Six months after its previous 4.21 release, Samba, the renowned open-source software suite that facilitates file sharing and printing services across various operating systems, including Windows and Unix, has released its latest version, Samba 4.22.
One of the standout features is SMB3 Directory Leases, a performance-enhancing capability that allows clients to cache directory listings. This reduces the volume of SMB requests from clients, resulting in a notable performance boost, especially in high-traffic environments.
Keep in mind that by default, this feature is enabled on non-clustered Samba installations and disabled on clustered setups, aligning with the “clustering” option settings. Users can configure this behavior via the new “smb3 directory leases” global parameter.
Another major highlight in Samba 4.22 is the introduction of experimental support for Azure Entra ID authentication via himmelblaud. This new authentication method, implemented in Rust, enables basic authentication with Azure Entra ID and is configured through “smb.conf.”
Regarding this, several new global parameters, including “himmelblaud_sfa_fallback,” “himmelblaud_hello_enabled,” and “himmelblaud_hsm_pin_path,” provide additional customization options.
On the performance optimizations side, increasing the LDB index cache size for offline AD operations makes Samba 4.22’s provisioning and schema upgrades several times faster.
It is also worth mentioning that with this latest release, administrators can now use TCP-based LDAP rootDSE queries instead of relying on connectionless LDAP queries (using UDP on port 389) to retrieve domain controller information.
This change is particularly useful in environments where firewalls block UDP traffic to domain controllers. According to this, a new parameter, “client netlogon ping protocol“, allows users to switch between connectionless LDAP (CLDAP) and the new TCP-based approach.
Lastly, as with any major update, some legacy features have been retired. Notable removals in this release include:
- nmbd proxy logon – an outdated mechanism that predates Samba4’s built-in NBT server.
- cldap port – since CLDAP always operates over UDP port 389, the ability to configure an alternative port has been removed due to inconsistencies in past implementations.
- fruit:posix_rename – a feature used for OS X directory renaming, now deprecated due to conflicts with Windows clients.
Users looking to upgrade to Samba 4.22 should read the release notes carefully to ensure a smooth transition.
