SAMBA+
SerNet

Blog

SAMBA+ 4.19.1, 4.18.8 and 4.17.12 released

SAMBA+ 4.19.1, 4.18.8 and 4.17.12 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible. These packages address several security related issues.

  • CVE-2023-3961 Unsanitized client pipe name passed to local_np_connect()
  • CVE-2023-4154 dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"
  • CVE-2023-4091 Client can truncate file with read-only permissions
  • CVE-2023-42670 The procedure number is out of range when starting Active Directory Users and Computers
  • CVE-2023-42669 rpcecho, enabled and running in AD DC, allows blocking sleep on request

Additionally the 4.19.1 release includes fixes for:

  • Bug 15491: Heap buffer overflow with freshness tokens in the Heimdal KDC
SAMBA+ 4.19.0, 4.18.7 (and more) available now

SAMBA+ 4.19.0 has just been released by SerNet's Samba team. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. 

This is the first stable SAMBA+ release of the new Samba 4.19 release series. Please make sure to test thoroughly before upgrading and read the release notes carefully! The release notes, which contain information about changes and new features of the new major release, are available here: 

Also, SAMBA+ 4.18.7 was published, which is a bug fix release. You can find the details about this release here: 

With the new 4.19 release, Samba 4.18 has been turned into the "maintenance mode" and Samba 4.17 into the "security fixes only mode". Samba 4.16 will not receive any updates beyond this point. The SAMBA+ 4.16 repositories will be disabled soon. Please update to a recent version of SAMBA+. 

Please note: There was a bug observed in the interaction with active directory domain controllers running mixed versions of Samba: If you upgrade just some DCs to 4.19 and others keep running at 4.18 or older, these older version did hit an assert, see the detailed information on the bug. This is why we delayed our SAMBA+ 4.19 packages until we could publish fixed packages for 4.16, 4.17 and 4.18, too. In case you want to install a 4.19 DC with other SAMBA+ DCs running older versions than 4.19, make sure to update them to the latest fixed version of 4.18/4.17/4.16 that we released (4.18.7-9, 4.17.11-28 and 4.16.11-26). This does not affect member server installations. 

The 4.16 packages will soon be removed from the server – SAMBA+ 4.17, 4.18 and 4.19 will be the supported release branches from now on. 

Details on upgrading to the new SAMBA+ version can be found in the SAMBA+ HowTo collection.

SAMBA+ 4.17.11 available

SAMBA+ 4.17.11 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now.

These packages address several issues, which are listed in the release notes:
https://www.samba.org/samba/history/samba-4.17.11.html

The process on how to access the SAMBA+ Software Packages has changed. Please consult our SAMBA+ HowTo to learn more. 

Achieving Compatibility: Microsoft Exchange 2019 and Samba Active Directory
Fresh from the lab: Microsoft Exchange 2019 and Samba Active Directory

The Samba team at SerNet recently organized an internal workshop to explore the compatibility of Microsoft Exchange 2019 with Samba Active Directory. Participants in the workshop included Stefan Metzmacher, Björn Jacke and Ralph Böhme - all long-time members of the international Samba team. To share the progress with the Samba community, here is a short report from the experimental lab. The team is happy to answer any questions about the project.

The journey started with a major hurdle: NTP time synchronization issues on the Windows Domain Controllers (DCs) within the test setup. The team was able to resolve the issue after a few attempts - but ran into a new obstacle when Exchange refused to start in the Samba environment. After several hours of examining the logs and lots of head scratching, the crew discovered that Exchange was trying to query the LDAP "ntSecurityDescriptor" attribute of the cn=Configuration object. Surprisingly, Samba returned an empty result, unlike a Windows DC that returned the attribute.

After investigating thoroughly, the team found the cause: incomplete support for Group Policy Objects (GPOs) on Samba DCs. The GPO that was supposed to grant an additional privilege to the Exchange domain account had not been applied. Consequently, Samba rightly refused to return the ntSecurityDescriptor attribute.

Manually granting the missing privilege fixed the problem and Exchange worked. Subsequent tests creating accounts and exchanging emails confirmed the initial success. "We were really thrilled with the result," said Ralph Böhme, Samba Team Lead at SerNet. By identifying the underlying issues and implementing the necessary actions, he and his team were able to successfully connect Microsoft Exchange 2019 and Samba Active Directory. The interoperability achieved was no accident, but the result of thorough planning, systematic testing, and patient debugging. Böhme continues, "The workshop showed what we can achieve when we pool our Samba experience and join forces to overcome technical challenges." 

The interim success is a step in SerNet's larger mission to not only improve Samba's features and functionality, but to help make it an indispensable tool for businesses and organizations worldwide. The team looks forward to continuing to share its progress and work closely with the broader Samba community to achieve the vision of full interoperability between Samba AD and Exchange.

SAMBA+ 4.18.6 available

SAMBA+ 4.18.6 has just been released by the Samba team at SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now.

These packages address several issues, which are listed in the release notes: https://www.samba.org/samba/history/samba-4.18.6.html

The fixes for the following issues were already included in the previous SAMBA+ release:

  • Bug 15275 - smbd_scavenger crashes when service smbd is stopped
  • Bug 15416 - cldap_ping_list doesn't reset num_requests to 0 on retry 
Contact us
Contact
Deutsch English Français