The Samba 4.14.0 release is presented, which continues the development of the Samba 4 branch with a full-fledged implementation of a domain controller and an Active Directory service that is compatible with the implementation of Windows 2000 and is able to serve all versions of Windows clients supported by Microsoft, including Windows 10. Samba 4 is a multifunctional server product , which also provides an implementation of the file server, print service, and identity server (winbind).
Key changes in Samba 4.14:
- Significant upgrades have been made to the VFS layer. For historical reasons, the code with the implementation of the file server was tied to the processing of file paths, which was also used for the SMB2 protocol, which was transferred to the use of descriptors. In Samba 4.14.0, the code that provides access to the server's file system has been redesigned to use file descriptors rather than file paths. For example, calling fstat() instead of stat() and SMB_VFS_FSTAT() instead of SMB_VFS_STAT() is involved.
- The reliability of publishing printers in Active Directory has been improved and the printer information sent to Active Directory has been expanded. Added support for Windows printer drivers on ARM64 systems.
- The ability to use Group Policy for Winbind clients is provided. An Active Directory administrator can now define policies that change sudoers settings or add periodic cron jobs. To enable the application of group policies for the client, the 'apply group policies' setting is provided in smb.conf. Policies are applied every 90-120 minutes. In case of problems, it is possible to undo the changes with the “samba-gpupdate —unapply” command or reapply the “samba-gpupdate —force” command. To view the policies that will be applied to the system, you can use the command “samba-gpupdate –rsop”.
- The requirements for the Python language version have been increased. Building Samba now requires at least Python version 3.6. Building with older Python releases has been discontinued.
- The samba-tool utility implements tools for managing objects in Active Directory (users, computers, groups). To add a new object to AD, you can now use the “add” command in addition to the “create” command. To rename users, groups and contacts, the “rename” command is supported. To unlock users, the 'samba-tool user unlock' command is proposed. The 'samba-tool user list' and 'samba-tool group listmembers' commands implement the "--hide-expired" and "--hide-disabled" options to hide expired or disabled user accounts.
- The CTDB component, which is responsible for the operation of cluster configurations, has been cleared of politically incorrect terms. Instead of master and slave, when setting up NAT and LVS, it is proposed to use “leader” to refer to the main node in the group and “follower” to cover the remaining members of the group. The "ctdb natgw master" command has been replaced with "ctdb natgw leader". To indicate that the node is not a leader, the “follower-only” flag is now displayed instead of “slave-only”. The "ctdb isnotrecmaster" command has been removed.
Additionally, an explanation is given about the scope of the GPL license, under which the Samba code is distributed, to VFS (Virtual File System) components. The GPL license requires that all derivative works be opened under the same terms. Samba has a plugin interface that allows you to call external code. One of these plugins are VFS modules, which use the same header files as Samba with an API definition through which services implemented in Samba are accessed, which is why Samba VFS modules must be distributed under the GPL or a compatible license.
Uncertainty arises regarding the third-party libraries that VFS modules access. In particular, the opinion was expressed that only libraries under GPL and compatible licenses can be used in VFS modules. The Samba developers have clarified that libraries do not call Samba code through an API or access internal structures, so they cannot be considered derivative works and are not required to be distributed under GPL-compliant licenses.
Source: opennet.ru