of SAMBA+ packages for the Samba 4.9 release series. We recommend to test thoroughly before upgrading and read the release notes carefully! With the release of Samba 4.9 former release series change their status as follows: Samba 4.8 enters maintenance mode, Samba 4.7 enters security releases only mode and Samba 4.6 is discontinued.

Also, the new 4.9 packages won’t be available for some distributions any longer. Please have a look at the SAMBA+ HowTo on OPOSSO.


SDC 2018 Logo

This year’s SDC - Storage Developer Conference will take place from September 24 to 27, 2018 in Santa Clara (California/USA). SerNet supports the SNIA hosted event again as silver sponsor. We will also be present with a sales team and a lot of information about SAMBA+, especially SAMBA+ for OEM and SAMBA+ LTS.

In addition, our Samba developer team will be attending and give the following talks:

  • Stefan Metzmacher: He will give his talk "Samba SMB-Direct Status Update" from 1:00 p.m. to 1:50 p.m. on Tuesday, September 25, in room Winchester.
  • Ralph Böhme: His talk "Implementing Persistent Handles in Samba" is set for Tuesday, September 25, from 3:05 p.m. to 3:55 p.m. in room Winchester. 
  •  Volker Lendecke: On Wednesday, September 26, he presents "Clustered Samba Scalability Improvements" in room Winchester. 

How ownCloud and SerNet worked together to improve the SMB protocol, is described in a new blog post from ownCloud. Read about it in the article "Windows Network Drive integration benefits from Samba contributions".

The text emphasizes, how Open Source Collaboration can prove to be an important and stimulatory factor for projects. In this case, ownCloud engineers worked together with longtime Samba expert Volker Lendecke at SerNet. This resulted in notifications for smb-client implemented in the SMB2 and SMB3 protocol, subsequently boosting performance and bringing more reliability to the windows network drive integration. So – to quote ownCloud: "the professionals at SerNet have your back."


In light of last week's sambaXP, SerNet announced two novelties to its Samba portfolio: SAMBA+ LTS and SAMBA+ support budgets. While SAMBA+ LTS prolongs security updates for SAMBA+ packages, support budgets grant easy access to professional Samba services.

SAMBA+ LTS (discontinued as of 2021)

SAMBA+ LTS LogoSAMBA+ Long Term Support (LTS) packages provide the well-known SAMBA+ packages, but with 36 month security updates instead of 18. This extends the lifecycle significantly and leads to reduced costs, especially for OEMs.

SerNet will provide the security updates pretty soon after the upstream Samba releases to ensure that systems are protected against the known defects as soon as possible. We will start with SAMBA+ 4.3, 4.4 and 4.5. SAMBA+LTS is already available in the SAMBA+ shop.

SAMBA+  support budgets

To make services even more accessible, SerNet is adding support budgets to its regular support contracts with Service Level Agreements. Support budgets can be purchased directly from the SAMBA+ shop and are ready for immediate redemption. This guarantees customers even faster access to the know-how of our experienced SAMBA+ team. In short: You buy the support budget, we start working on your requests. The support budget not only covers services around SAMBA+ but rather requests regarding overall CIFS/SMB (Samba, Microsoft Windows), AFP/Netatalk, Linux (Debian, Ubuntu, RHEL, Fedora, SLES, Leap), Unix (AIX, Solaris, HP-UX), Directory Services (Active Directory, LDAP), Printing (CUPS), Infrastructure
(DNS, DHCP, SSL). Another advantage: Within the SAMBA+ support budget, the billing rate is identical for all types of services.

A SAMBA+ support budget includes 10 service hours, invoiced in time units of at least 15 minutes. Once purchased, budgets can be redeemed for 24 months. A total of 4 budgets can be purchased at once and used for a project of up to 40 hours. More details on our SAMBA+ Support page or directly in the SAMBA+ shop.


Contact us
Contact
Deutsch English Français