The Samba 4.18.0 release is presented, which continues the development of the Samba 4 branch with a full-fledged implementation of a domain controller and an Active Directory service that is compatible with the implementation of Windows 2008 and is able to serve all versions of Windows clients supported by Microsoft, including Windows 11. Samba 4 is a multifunctional server product , which also provides an implementation of the file server, print service, and identity server (winbind).
Key changes in Samba 4.18:
- Work continued to address performance regressions in busy SMB servers resulting from the addition of protection against symbolic link manipulation vulnerabilities. In addition to the work done in the last release to reduce system calls when checking a directory name and stop using wakeup events when processing concurrent operations, version 4.18 reduced the overhead of handling locks for concurrent operations on file paths by about a factor of three. As a result, the performance of file opening and closing operations has been brought up to the level of Samba 4.12.
- The samba-tool utility now displays more concise and precise error messages. Instead of outputting a call trace indicating the position in the code where the problem occurred, which did not always allow you to immediately understand what was wrong, in the new version the output is limited to a description of the cause of the error (for example, incorrect username or password, incorrect file name with the LDB database, missing DNS name, network unreachable, invalid command line arguments, etc.). If an unrecognized problem is found, the full Python stack trace continues to be output, which can also be obtained with the '-d3' option. You may need this information to find the cause of the problem on the Web or to add it to the error notification you send.
- All samba-tool commands support the "--color=yes|no|auto" option to control output highlighting. In the "--color=auto" mode, highlighting is used only when outputting to the terminal. 'always' and 'force' instead of 'yes', 'never' and 'none' instead of 'no', 'tty' and 'if-tty' instead of 'auto'.
- Added support for the NO_COLOR environment variable to disable output highlighting in situations where ANSI color codes are used or the "--color=auto" mode is in effect.
- A new command "dsacl delete" has been added to samba-tool for deleting entries in access control lists (ACE, Access Control Entry).
- Added "--change-secret-at=" option to wbinfo command ' to specify the domain controller for which you want to perform the change password operation.
- A new option "acl_xattr:security_acl_name" has been added to smb.conf to change the name of the extended attribute (xattr) used to store the NT ACL. By default, the security.NTACL attribute is attached to files and directories, access to which is denied to ordinary users. If you change the name of an ACL storage attribute, it will not be served through SMB, but will become locally available to any user, which requires an understanding of the possible negative impact on security.
- Added support for password hash synchronization between a Samba-based Active Directory domain and an Azure Active Directory (Office365) cloud.
Source: opennet.ru