Samba 4.18.0 arrives with security improvements, enhancements and more

The release of the new version of Samba 4.18.0, which continued the work for address performance regressions on SMB servers occupied as a result of the addition of protection against symbolic link manipulation vulnerabilities.

In addition to the work done in the last release to reduce system calls when checking for a directory name and to stop using wake events when processing concurrent operations, version 4.18 reduced lock processing overhead for concurrent operations on file paths by a factor of three.

As a result, the performance of file open and close operations has been brought up to the level of Samba 4.12.

Main new features of Samba 4.18.0

In this newly released version of Samba 4.18.0, the samba-tool utility now displays more concise and accurate error messages.

Instead of generating a call trace indicating the position in the code where the problem occurred, which did not always make it possible to immediately understand what was wrong, in the new version, the output is limited to a description of the cause of the error (for example, incorrect username or password, incorrect file name with the LDB database, missing name in DNS, unreachable network, invalid command line arguments, etc.).

Besides that, if an unrecognized issue is found, the full trace is still issued from the Python stack, which can also be obtained with the '-d3' option. You might need this information to find the cause of the problem on the web or to add it to the error notification you send.

Another novelty that is presented in this new version of Samba 4.18.0, is that tAll samba-tool commands support the option “–color=yes|no|auto” to control output highlighting. In “–color=auto” mode, the highlight is used only when sent to the terminal. 'always' and 'force' instead of 'yes', 'never' and 'none' instead of 'no', 'tty' and 'if-tty' instead of 'auto'.

We can also find that added support for NO_COLOR environment variable to disable output highlighting in situations where ANSI color codes are used or the “–color=auto” mode is in effect.

Of the other changes that stand out in this new version:

• A new "dsacl delete" command has been added to the samba tool to delete access control list (ACE) entries.
• Added option “–change-secret-at= » to the wbinfo command to specify the domain controller on which to perform the password change operation.
• Added a new parameter "acl_xattr:security_acl_name" to smb.conf to change the name of the extended attribute (xattr) used to store the NT ACL.
• By default, the security.NTACL attribute is attached to files and directories, access to which is denied to normal users.
• If you rename an ACL storage attribute, it will not be served over SMB, but will be available locally to any user, which requires an understanding of the potential negative security impact.
• Added support for password hash synchronization between a Samba-based Active Directory domain and an Azure Active Directory (Office365) cloud.

Finally, if you are interested in being able to know more about it, you can consult the details in the following link

How to install or upgrade to Samba on Ubuntu and derivatives?

Well, for those who are interested in being able to install this new version of Samba or want to update their previous version to this new oneThey can do it by following the steps we share below.

It is worth mentioning that, although samba is included in the Ubuntu repositories, you should know that the packages are not updated when a new version is released, so in this case we prefer to use a repository.

The first thing we are going to do is open a terminal and in it we are going to type the following command to add a repository to the system:

sudo add-apt-repository ppa:linux-schools/samba-latest

sudo apt-get update

Once the repository has been added, we proceed to install samba in the system and for this, we just type the following command:

sudo apt install samba

If you already have a previous version installed, it will be updated automatically.