Samba 4.20, now available for download, offers enhanced security, improved functionality, and new features designed to modernize and streamline Active Directory (AD) operations.
It is an open-source software suite that enables seamless file and print services to SMB/CIFS clients. This allows interoperability between Linux/Unix servers and Windows-based clients, making it an essential tool for network administrators aiming to create a cohesive network environment regardless of the underlying operating systems.
Samba 4.20 Highlights
A key update in Samba 4.20 is the new minimum requirement for MIT Krb5 version 1.21 for Samba Active Directory Domain Controllers. This change addresses critical vulnerabilities, enhancing security against potential attacks. Furthermore, removing the dependency on the Perl JSON module simplifies installations and configurations, as Samba builds will now utilize Perl’s built-in JSON::PP module.
The new version introduces improvements to the samba-tool user password access and synchronization tools. These tools now allow for more detailed attribute selection and formatting options, aligning the output more closely with the LDIF output format.
We can’t help mentioning also that the new version expands its functionality with client-side support for Group Managed Service Accounts (gMSA), facilitating automated password changes and enhancing service isolation without the pitfalls of static passwords.
Additionally, introducing a new experimental Windows Search Protocol (WSP) client, wspsearch, allows direct search requests to WSP-enabled servers. Significant improvements have also been made in directory access control and policy management. The smbcacls tool now supports saving and restoring DACLs to a file, mirroring Windows icacls.exe functionality.
Furthermore, samba-tool extensions for Active Directory Claims, Authentication Policies, and Authentication Silos offer advanced user and service management capabilities, pushing Samba closer to full parity with Windows Active Directory services.
Lastly, Samba 4.20.0 enhances its support for Authentication Silos, Policies, and Conditional Access Control Entries (ACEs), with detailed configurations now possible for domains with a functional level of 2012 R2 or higher. The Service Witness Protocol integration improves cluster node monitoring and client connection stability in clustered environments.
Those interested in learning more about all the changes that Samba 4.20 brings can visit the release notes.
