Ya the new version of Samba 4.12.0 was released, which continues with the development of the Samba 4.x branch with a full implementation of a domain controller and Active Directory service, compatible with the Windows 2000 implementation and capable of serving all versions of Windows clients supported by Microsoft , including Windows 10.
Samba 4, is a multifunctional server product, which also provides the implementation of a file server, print service and authentication server (winbind).
What's new in Samba 4.12?
In this new version of Samba 4.12, the change of built-in implementations of cryptographic functions, which have been removed from the code base in favor of the use of external libraries.
With that it was decided to use GnuTLS as the main crypto library and that in addition to reducing the possible associated threats with the identification of vulnerabilities in embedded implementations of cryptographic algorithms, the transition to GnuTLS also made it possible to achieve a significant increase in performance when encryption is used in SMB3.
Given this, tests were carried out with the implementation of the CIFS client from the Linux Kernel 5.3, in which a 3-fold increase in writing speed and 2.5-fold reading speed was registered.
As well it is noted that a new backend has been added to search for sSMB ections using the Spotlight protocol, based on the Elasticsearch search engine.
The composition also includes the mdfind utility with a client implementation that allows to send search queries to any SMB server running the Spotlight RPC service. The "Spotlight backend" setting has been changed to "noindex" by default (for Tracker or Elasticsearch, you must explicitly set the values for "tracker" or "elasticsearch").
In Samba 4.12, we may find that the behavior of operations has been changed 'net ads kerberos pac save' and 'net eventlog export', which now don't overwrite the file, and if you try to export to an existing file, an error is thrown.
The samba tool has improved the addition of contact inputs for group members. If before, using the command 'samba-tool group addmemers', you could simply add users, groups and computers as new group members, now support for adding contacts as group members has been added.
The samba tool allows filtering by organizational unit (OU, Organizational Unit) or subtree. New flags "–base-dn" and "–member-base-dn" have been added, which make it possible to perform an operation only with a certain part of the Active Directory tree, for example, only within an OU unit.
Also, added a new VFS module 'io_uring' using the new Linux kernel io_uring interface for asynchronous I / O.
Io_uring supports I / O probing and can work with buffering (the previously proposed "aio" mechanism did not support buffered I / O).
When working with polls enabled, io_uring is significantly ahead of aio in performance.
Samba has implemented the support for SMB_VFS_ {PREAD, PWRITE, FSYNC} _SEND / RECV and it has reduced the overhead of keeping a thread pool in user space when using the default VFS backend. Building a VFS io_uring module requires the liburing library and the Linux 5.1+ kernel.
Of the other changes that stand out:
- VFS provides the ability to specify a special time value, UTIME_OMIT, to mark the need to ignore time in the SMB_VFS_NTIMES () function.
- B smb.conf discontinued support for the "write cache size" parameter, which lost its meaning after the io_uring support appeared.
- Samba-DC and Kerberos discontinued encryption using the DES algorithm. Heimdal-DC removed the weak encryption code.
- The vfs_netatalk module was removed, which was not accompanied and lost its relevance.
- The zlib library is included with the build dependencies. The embedded zlib implementation has been removed from the code base (the code was based on the previous version of zlib, where encryption support did not work normally).