The Samba 4.16.0 release is presented, which continues the development of the Samba 4 branch with a full-fledged implementation of a domain controller and an Active Directory service that is compatible with the implementation of Windows 2000 and is able to serve all versions of Windows clients supported by Microsoft, including Windows 10. Samba 4 is a multifunctional server product , which also provides an implementation of the file server, print service, and identity server (winbind).
Key changes in Samba 4.16:
- A new samba-dcerpcd executable is included to provide DCE/RPC (Distributed Computing Environment / Remote Procedure Calls) services. To process incoming requests, samba-dcerpcd can be called as needed from the smbd or "winbind --np-helper" processes, passing information through named pipes. In addition, samba-dcerpcd can also work as an independently running background process that independently processes requests, and can be used not only with samba, but also with other implementations of SMB2 servers, such as the ksmbd server built into the Linux kernel. To control the launch of samba-dcerpcd in smb.conf in the "[global]" section, the setting "rpc start on demand helpers = [true|false]" is proposed.
- The built-in implementation of the Kerberos server has been updated to the release of Heimdal 8.0pre, which introduces support for the FAST security mechanism, which secures credentials by encapsulating requests and responses in a separate encrypted tunnel.
- The Certificate Auto Enrollment mechanism has been added, which allows you to automatically receive certificates from Active Directory services when group policies are enabled ("apply group policies" in smb.conf).
- The built-in DNS server has the ability to use an arbitrary network port number when determining DNS servers for query forwarding (dns forwarder). If earlier only the host for redirection could be specified in the settings, now the information can be specified in the host:port format.
- In the CTDB component responsible for the operation of cluster configurations, the "recovery master" and "recovery lock" roles have been renamed to "leader" and "cluster lock", and instead of "master" the word "leader" should be used in various commands (recmaster -> leader , setrecmasterrole -> setleaderrole).
- Support for the SMBCopy command (SMB_COM_COPY) and the wildcard expansion function in server-side filenames defined in the legacy SMB1 protocol has been discontinued. The functionality of the SMB2 protocol for copying files on the server side has been retained unchanged.
- On the Linux platform, smbd has discontinued the use of mandatory file locks in the "share modes" implementation. Such locks, which were implemented in the kernel through blocking system calls and were considered unreliable due to possible race conditions, are not supported since the Linux 5.15 kernel.
Source: opennet.ru