This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.8 is also available. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

Please note that the 3.0 is not maintained any longer. This security release is shipped on a voluntary basis.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

The Team attended the Storage Network Industry Association plugfest last week

If you haven't been to one, a plugfest is a technical event where engineers from many different companies get together and participate in fixing bugs, working together and making our systems interoperate.

The highlights from the plugfest for the Team were:

o        Adding two new Samba Team members, Nadezhda Ivanova and Anatoliy Atanasov from Cisco. A warm welcome to both of them !

o         Watching Tridge and Andrew Bartlett demonstrate Active Directory replication to a Windows AD server.

o        Wondering why a trace looked so strange when tracking down a Samba bug, only to realize the test was running to the Samba server using Stefan Metzmacher's new SMB2 server code ! The SMB2 server code looks like it might be ready to test in production environments for Samba 3.5.0, due later this year. Watch this space for more details.

o        Watching a presentation by a major vendor only to find that the product was based on Samba underneath the covers.

Lots of coffee was drunk, code was fixed and a good time was had by all ! No one got much sleep though.

There were lots of code changes committed during the week. Plugfests are the time we tend to write large amounts of code, as we have the capability to test the changes quickly with other implementations and get immediate test results from the other participants.

Here are some of the code and presentation highlights:

o        Volker showed how to get more than 700MB/sec from Samba using smbclient and a modern Samba server, which shows what you can really do when you understand the protocol thoroughly and don't feel you have to invent a new one (SMB2 :-).

o        Stefan Metzmacher started working on our AES crypto support working (AES HMAC-SHA256) and the netlogon secure channel code (with the help of some Microsoft engineers).

o        Guenther Deschner worked on the NETLOGON credential chain code to prepare for Samba to have a shared AES crypto codebase to support the new security levels that are used by Windows 7 and Windows 2008 R2. Once we resolve the remaining crypto problems, Samba will fully support AES against Windows. He got two-way interdomain trust support with Windows 2008 (and Windows 2008 R2) working.

o        Stefan and Tridge started creating code for our NDR64 (64-bit RPC) support.

o        Kai Blin demonstrated running an Samba Active Directory domain controller running on a 500MHz ARM box with 128 MB of RAM. Testing shows that compared to a 2.8GHz x86 box, the ARM performs the same operations at around 20% - 50% of the speed, while consuming only 4% of the power used by the PC. This will allow small embedded devices to work as local DCs for applications where performance isn't too critical.

o        Steven Danneman explained a method of achieving an 8x performance increase accessing a Samba server from a Microsoft IIS web server. This was accomplished using a simple ISAPI filter application installed on the IIS server. Steven has also been actively porting existing SMB torture tests to their SMB2 equivalents, allowing us to fully test Stefan's new SMB2 server code.

o        Chris Hertel's Microsoft documentation work is proceeding nicely, Microsoft will be releasing the new [MS-CIFS] document to the public any day now. [MS-CIFS] is the long-awaited completion of the old Leach/Naik IETF CIFS draft specification, which was last updated in 1997. A preview copy is available at:

http://msdn.microsoft.com/en-us/library/ee230215.aspx

Some of the Team went on to visit Microsoft for a week in order to participate in Microsoft's Active Directory Plugfest, a report from this event will follow shortly.

Jeremy went to Portland for the LinuxFoundation conference and ended up being replaced as quiz show host by none other than Steve Ballmer of Microsoft (well they've always been old friends :-). Pictures available here.

Linux Kernel client news from Steve French and Jeff Layton

In the Linux kernel cifs vfs, we have merged 17 patches since 2.6.31 came out, including a rewrite of the oplock handling to close some race conditions, and fixing cifsfs so it can work through SSH tunnels. Work continues on the kernel SMB2 code, about 1/4 of the file operations are currently working.

Samba users tip

Let us know if you have written a troubleshooting tip for Samba and we'll try to include the best ones in this blog !

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the last bug fix release for Samba 3.2. The uncompressed tarball and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.13 is also available. See the release notes for more info.

Welcome to the Samba Team blog.

Starting today, we're going to try and create semi-regular updates on what is going on in the fast moving world of Samba development, what we're all up to, and where the code is going in the future. This will be a technical blog, with details on the internal changes in Samba code. We hope you enjoy it !

Firstly, we now have a Samba Team member working at Microsoft ! Congratulations to Chris Hertel, who was offered an opportunity to work directly with Microsoft to create a new set of SMB/CIFS protocol documentation. This will be published as part of the MCPP/WSPP set and made freely available from Microsoft's website.

This is the first Microsoft-sponsored SMB/CIFS documentation to be made available without restrictions since the 1997 IETF draft specifications. The first new document, [MS-CIFS], covers the SMB protocol as implemented in Windows NT. It is almost 500 pages at present, and is just entering the review and markup stage. It should be available in a few months.

Volker Lendecke has been re-writing winbind, making it asynchronous. Here are the details:

In ancient days, winbind was just a single process. Later on came a separate deamon to update a cache, so that the main code paths in winbind would not be blocked by slow domain controllers or the network being slow to enumerate thousands of users. In an environment where winbind has to authenticate thousands of users from all over the world this can become a bit slow. So with 3.0.20, winbind was turned into a multi-process daemon. One asynchronous main daemon that in good Unix tradition is supported by several helper processes. This architecture made winbind asynchronous for all important code paths. In particular Windows clients logging into a Samba server running winbind could not block winbind from replying to other requests.

In subsequent years, this clear architecture was blurred a bit. It turned out that the architecture of winbind was not as easy to extend as everyone would have liked, so for later extensions to winbind many of the nice asynchronous code paths have become blocking again. This is not a real problem in a small installation, but for scalability this is bad. As of July 31, we laid the groundwork to make a fully async winbind a lot easier to achieve and program than it used to be: The Samba3 RPC client libraries have become asynchronous, thanks to great work by Stefan Metzmacher. Volker checked in code to make the winbind parent->child communication completely based on an IDL file and auto-generated RPC client/server stubs. This will lead to a much, much more scalable winbind soon.

o Michael Adam is working on the design of transactions in clustered Samba's CTDB database code. He's been re-factoring and re-writing the code to ensure we only access the persistent databases through the proper transaction layer.

o Jeremy Allison has been working on a particularly intransigent bug when a certain version of Excel is used on Vista with Offline file capabilities. Read more about the details here.

o Kai Blin has been working on adding internationalization to Samba's "net" command, to enable this to be used in the native language of system administrators. This is hard, unglamourous but very necessary work, so a big thanks to Kai for taking this on.

o Stefan Metzmacher (Metze) has been working on adding SMB2 support into the Samba3 fileserver. Only directory listings left to do !

o Bo Yang has been fixing authentication bugs in winbind and working on the correctness of dynamic permissions detection in the share mode database.

Samba4 has picked up a cracking pace in the past 6 weeks, with new features, new bug fixes and new developers.

The biggest change over the past few months is that Samba4 now attempts to emulate a Windows 2008 domain. This brings in new complications in Kerberos, but also a new clarity about the features we are aiming to support, and what we must compare ourselves against.

We have also seen a restart of the lively discussion between Samba developers and Microsoft, chiefly around interoperability issues between Samba4 domains an windows 2008 servers. Matthieu Patou (our Russian connection in Samba4 development, and sysadmin for our secret Russian production site) has found and fixed some very interesting bugs. A misplaced 0 or the PAC in the wrong position in a list can have big consequences in the world of AD interop!

Matthieu has also been at work with Wireshark, producing a decryption plugin for Netlogon SCHANNEL and NTLM, using a keytab.

Andrew Bartlett has been hard at work in the land of Kerberos, producing a new tool 'net export keytab' to produce the keytab input used by wireshark. He has also been working to chase the 'make test' back to passing, as well as numerous other small changes to keep others moving.

Andrew has also been working with the NTP community to integrate the patches for MS-SNTP authenticated time.

Matthias Dieter Wallnöfer has been hard at work on what should have been a very simple RPC call - the NetLogon LogonGetDomainInformations call looks like a simple query for a bit of info about the primary domain, but instead turns out to be really 'update computer OS version, service principal names and dnsHostName in the domain'. Matthias rose to the challenge, asking Microsoft for clarification and producing a client test suite to prove it's correctness.

Matthias also does a great job maintaining the Samba4 section of our Bugzilla, and is now a proud member of the Samba Team.

Nadezhda Ivanova and Zahari Zahariev are less dominant in the Samba4 commit logs, but this is because they have taken on the massive task of implementing AD compatible access control lists in Samba4. Their work and testing continues, and rumour has it that pending some final explanations, they will have patches landing shortly.

Anatoliy Atanasov continues to bash his head against the brick wall known as AD replication, but hopes to make some progress soon. With his work, and the groundwork by Metze, two-way Samba4 <-> Samba4 and Samba4 <-> AD replication will be possible.

Steve French and Jeff Layton have been working hard on the CIFS kernel client. The upcoming Linux kernel version 2.6.31 will include more than 50 CIFS patches which improve both performance and stability. Among the most recent patches is one that fixes sendfile, which was noticed by the Apache community when the Apache server was running over CIFS. The POSIX open and create code have significantly sped up these operations to Samba servers. Steve is working with Pavel on the new SMB2 kernel client, now that they are past the session establishment code, they are now working on the inode handling code which needs to be ported and updated to handle SMB2 semantics.

Finally, with an appropriate quotation from Bertolt Brecht, Karolin Seeger, our hard working and long suffering release manager, released the final version of the Samba 3.0.x series - Samba 3.0.36. This is the FINAL release of Samba 3.0, no more fixes, enhancements or security updates will be available. If you haven't already moved to a later version of Samba, this should be your wake up call :-).

Thanks for reading and don't forget you can contact all the Team on the samba@samba.org and samba-technical@samba.org lists. Don't be shy, we love to hear from you all :-).

This is the latest bug fix release for Samba 3.0 series. The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.0.35 is also available. See the release notes for more info.

Please note that this is the last release of the Samba 3.0 series. For more information on current Samba versions, please see Release Planning.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.7 is also available. See the release notes for more info.

This is the first stable release of Samba 3.4.0.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-1888. The original advisory is available online. A patch for Samba 3.3.5 is available. This security advisory is applicable from Samba 3.0.31 to 3.3.5. Past security advisories are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-1886 and CVE-2009-1888. The original advisory for CVE-2009-1886 and original advisory for CVE-2009-1888 are available online. Patches for CVE-2009-1886 and CVE-2009-1888 are available for Samba 3.2.12. This security advisory is applicable from Samba 3.2.0 to 3.2.12. Past security advisories are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-1888. The original advisory is available online. A patch for Samba 3.0.34 is available. This security advisory is applicable from Samba 3.0.31 to 3.3.5. Past security advisories are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the first release candidate of Samba 3.4.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info. Binary packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.4 is also available. See the release notes for more info.

This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series. The uncompressed tarball and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.11 is also available. See the release notes for more info.

Samba 3.4.0pre2 is available for download. This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. The final 3.4.0 release is planned for July 1, 2009. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.

The Samba 3.4.0pre2 source code can be downloaded now. The GnuPG signature is for the uncompressed tarball. Precompiled packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

Samba 3.4.0pre1 is available for download. This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Our plan is to possibly have one more preview releases. The final 3.4.0 release is planned for July 1, 2009. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.

The Samba 3.4.0pre1 source code can be downloaded now. The GnuPG signature is for the uncompressed tarball. Precompiled packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.3 is also available. See the release notes for more info.

This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series. The uncompressed tarball and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.10 is also available. See the release notes for more info.

Samba Team members Volker Lendecke, Jeremy Allison, and Jim McDonough today released a personal statement in reaction to comments made by Krishna Ganugapati in an interview. The entire statement is reprinted below.

Samba and GUIs

Krishna Ganugapati recently in an interview pointed out that Samba has no GUI style tools. Krishna is probably referring to Samba's capability to be configured by editing the configuration in the smb.conf file.

• Even though command shell geeks may still prefer this method, the team addresses the main goal of Samba to provide seamless interoperability with Windows clients. So, in its best sense, the Microsoft Management Console is the GUI. We provide the RPC-based infrastructure for Windows administrators to configure Samba using the tools they are used to.

  Some of those RPC services were provided a couple of years ago by Centeris, now renamed to Likewise, the company Krishna is working for. Thanks for that, we hope there will be more contributions to Samba like that from Likewise in the future!

• Michael Adam has done great work to make the registry-based configuration happen. With Samba 3.2 and even more so with Samba 3.3 you can configure everything you can not do via the MMC with your well-known regedit.exe from Windows. This very well matches expectations of Windows administrators: The normal day-to-day administration is done via the MMC, and when it comes down to fine-tuning, you need to dive into the registry.

  For an introduction to the registry configuration, see Michael's paper, presented at the Linux Kongress 2008, published in the proceedings with ISBN 978-3-86541-300-0.

• Günther Deschner has developed a gtk-based utility to join a domain. Screenshots can be found on samba.org. This shipped with Samba 3.2.0 and can be compiled easily wherever the gtk libraries are available. See the slides of Günther's 2008 SambaXP talk.

We also take issue with Likewise's claim that pushing changes upstream into Samba is a challenge.

The Samba project has many corporate contributors who have found that working with the Open Source/Free Software Community is preferable to developing a parallel technology under their sole control. Companies such as IBM, HP, Intel, Apple, Red Hat, Novell, Isilon, Data Domain, ReadyNAS (now NetGear) and Veritas (now Symantec) have worked with the Samba Team to create a shared, compelling file, print and authentication service that can be used by everyone and is developed as a community of equals.

Volker Lendecke, Jeremy Allison, Jim McDonough, Lars Müller, Michael Adam and Günther Deschner
Samba Team

Updated: The signature on the original statement has been updated to include supporting signatures from Lars Müller, Michael Adam, and Günther Deschner.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series. The uncompressed tarball and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.9 is also available. This release fixes an issue which caused problems after updates in Samba 3.2.9. See the release notes for more info.

This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series. The uncompressed tarball and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.8 is also available. See the release notes for more info.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series. The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.7 is also available. See the release notes for more info.

This is the first stable release of Samba 3.3.0.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest bug fix release for Samba 3.0 and is the version recommended for all production Samba servers running this release series. The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.0.33 is also available. See the release notes for more info.

This is a security release to address CVE-2009-0022. The original advisory is available online. A patch for Samba 3.2.6 is available. This security advisory is applicable to releases from Samba 3.2.0 to 3.2.6. Past security advisories are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the second release candidate of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info. Binary packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running this release series. The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.5 is also available. See the release notes for more info.

This is the first release candidate of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info. Binary packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is a security release to address CVE-2008-4314. The original advisory is available online. A patch for Samba 3.2.4 is available. This security advisory is applicable to releases from Samba 3.0.29 to 3.2.4. Past security advisories are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2008-4314. The original advisory is available online. A patch for Samba 3.0.32 is available. This security advisory is applicable to releases from Samba 3.0.29 to 3.2.4. Past security advisories are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

Silicon.com has posted their top agenda setters for 2008. The Samba Team's Jeremy Allison came in at 43 on the list, 4 steps ahead of Facebook's Mark Zuckerberg, thereby increasing Jeremy's Web 2.0 street cred.

On a more serious note, Jeremy was listed for his work as an ambassador of the free software movement.

It's his work to remove the barriers to interoperability between these two worlds - a key piece in enabling Linux to become accepted in the enterprise - that earns Allison a spot on this year's Agenda Setters list.

Samba 3.3.0pre2 is available for download. This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Our plan is to possibly have one more preview release and move to the release candidate stage in September. The final 3.3.0 release is planned for December 15. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.

The Samba 3.3.0pre2 source code can be downloaded now. The GnuPG signature is for the for the uncompressed tarball. If you prefer, the large patch file against Samba 3.3.0pre1 (GnuPG signature) is also available for download. Please read these instructions on how to verify the gpg signature. Precompiled packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.