Samba 4.12.0 releases: standard Windows interoperability suite of programs for Linux and Unix
Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.
Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.
Samba consists of two key programs, plus a bunch of other stuff that we’ll get to later. The two key programs are
smbdandnmbd. Their job is to implement the four basic modern-day CIFS services, which are:
- File & print services
- Authentication and Authorization
- Name resolution
- Service announcement (browsing)
The main update on v4.12:
NEW FEATURES/CHANGES
Python 3.5 Required
Samba’s minimum runtime requirement for python was raised to Python 3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python 3.5 both to access new features and because this is the oldest version we test with in our CI infrastructure.
- (Build time support for the file server with Python 2.6 has not changed)
Removing in-tree cryptography: GnuTLS 3.4.7 required
Samba is making efforts to remove in-tree cryptographic functionality, and to instead rely on externally maintained libraries. To this end, Samba has chosen GnuTLS as our standard cryptographic provider.
Samba now requires GnuTLS 3.4.7 to be installed (including development headers at build time) for all configurations, not just the Samba AD DC.
Thanks to this work Samba no longer ships an in-tree DES implementation and on GnuTLS 3.6.5 or later Samba will include no in-tree cryptography other than the MD4 hash and that implemented in our copy of Heimdal.
Using GnuTLS for SMB3 encryption you will notice huge performance and copy speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3 show a 3x speed improvement for writing and a 2.5x speed improvement for reads!
- NOTE WELL: The use of GnuTLS means that Samba will honour the system-wide ‘FIPS mode’ (a reference to the US FIPS-140 cryptographic standard) and so will not operate in many still common situations if this system-wide parameter is in effect, as many of our protocols rely on outdated cryptography.
A future Samba version will mitigate this to some extent where good cryptography effectively wraps bad cryptography, but for now that above applies.
zlib library is now required to build Samba
Samba no longer includes a local copy of zlib in our source tarball. By removing this we do not need to ship (even where we did not build) the old, broken zip encryption code found there.
For complete updates, please see the release notes.
