Samba 4.10 : Evolution and new features
Samba Active Directory: a viable alternative to NT4 protocol
Samba version 4.0 implements the functions of an Active Directory domain controller. From then on, it becomes possible to leave the NT4 identification and authentication protocol for a truly viable alternative. In addition, Samba 4.0 is able to meet the security requirements of organizations, where the NT4 protocol is struggling to reach the expected level. With this new version of Samba, Windows 2000 and later customers can join the domain and benefit from the services provided by the domain controller:
- DNS internal of relying on Blind-DLZ
- Kerberos PAC
In addition, Samba 22.214.171.124 implements Python-coded interfaces to act on the core business logic historically encoded in C / C++.
What to choose between Active Directory, Workgroup or NT4 protocol? Discover our recommendations!
Samba 4.1.0: AD domain controller and SMB protocol
Developers are taking advantage of the release of Samba 4.1.0 to expand the tools for customers of an AD domain controller. With this new version, Samba uses the SMBv2 and SMBv3 protocols for authentication. It then becomes possible to abandon the SMBv1 protocol (for higher versions) which does not provide sufficient security against threats such as ransomware. Replications between domain controllers are also improved in this version.
Samba AD: File service and AD domain controller
Starting with Samba AD version 4.2.0, the development team will make improvements in file services, software operation and security, as well as domain controller performance. The end of Samba3 support is announced with version 4.2.0, which still supports the NT4 identification and authentication protocol.
Here is a brief summary of what you may have missed between version 4.2.0 and Samba 4.10. For the more adventurous, you will find a detailed listing of each release of Samba in our documentation.
- Access to Shadow Copy files hosted on a share, allowing you to revert to saved versions of the file sharing tree.
- SMB 126.96.36.199 support, standard file exchange protocol that appeared with Windows 10.
- VirusFilter module support that integrates with Sophos, F-Secure and ClamAV antivirus to provide filtering functions on the file server.
- Encryption of RPC exchanges between domain controllers, avoiding MITM attacks.
- Improved overall password management strategy.
- Improved KCC, a mechanism that allows the controller to map the replication topology for operation with a large network.
- Improved deletion of defective domain controller.
- Last Login / Last Logoff support.
- Improved replication and DNS performance.
- Default disabling of NTLMv1 for any new implementation of the domain controller to handle increasing ransomware attacks.
- Restriction of the range of ports used by the MS-RPC service.
- Encryption of sensitive data on disk.
- Differentiation of password policies between users and user groups.
- Set up audit of Active Directory events (login, adding AD elements…).
- Added a script in smb.conf allowing to choose the complexity of passwords, functional on Windows client machines.
- Improved KCC to optimize replication topology based on latencies and network speeds.
- Creation of an Active Directory recycle bin to recover objects deleted after a bad manipulation.
- Read-only domain controller (RODC) support to allow sites that do not have sufficient physical security to have a DC that only replicates users’ passwords.
- General improvement in the functioning of approval relationships.
- Implementation of Automatic Site Coverage to allow computers on a site without a domain controller to connect to the nearest domain controller.
- LMDB database support for domains with more than 100,000 objects (users, groups, computers, etc.).
What’s new in Samba 4.10
Samba 4.10 brings its share of new features and various fixes (as any good update should). We let you watch the official Samba changelog if you are not afraid of English. On our side, here are the new features that caught our eye:
- Possibility to export the GPOs of a domain in a generalized XML file allowing the backup of partial GPOs.
- The “samba-tool domain backup” command now has an “offline” command to perform an offline backup in a secure way.
- Samba 4.10 fully supports Python 3 (now used by default). Samba 4.10 will be the latest version to support Python 2.
- New audit events are also at the heart of Samba 4.10’s new features. Authentication messages now contain the Windows event ID number and user name.
And that’s the end of our time getaway through the different versions of Samba! But don’t be sad, it doesn’t mean it’s the end of our journey! Indeed, you can discover our participation in the financing of Samba through an article to complete this one. You can always count on us to tell you about the new features of Samba Active Directory!
Moreover, now that you are unbeatable on the history and features of Samba Active Directory, what is stopping you from trying it? Lack of time? The fear of not being able to do it? None of this between us! Now you know a great company to support you in your migration and others training. So drop your license fees on the side and let’s go back to Active Directory together on Samba AD !
Do you have an Active Directory project? Share it with us!
Happy at Work LabelFor the first time this year, Tranquil IT wanted to try to obtain the label" Happy at Work". The label was set up by the site best-companies.com / Choosemycompany. It is given to companies whose employees feel happy and fulfilled at work. Each...
In previous articles, we have presented you in detail the story of Samba Active Directory. From its evolution towards Active Directory to the new features of Samba 4.10, we didn't forget any details... Or almost! Indeed, the history of Samba Active Directory cannot be...
At the beginning of April 2019, the ITES (Innovation Technology European Summit) took place in Deauville. Organized by the CRIP (Club of IT Infrastructure and Production Managers) since 2013, the event brings together the various players in the IT eco-system with...