Samba 4.19 arrives with general improvements, corrections and more

Darkcrizt

4 minutes

Samba is the standard set of Windows interoperability programs for Linux and Unix.

Samba is a multifunctional server product, which also provides an implementation of file server, print service and identity server.

The new version of Samba 4.19 has already been released and it comes shortly after 6 months of development since the last major release. This new version is considered as a new stable version and includes a lot of changes and improvements.

Of the most notable new features of Samba 4.19 we can find the improvements in winbind, the work to prepare AD according to the FL 2016 standards, as well as the improved KDC audit, among other things.

Main new features of Samba 4.19

In this new version of Samba 4.19 that is presented, one of its main novelties that stands out is the migration of SMBG to use a common command line parser. And it is that in this new version has been translated into common code with other Samba utilities to parse command line parameters (previously, SMBG used a specific parser for this utility). The change made it possible to implement additional features such as Kerberos authentication, but at the cost of deprecating the smbgetrc file and breaking backward compatibility at the options level.

Another of the changes that stands out in the new version were the gpupdate command changes, in which the function libgpo.get_gpo_list became deprecated, since it was superseded by a Python implementation that can be imported via the " directiveimport samba.gp«.

In Samba 4.19, an initial partial implementation of Active Directory functional levels 2012, 2012R2 and 2016 has been proposed with which Samba will be able to pass authentication policy claims from Active Directory to PAC.

Additionally, for Windows clients, when the Active Directory 2012, 2012_R2, or 2016 functional level is enabled, support for the extension is implemented. FAST Kerberos. To connect to Active Directory, the new implementation uses the SamDB module instead of ADS.

We can also find that added support for new fields: 'traceid' to display records related to the same query in the registry to store the nesting level of the query in the registry.

On the other hand, we can also find that added RBCD support to Heimdal Kerberos-based domain controller configurations, as well as the utility samba-tool implements support for showing, adding and modifying authentication silos
and Active Directory Authentication claims.

Of the other changes that stand out from this new version:

  • Code removed with implementation of built-in cryptographic functions.
  • KDC audit tools were improved
  • Active Directory PAC adds support for compressing centralized access policy attributes using the same compression algorithm as in Microsoft Windows.
  • Ability to log, store in JSON format, most failures and all Kerberos tickets issued, including those that violate an unenforced authentication policy.
  • The Heimdal Kerberos code used in Samba (lorikeet-heimdal branch) has been updated to the status of the main repository of the main Heimdal project.
  • Added a new test suite for PKINIT (smart card login).
  • Heimdal KDC adds the ability to revoke smart card certificates used for PKINIT authentication.
  • Changing the UnicodePwd and userPassword attributes on a domain controller is now only allowed when using an encrypted connection.
  • Added “smbcontrol ldap_server reload-certs” command to reload TLS certificates used on an Active Directory domain controller without restarting Samba components.

Finally, if you are interested in being able to know more about it, you can consult the details in the following link

How to install or upgrade to Samba on Ubuntu and derivatives?

Well, for those who are interested in being able to install this new version of Samba or want to update their previous version to this new oneThey can do it by following the steps we share below.

It is worth mentioning that, although samba is included in the Ubuntu repositories, you should know that the packages are not updated when a new version is released, so in this case we prefer to use a repository.

The first thing we are going to do is open a terminal and in it we are going to type the following command to add a repository to the system:

sudo add-apt-repository ppa:linux-schools/samba-latest

sudo apt-get update

Once the repository has been added, we proceed to install samba in the system and for this, we just type the following command:

sudo apt install samba

If you already have a previous version installed, it will be updated automatically.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.