SAMBA+ 4.17.8 has just been released by SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now.

These packages address several issues, which are listed in the release notes:

SAMBA+ packages are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at The subscriptions are managed at our platform OPOSSO ( Users can activate
their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.

SAMBA+ 4.18.2 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are
available now.

These packages address several issues, which are listed in the release notes:

SAMBA+ 4.18.1, 4.17.7 and 4.16.10 have just been released. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX.

The packages address the following security related issues, which only affect the Samba AD DC and related tools:

  • CVE-2023-0614 Access controlled AD LDAP attributes can be discovered.
    The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

    Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.
  • CVE-2023-0225 Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users.
    An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

    Affects only Samba 4.17.0 and later versions.  
  • CVE-2023-0922 Samba AD DC admin tool samba-tool sends passwords in cleartext.
    The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

Stefan Kania

On May 9, 2023, a workshop by Stefan Kania with the title "How to set up a Samba Domain?" will be held as part of sambaXP. The location of the event is the Hotel FREIZEIT IN in Göttingen, Germany. The workshop is primarily aimed at newcomers and beginners and is intended, among other things, to help in deciding whether a Samba Active Directory is the right choice, and how to deploy it successfully. Tickets as well as the detailed contents of the workshop are available at

Especially for help with AD selection there is the possibility to ask individual questions. In a practical part a Samba domain with two domain controllers and a file server will be set up. The following contents will be discussed for example:

  • Quick and easy setup of a Samba domain
  • Different client operating systems
  • Windows compliant permissions.

A VM suitable for this purpose will be provided to the participants, an own PC is necessary. More detailed information about the requirements for the device can be found at The workshop will be held in English.

Stefan Kania is an author and trainer in the field of Samba, LDAP and Kerberos. He has already published several technical books in which he has contributed his expertise and many years of experience.


The agenda for this year's sambaXP is online! From May 10 - 11, 2023, a variety of interesting presentations await you at Hotel FREIZEIT IN in Göttingen. Among others, we are looking forward to the keynote by Tom Talpey and the panel discussion with sambaXP chairman Jeremy Allison.

A big thank you goes out to our sponsors Google and Microsoft. Microsoft is helping shape the agenda with an IO track featuring talks such as "Integrate the Power of Office365 through Co-Auth and File Synchronization Protocols" by Jinlin Xu.

Ticket sales and the detailed program can be found at

Other topics in the program:

  • SINK: Does it still float? - An update on samba-operator, samba-container & friends (Michael Adam, IBM / Samba Team & John Mulligan, IBM)
  • Linux Group Policy: Latest Developments, Use Cases, Integration, and Best Practices (David Muller, SUSE / Samba Team)
  • Active Directory Claims and conditional ACEs: how do they work and what are they for? (Douglas Bagnall, Catalyst IT / Samba Team)
  • SMB3 POSIX Extensions: Reparse Points current status (Volker Lendecke, SerNet / Samba Team)
  • From an OpenLDAP back-end for Samba to a Samba back-end for OpenLDAP (Nadezhda Ivanova, Samba Team)
  • Samba AD / MIT Kerberos: path out of experimental (Alexander Bokovoy & Andreas Schneider, Red Hat / Samba Team)
  • SoS: Samba on (a large) Scale: exploring ctdb Alternatives (Ralph Böhme, SerNet / Samba Team)

Social Event
A social event is planned for the evening of the first day of the conference, also at the Hotel FREIZEIT IN. Participation is free of charge for sambaXP visitors. With good food and tasty drinks, the gathering is a wonderful opportunity for personal exchange and networking.

Workshop on May 9, 2023
On the day before the conference, Stefan Kania will explain the basics for successfully setting up a Samba domain in his workshop "How to set up a Samba Domain". Tickets are also available at

Contact us
Deutsch English Français