ProHoster > Blog > internet news > Release of Samba 4.11.0

Release of Samba 4.11.0

Submitted by Release Samba 4.11.0, who continued the development of the branch Samba 4 with a full implementation of a domain controller and an Active Directory service that is compatible with the implementation of Windows 2000 and is able to serve all versions of Windows clients supported by Microsoft, including Windows 10. Samba 4 is a feature-rich server product that also provides an implementation of a file server, a print service, and an identity server (winbind).

Key changes in Samba 4.11:

  • By default, the “prefork” process launch model is enabled, which allows you to maintain a pool of pre-launched handler processes. When starting Samba, the '--model' option now takes the value 'prefork' instead of 'standard'. Previously, each LDAP and NETLOGON client connection ran a separate child process, which, with a large number of persistent connections, resulted in significant memory consumption. When using the 'prefork' model for LDAP, NETLOGON and KDC services, a fixed number of processes are launched that jointly process client connections and distribute them among handlers (4 handlers are started by default);
  • In Winbind, PAM_AUTH and NTLM_AUTH authentication events are saved in the log, as well as reflected in the authentication records and passing the “logonId” attribute to SamLogon, which contains the login ID generated for PAM_AUTH and NTLM_AUTH requests;
  • The scheme of returned LDAP links (referral) now reflects the scheme from the original request, for example, links obtained through ldap are prefixed with "ldap://", and through ldaps - "ldaps://";
  • Added the ability to log the duration of DNS operations performed by Bind 9. The output is enabled by specifying the log level "dns:10" in smb.conf;
  • The default Active Directory schema has been updated to version
    2012_R2.
    The old schema can be selected with the '--base-schema' argument. You can use the samba-tool "domain schemaupgrade" command to upgrade existing installations.

  • Required dependencies include the GnuTLS 3.2 cryptographic library, which replaces Samba's built-in cryptographic functions;
  • Added "samba-tool contact" command to search and edit entries in the address book stored in LDAP;
  • Improved support for working with national encodings in the "samba-tool [user|group|computer|group|contact] edit" command;
  • Samba has been optimized to work in very large organizations with up to 100 users and 120 objects;
  • Improved performance of reindexing ("samba-tool dbcheck --reindex") and domain join operations ("samba-tool domain join") for large AD domains;
  • The LDAP server has improved memory efficiency when generating large LDAP responses (for example, when searching for all objects) by eliminating duplication of data copies in memory;
  • Added "--backend-store-size" option to "samba-tool" to define the maximum allowable database size (lmdb map);
  • The "batch_mode" option has been added to LDB, which allows optimizing the execution of batch operations by executing them within a single transaction. Also improved search performance in large LDBs and performance of renaming subtrees;
  • Added VFS module ceph_snapshots, which implements support for CephFS snapshots for working with previous versions of files;
  • The method of storing the Active Directory database on disk has been changed. The new format will be automatically applied after upgrading to release 4.11, but if you roll back from Samba 4.11 to older releases, you will need transformation format manually;
  • Support for the SMB1 protocol is disabled by default (the 'client min protocol' and 'server min protocol' settings are set to SMB2_02), which is deprecated and no longer used by Microsoft;
  • Most command line utilities, such as smbclient and smbcacls, have a new '--option' option to override smb.conf settings. For example, to change the minimum supported protocol version, you can specify "--option='client min protocol=NT1'" to return SMB1;
  • The LanMan and plaintext authentication methods have been deprecated. Support for NTLM, NTLMv2, and Kerberos methods remains unchanged;
  • The BIND9_FLATFILE DNS backend has been deprecated and will be removed in a future release. Also deprecated the "rndc command" option in smb.conf;
  • Removed embedded http-server code (Python WSGI), which was previously used to ensure the operation of the SWAT web-interface;
  • By default, Python 2 support is disabled and Python 3 enabled (to return Python 2 support, you need to set the environment variable 'PYTHON=python2′ before running ./configure' and 'make' during the samba build process.

Source: opennet.ru

Add a comment