Samba 4.10 : Evolution and new features
Samba Active Directory: a viable alternative to NT4 protocol
Samba version 4.0 implements the functions of an Active Directory domain controller. From then on, it becomes possible to leave the NT4 identification and authentication protocol for a truly viable alternative. In addition, Samba 4.0 is able to meet the security requirements of organizations, where the NT4 protocol is struggling to reach the expected level. With this new version of Samba, Windows 2000 and later customers can join the domain and benefit from the services provided by the domain controller:
- DNS internal of relying on Blind-DLZ
- Kerberos PAC
In addition, Samba 126.96.36.199 implements Python-coded interfaces to act on the core business logic historically encoded in C / C++.
What to choose between Active Directory, Workgroup or NT4 protocol? Discover our recommendations!
Samba 4.1.0: AD domain controller and SMB protocol
Developers are taking advantage of the release of Samba 4.1.0 to expand the tools for customers of an AD domain controller. With this new version, Samba uses the SMBv2 and SMBv3 protocols for authentication. It then becomes possible to abandon the SMBv1 protocol (for higher versions) which does not provide sufficient security against threats such as ransomware. Replications between domain controllers are also improved in this version.
Samba AD: File service and AD domain controller
Starting with Samba AD version 4.2.0, the development team will make improvements in file services, software operation and security, as well as domain controller performance. The end of Samba3 support is announced with version 4.2.0, which still supports the NT4 identification and authentication protocol.
Here is a brief summary of what you may have missed between version 4.2.0 and Samba 4.10. For the more adventurous, you will find a detailed listing of each release of Samba in our documentation.
- Access to Shadow Copy files hosted on a share, allowing you to revert to saved versions of the file sharing tree.
- SMB 188.8.131.52 support, standard file exchange protocol that appeared with Windows 10.
- VirusFilter module support that integrates with Sophos, F-Secure and ClamAV antivirus to provide filtering functions on the file server.
- Encryption of RPC exchanges between domain controllers, avoiding MITM attacks.
- Improved overall password management strategy.
- Improved KCC, a mechanism that allows the controller to map the replication topology for operation with a large network.
- Improved deletion of defective domain controller.
- Last Login / Last Logoff support.
- Improved replication and DNS performance.
- Default disabling of NTLMv1 for any new implementation of the domain controller to handle increasing ransomware attacks.
- Restriction of the range of ports used by the MS-RPC service.
- Encryption of sensitive data on disk.
- Differentiation of password policies between users and user groups.
- Set up audit of Active Directory events (login, adding AD elements…).
- Added a script in smb.conf allowing to choose the complexity of passwords, functional on Windows client machines.
- Improved KCC to optimize replication topology based on latencies and network speeds.
- Creation of an Active Directory recycle bin to recover objects deleted after a bad manipulation.
- Read-only domain controller (RODC) support to allow sites that do not have sufficient physical security to have a DC that only replicates users’ passwords.
- General improvement in the functioning of approval relationships.
- Implementation of Automatic Site Coverage to allow computers on a site without a domain controller to connect to the nearest domain controller.
- LMDB database support for domains with more than 100,000 objects (users, groups, computers, etc.).
What’s new in Samba 4.10
Samba 4.10 brings its share of new features and various fixes (as any good update should). We let you watch the official Samba changelog if you are not afraid of English. On our side, here are the new features that caught our eye:
- Possibility to export the GPOs of a domain in a generalized XML file allowing the backup of partial GPOs.
- The “samba-tool domain backup” command now has an “offline” command to perform an offline backup in a secure way.
- Samba 4.10 fully supports Python 3 (now used by default). Samba 4.10 will be the latest version to support Python 2.
- New audit events are also at the heart of Samba 4.10’s new features. Authentication messages now contain the Windows event ID number and user name.
Also, now that you’re familiar with the history and features of Samba Active Directory, what’s stopping you from trying it? A lack of time? The fear of not being able to do it? Now you know a great company to support you in your migrations and other training. So drop your license fees and let’s go back to the Active Directory road together with Samba AD!
Do you have an Active Directory project? Share it with us!
In previous articles, we presented you in detail the story of Samba Active Directory. From its evolution in Active Directory to the new features of Samba 4.10, we didn't forget any details... Or almost! Indeed, the history of Samba Active Directory cannot be complete...read more
At the beginning of April 2019, the ITES (Innovation Technology European Summit) took place in Deauville. Organized by the CRIP (Club of IT Infrastructure and Production Managers) since 2013, the event brings together the various players in the IT eco-system with...read more
For almost 3 years, Amélie has been one of the few women employed at Tranquil IT, but she is above all the only woman in the company's technical support department. On the occasion of the 7th edition of the Digital Women's Day, meeting with Amélie, system...read more