Five months after its previous 4.20 release, Samba, the renowned open-source software suite that facilitates file sharing and printing services across various operating systems, including Windows and Unix, has officially released its latest version, Samba 4.21.
The release’s highlight is the hardened security settings for “valid users,” “invalid users,” “read list,” and “write list.” In the past, unresolved user or group names would be skipped without any notification, potentially leading to insecure access permissions.
With this update, any issues in name resolution due to communication errors with a domain controller will now trigger an error log, and the connection attempt will be denied, thereby preventing unintended access.
Moreover, Samba 4.21 introduces support for LDAP TLS/SASL channel binding, a critical security feature that aligns with modern cybersecurity practices. This enhancement enables secure SASL binds over TLS connections, significantly fortifying the authentication process.
The release also debuts new features and improvements, such as automatic keytab updates following machine password changes, enhancing the seamless operation of network services that rely on Samba for authentication.
Moreover, a new DNS hostname configuration option has been introduced to improve the integration of Samba within Active Directory environments, aiding in smoother domain joins and service registrations.
For those managing advanced setups, the new version supports Group Managed Service Accounts (gMSA), providing a more secure and manageable way of handling service accounts across multiple servers, a boon for large-scale deployments.
Furthermore, Samba 4.21 lays the groundwork for future enhancements, including planned deprecations and changes. For example, the new vfs-to-cephfs bridge module is set to replace the older CephFS implementations, promising better performance and more robust security options.
Those interested in learning more about all the changes that Samba 4.21 brings can visit theย release notes.
