Blog

Fresh from the lab: Microsoft Exchange 2019 and Samba Active Directory

The Samba team at SerNet recently organized an internal workshop to explore the compatibility of Microsoft Exchange 2019 with Samba Active Directory. Participants in the workshop included Stefan Metzmacher, Björn Jacke and Ralph Böhme - all long-time members of the international Samba team. To share the progress with the Samba community, here is a short report from the experimental lab. The team is happy to answer any questions about the project.

The journey started with a major hurdle: NTP time synchronization issues on the Windows Domain Controllers (DCs) within the test setup. The team was able to resolve the issue after a few attempts - but ran into a new obstacle when Exchange refused to start in the Samba environment. After several hours of examining the logs and lots of head scratching, the crew discovered that Exchange was trying to query the LDAP "ntSecurityDescriptor" attribute of the cn=Configuration object. Surprisingly, Samba returned an empty result, unlike a Windows DC that returned the attribute.

After investigating thoroughly, the team found the cause: incomplete support for Group Policy Objects (GPOs) on Samba DCs. The GPO that was supposed to grant an additional privilege to the Exchange domain account had not been applied. Consequently, Samba rightly refused to return the ntSecurityDescriptor attribute.

Manually granting the missing privilege fixed the problem and Exchange worked. Subsequent tests creating accounts and exchanging emails confirmed the initial success. "We were really thrilled with the result," said Ralph Böhme, Samba Team Lead at SerNet. By identifying the underlying issues and implementing the necessary actions, he and his team were able to successfully connect Microsoft Exchange 2019 and Samba Active Directory. The interoperability achieved was no accident, but the result of thorough planning, systematic testing, and patient debugging. Böhme continues, "The workshop showed what we can achieve when we pool our Samba experience and join forces to overcome technical challenges." 

The interim success is a step in SerNet's larger mission to not only improve Samba's features and functionality, but to help make it an indispensable tool for businesses and organizations worldwide. The team looks forward to continuing to share its progress and work closely with the broader Samba community to achieve the vision of full interoperability between Samba AD and Exchange.


SAMBA+ 4.18.6 has just been released by the Samba team at SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now.

These packages address several issues, which are listed in the release notes: https://www.samba.org/samba/history/samba-4.18.6.html

The fixes for the following issues were already included in the previous SAMBA+ release:

  • Bug 15275 - smbd_scavenger crashes when service smbd is stopped
  • Bug 15416 - cldap_ping_list doesn't reset num_requests to 0 on retry 

Storage Developer Conference

SerNet Inc. will be participating as a Silver Sponsor at this year's Storage Developer Conference (SDC). The conference is hosted by the Storage Networking Industry Association (SNIA) in Fremont, CA on September 18-21.

Our Samba team will be presenting on September 20: 

Topic: Reparse Points Current Status
Speaker: Volker Lendecke, Developer at SerNet/Samba Team
8:30am - 9:20am (PST)

Topic: Samba io_uring Status Update
Speaker: Stefan Metzmacher, Developer at SerNet/Samba-Team
9:30am - 10:20am (PST)

Topic: net use //samba/cloud: Scaling Samba
Speaker: Ralph Böhme, Samba Team Lead at SerNet/Samba Team
10:35am - 11:25am (PST)

In addition to these sessions, we invite all attendees to meet our team, discuss our recent endeavors, and explore potential collaborations. To ensure in-depth discussions and address specific inquiries, we are offering scheduled appointments. Those interested can contact us in advance to secure a meeting slot. Please use the contact form or mail us at sales@remove-this.sernet.com – we look forward to a constructive dialogue and a successful conference.


SAMBA+ 4.18.5, 4.17.10 and 4.16.11 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible.

These packages address several security related issues:

  • CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.
  • CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.
  • CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. 
  • CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results.

An update for SAMBA+ 4.18.4, 4.16.10 and 4.17.9 has been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address the following issue:

  • Bug 15418 - secure channel faulty since Windows 10/11 update 07/2023
    The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. 

Contact us
Contact
Deutsch English Français