Samba 4.20 Brings Enhanced Security and New Features

Samba 4.20: Now with reduced dependencies, a new Windows Search Protocol client, crucial security updates, and more.

Samba 4.20, now available for download, offers enhanced security, improved functionality, and new features designed to modernize and streamline Active Directory (AD) operations.

It is an open-source software suite that enables seamless file and print services to SMB/CIFS clients. This allows interoperability between Linux/Unix servers and Windows-based clients, making it an essential tool for network administrators aiming to create a cohesive network environment regardless of the underlying operating systems.

Samba 4.20 Highlights

A key update in Samba 4.20 is the new minimum requirement for MIT Krb5 version 1.21 for Samba Active Directory Domain Controllers. This change addresses critical vulnerabilities, enhancing security against potential attacks. Furthermore, removing the dependency on the Perl JSON module simplifies installations and configurations, as Samba builds will now utilize Perl’s built-in JSON::PP module.

The new version introduces improvements to the samba-tool user password access and synchronization tools. These tools now allow for more detailed attribute selection and formatting options, aligning the output more closely with the LDIF output format.

We can’t help mentioning also that the new version expands its functionality with client-side support for Group Managed Service Accounts (gMSA), facilitating automated password changes and enhancing service isolation without the pitfalls of static passwords.

Additionally, introducing a new experimental Windows Search Protocol (WSP) client, wspsearch, allows direct search requests to WSP-enabled servers. Significant improvements have also been made in directory access control and policy management. The smbcacls tool now supports saving and restoring DACLs to a file, mirroring Windows icacls.exe functionality.

Furthermore, samba-tool extensions for Active Directory Claims, Authentication Policies, and Authentication Silos offer advanced user and service management capabilities, pushing Samba closer to full parity with Windows Active Directory services.

Lastly, Samba 4.20.0 enhances its support for Authentication Silos, Policies, and Conditional Access Control Entries (ACEs), with detailed configurations now possible for domains with a functional level of 2012 R2 or higher. The Service Witness Protocol integration improves cluster node monitoring and client connection stability in clustered environments.

Those interested in learning more about all the changes that Samba 4.20 brings can visit the release notes.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%