This is the latest stable release of the Samba 3.5 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.5.5 is also available. See the release notes for more info.

Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above.

Samba4 alpha13 follows on from the alpha release series we have been publishing since September 2007. Because various tarballs have been published claiming to be alpha 12 or following on from alpha 12 we have decided to call this release alpha 13, to prevent any possible confusion.

Samba 4 is currently not yet in a state where it is usable in production environments. Note the WARNINGS section in the WHATSNEW file, which aims to document what should and should not work.

The uncompressed tarball and patch files have been signed using Jelmer Vernooij's GnuPG keys (ID 1EEF5276 and D729A457). The source code can be downloaded now. See the announcement on the mailing list for more information.

This is a security release to address CVE-2010-3069 (Buffer Overrun Vulnerability). Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2010-3069 (Buffer Overrun Vulnerability). Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2010-3069 (Buffer Overrun Vulnerability). Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

Samba 3.6.0pre1 is available for download. This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.

The Samba 3.6.0pre1 source code can be downloaded now. The GnuPG signature is for the uncompressed tarball. Precompiled packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest stable release of the Samba 3.5 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.5.3 is also available. See the release notes for more info.

This is a security release to address CVE-2010-2063. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

Web sites, Conferences and Coding

"It takes nine months to create a Samba release, no matter how many engineers are working on it"

Check out the new look, updated Samba.org web site - complete with new logo ! We really like it as it meant we had an excuse to get new Samba Team t-shirts, and stickers for our laptops. Thanks to SerNet for taking care of our new 21st Century look.

We recently held SambaXP - our annual get-together in Göttingen, Germany, as usual hosted very capably by SerNet.

Many presentations were listened to, meetings were had, and fine German beer was drunk. Our friends the Microsoft SMB/SMB2 engineers attended again this year, and Tom Talpey from Microsoft announced a new project to design UNIX extensions for the SMB2 protocol. It will be hosted by Team member Chris Hertel's company, ubiqx Consulting, at http://unixsmb2.org.

The slides from all the presentations will be available at http://sambaxp.org shortly. If you didn't go, we missed you - and you should certainly make an effort to be there next year !

We are still making great strides on Samba4, and creator of Samba Dr. Andrew Tridgell from IBM (just to be formal for once. Everyone still just calls him "tridge" :-) demonstrated two-way replication between a Microsoft Active Directory domain, and a Samba4 Domain. There is still much work to be done on the AD domain controller code, but we're starting to see the light at the end of the tunnel in getting to a "stable" 4.0 release. Maybe by SambaXP next year we'll have an exciting new announcement to make.

In a Team meeting and after consultations with OEM's and Linux distributions we decided to move to a nine month period between major Samba releases instead of our previous six month release cycle. The strain of keeping to the six monthly cycle was too great on the release process, and nine months should give us a better balance between having time for feature development and time for testing of the Samba production release code.

Plans for the merging of the existing file server (smbd) and authentication daemon code (winbindd) with the Active Directory code (samba) were made, and tridge demonstrated Samba4 printing using the source3 print code for the first time.

Günther Deschner from Red Hat won the "code janitor of the year" award yet again, for his clean up of the old hand-marshalled RPC printing code, and was only just beaten to the post as the top code commit contributor into Samba by Stefan "the Machine" Metzmacher from SerNet.

John Terpstra of Primastasys announced the clean up of the Samba.org support page as part of the new look for the web site. John will be ensuring all companies offering Samba support on the site are kept up to date for users to contact. Thanks for looking after that John.

A couple of weeks after SambaXP Team members Chris Hertel (ubiqx), Steve French (IBM), Tim Prouty (Isilon) and Jeremy Allison (Google) met up at Microsoft to attend the Microsoft File Serving Plugfest. Lots of work on Samba's SMB2 implementation was done and tested with Microsoft's SMB2 test tools. Kerberos support was added, locking and oplock fixes went into the code. It is now feature complete and available for OEM's to begin testing SMB2-based products based on Samba. We'll move it out of "experimental" status by the 3.6.0 release, but after consultations with the Linux distributors won't turn on SMB2 by default until the release after to be a little conservative in changing the default file sharing code to a new protocol. Give us feedback on any bugs you find.

The rate of Samba development is picking up. Tridge showed a slide at SambaXP that illustrated how Samba has one of the highest change rates of any Free Software/Open Source project in the world, even surpassing the mighty Linux kernel in check-in rate. Sometimes it's like riding a dragon, but as everyone knows, dragon riding is really fun :-).

This is the latest stable release of the Samba 3.5 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.5.2 is also available. See the release notes for more info.

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest stable release of the Samba 3.5 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2010-0728. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2010-0728. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2010-0728. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the first stable release of the Samba 3.5 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.10 is also available. See the release notes for more info.

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the third release candidate of Samba 3.5.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/.

Plans are to ship the final 3.5.0 release on March 1 if there are no major issues with 3.5.0rc3. Please see Samba 3.5 Release Planning for more information on the current release schedule.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info. Binary packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the second release candidate of Samba 3.5.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/.

Plans are to ship the final 3.5.0 release on February 16 if there are no major issues with 3.5.0rc2. Please see Samba 3.5 Release Planning for more information on the current release schedule.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info. Binary packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.9 is also available. See the release notes for more info.

This is the first release candidate of Samba 3.5.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info. Binary packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

Getting to Samba 4

The Samba 4 code has been worked on for over five years, and the Active Directory code is reaching a state where it's being run in production at several test sites.

When the Samba Team met at the CIFS conference this year, we had a meeting to put together a plan for shipping a production Samba 4 code-base. Here's how we think it might work.

Currently, the Samba 3 file and print server and the Winbind identity mapping code are the backbone of the current Samba product. The Samba 3 Windows NT4 compatible Domain Controller works well, but is not as widely deployed as it used to be (there are few sites left that don't use Active Directory functionality).

So in brief, the plan is to merge the Samba 3 file server and winbindd code with the current Samba 4 Active Directory code, to produce a product that contains a production file and print server, identity mapping service, and Active Directory compatible Domain Controller. The file server is now fully cluster aware, with complete Windows semantics and is currently being extended to include the new SMB2 protocol and full Windows ACL support.

Obviously this will require quite a lot of merge work, but we believe this may be possible to achieve in 2010. The plan is to keep shipping updates to Samba 3 (the next release is 3.5.0, followed in six months by 3.6.0 and so on), whilst the merge work with the Samba 4 Active Directory code is done in the background. Once we feel we have a stable code-base we will release the merged code as the "production" Samba 4 tree.

This way people with an existing Samba 3 production product or sites will have a stable and predictable upgrade to the Samba 4 release. Our goal is to keep the code-base stable and minimize the impact of these changes on our users and vendors.

We'll probably end up renaming the component products as follows :

o        Samba 3 file and print server -> Samba file and print service.

o        Samba 3 winbindd -> Samba identity service.

o        Samba 4 Active Directory -> Samba Directory service.

Please give us feedback on these plans. After all, we're here to serve our users and customers. We think with this plan we should be able to please at least some of the people some of the time (if not everyone :-).

Once we have a merged code-base, we'll declare victory, ship Samba4 and have the biggest darn release party since Duke Nukem Forever shipped and revolutionized computer gaming ! :-).

Explaining Release Schedules

In talking to Samba users, customers and OEM's creating products based on Samba, I've realized that many people don't understand what our release schedules look like, or what versions of Samba we support.

Our current plans are to release a new "stable" version of Samba (a "dot release" after the 3) every six months. This goal is to be predictable, in the same way that Linux distribution release cycles are predictable. The number after the second dot is the minor (bugfix) release of that six monthly cycle.

So for example, our current "stable" version of Samba is 3.4.3 - this is the third minor bugfix release of the six-monthly release 3.4.0. We're ironing out the final show stopper bugs in 3.4.4 and are hoping to release the fourth bugfix release soon.

At the same time we also maintain bug fix (minor) releases of the previous "stable" version of Samba. This is currently 3.3.9 (3.3 was the six monthly release of the last cycle, and there have been nine minor bug fix releases of this code).

These versions shouldn't be thought of a major new revisions of the Samba code (that'll come in Samba 4), but as a continuing release stream, with the new features and bug fixes that are developed being stabilized for production use every six months.

Earlier versions of Samba (the 3.2.x code stream, currently at 3.2.15) are now in security update only, no new bug fixes or enhancements added, we are just fixing security bugs reported.

Samba 3.0.x is now officially deprecated, and no new security updates will be provided by the Samba Team. Note that vendors who have this version in their distributions have different long-term maintenance policies, and we are happy to work with them on maintaining these older versions, but no new "official" Samba Team releases will be done for this codebase. If you have products based on these older versions, and need security help or have discovered a security issue, please contact us and we'll work with you to help you identify back ports for any fixes you might need.

Our release planning schedules are available on the web here:

http://wiki.samba.org/index.php/Samba3_Release_Planning

Hopefully this makes our release schedules and policies much clearer, and leads nicely into our next topic..

Working with Samba in your product

Samba is used in a great number of file server products shipped by many companies around the world. The Samba Team loves this. In fact it's one of our great points of pride in our code that it's so widely embedded in different vendors products.

If you're using Samba in your product, or even just *thinking* of using Samba in your product - PLEASE CONTACT US ! We don't bite, and our goal is to make Samba more useful to you and help it work better for you and your business.

Whilst we are Free Software advocates ourselves, we won't preach at you to release any of your proprietary code that isn't part of changes to Samba, and we already work with many vendors of proprietary code to make Samba work better for their particular platform or product (many of the Samba Team make our living this way).

If you work with us, you will get bug fixes for free, advice on architecture and performance help and many other advantages that the people who wrote the code can offer, simply at the cost of reaching out and sending us an email. Working closely with us also means that changes you need for your product will get merged into the mainline codebase, saving you the expense of having to keep a separate series of patches that has to be merged when you upgrade to a new release. Many of your Samba using competitors are already doing so and getting this service - don't miss out !

Many of the Samba Team members have a lot of experience in implementing Samba in high availability, high scalability, and complex network environments. By working with us you help support everyone who works within the Samba community and also help keep the Samba code flexible, efficient and customizable to your needs.

Send an initial contact email to Jeremy Allison (jra@samba.org) and I'll work with you on finding the right Samba Team member to help you out with any issues or help you might need.

Clustered Samba

In the three months since the last team blog entry, there has been a lot of development activity in the area of the clustered Samba server. Clustered Samba here refers to the coupling of Samba with CTDB, the clustered implementation of TDB, the "Trivial DataBase" of Samba, which is Samba's cluster manager.

Several internal subsystems of CTDB have been reworked. For example Ronnie Sahlberg and Wolfgang Mueller-Fried have greatly reduced the CPU used by CTDB. Stefan Metzmacher (Metze) and Rusty Russell changed the startup and monitoring mechanisms to improve reliability. Finally Ronnie, Martin Schwenke and Michael Adam have improved CTDB's test suite and logging code.

Many lessons have been learned from increased testing and deployment: Priorities have been added to the databases in order to prevent deadlocks. Volker Lendecke improved CTDB's monitoring of Winbind to reduce timeouts. Michael and Metze have gone through continued pains to debug the persistent TDB transaction code and fix a lot of race conditions. Finally, Volker and Michael have re-implemented persistent transactions using a new global lock feature that constitutes the long desired global transaction state.

If you want to produce a clustered version of a CIFS file server, check out clustered Samba - it really is the only proven working product out there !

New Protocol : SMB2

With Windows 7 Microsoft have introduce a new variant of the CIFS protocol, SMB2. Samba is keeping pace, with a sample implementation of SMB2 which will be released for early adopters to test in Samba 3.5.0. A fully finished production version is expected to be available in Samba 3.6.0. Testing SMB2 in Samba 3.5.0 is as simple as setting :

max protocol = SMB2

in the [global] section of your smb.conf. Be warned this is still test code (for example kerberos support is not yet integrated) but should give you a taste of what is to come.

Samba and Windows 7

So you moved early to Windows 7. How brave of you :-). Samba 3.3.x and 3.4.x work well with Windows 7. Any known issues are posted and updated here :

http://wiki.samba.org/index.php/Windows7

Which will currently tell you how to configure a Windows 7 client to work with a Samba NT-style domain controller.

Happy file sharing !

The Samba Team

IBM's resource for developers and IT professionals developerWorks nominates Samba on the second position of the 10 important Linux developments everyone should know about.

Samba 3.5.0pre2 is available for download. This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.

The Samba 3.5.0pre2 source code can be downloaded now. The GnuPG signature is for the uncompressed tarball. Precompiled packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

Samba 3.5.0pre1 is available for download. This is a preview of the next upgrade production release version of Samba. It is intended for testing purposes only. Please test and report any bugs that you find. Please read the changes in the Release Notes for details on new features and difference in behavior from previous releases.

The Samba 3.5.0pre1 source code can be downloaded now. The GnuPG signature is for the uncompressed tarball. Precompiled packages will be made available on a volunteer basis and can be found in the Binary_Packages download area.

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.8 is also available. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is a security release to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Patches for all current releases are available on our security page.

Please note that the 3.0 is not maintained any longer. This security release is shipped on a voluntary basis.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

The Team attended the Storage Network Industry Association plugfest last week

If you haven't been to one, a plugfest is a technical event where engineers from many different companies get together and participate in fixing bugs, working together and making our systems interoperate.

The highlights from the plugfest for the Team were:

o        Adding two new Samba Team members, Nadezhda Ivanova and Anatoliy Atanasov from Cisco. A warm welcome to both of them !

o         Watching Tridge and Andrew Bartlett demonstrate Active Directory replication to a Windows AD server.

o        Wondering why a trace looked so strange when tracking down a Samba bug, only to realize the test was running to the Samba server using Stefan Metzmacher's new SMB2 server code ! The SMB2 server code looks like it might be ready to test in production environments for Samba 3.5.0, due later this year. Watch this space for more details.

o        Watching a presentation by a major vendor only to find that the product was based on Samba underneath the covers.

Lots of coffee was drunk, code was fixed and a good time was had by all ! No one got much sleep though.

There were lots of code changes committed during the week. Plugfests are the time we tend to write large amounts of code, as we have the capability to test the changes quickly with other implementations and get immediate test results from the other participants.

Here are some of the code and presentation highlights:

o        Volker showed how to get more than 700MB/sec from Samba using smbclient and a modern Samba server, which shows what you can really do when you understand the protocol thoroughly and don't feel you have to invent a new one (SMB2 :-).

o        Stefan Metzmacher started working on our AES crypto support working (AES HMAC-SHA256) and the netlogon secure channel code (with the help of some Microsoft engineers).

o        Guenther Deschner worked on the NETLOGON credential chain code to prepare for Samba to have a shared AES crypto codebase to support the new security levels that are used by Windows 7 and Windows 2008 R2. Once we resolve the remaining crypto problems, Samba will fully support AES against Windows. He got two-way interdomain trust support with Windows 2008 (and Windows 2008 R2) working.

o        Stefan and Tridge started creating code for our NDR64 (64-bit RPC) support.

o        Kai Blin demonstrated running an Samba Active Directory domain controller running on a 500MHz ARM box with 128 MB of RAM. Testing shows that compared to a 2.8GHz x86 box, the ARM performs the same operations at around 20% - 50% of the speed, while consuming only 4% of the power used by the PC. This will allow small embedded devices to work as local DCs for applications where performance isn't too critical.

o        Steven Danneman explained a method of achieving an 8x performance increase accessing a Samba server from a Microsoft IIS web server. This was accomplished using a simple ISAPI filter application installed on the IIS server. Steven has also been actively porting existing SMB torture tests to their SMB2 equivalents, allowing us to fully test Stefan's new SMB2 server code.

o        Chris Hertel's Microsoft documentation work is proceeding nicely, Microsoft will be releasing the new [MS-CIFS] document to the public any day now. [MS-CIFS] is the long-awaited completion of the old Leach/Naik IETF CIFS draft specification, which was last updated in 1997. A preview copy is available at:

http://msdn.microsoft.com/en-us/library/ee230215.aspx

Some of the Team went on to visit Microsoft for a week in order to participate in Microsoft's Active Directory Plugfest, a report from this event will follow shortly.

Jeremy went to Portland for the LinuxFoundation conference and ended up being replaced as quiz show host by none other than Steve Ballmer of Microsoft (well they've always been old friends :-). Pictures available here.

Linux Kernel client news from Steve French and Jeff Layton

In the Linux kernel cifs vfs, we have merged 17 patches since 2.6.31 came out, including a rewrite of the oplock handling to close some race conditions, and fixing cifsfs so it can work through SSH tunnels. Work continues on the kernel SMB2 code, about 1/4 of the file operations are currently working.

Samba users tip

Let us know if you have written a troubleshooting tip for Samba and we'll try to include the best ones in this blog !

Happy file sharing !

The Samba Team

This is the latest stable release of the Samba 3.4 series.

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. See the release notes for more info.

This is the last bug fix release for Samba 3.2. The uncompressed tarball and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.2.13 is also available. See the release notes for more info.

Welcome to the Samba Team blog.

Starting today, we're going to try and create semi-regular updates on what is going on in the fast moving world of Samba development, what we're all up to, and where the code is going in the future. This will be a technical blog, with details on the internal changes in Samba code. We hope you enjoy it !

Firstly, we now have a Samba Team member working at Microsoft ! Congratulations to Chris Hertel, who was offered an opportunity to work directly with Microsoft to create a new set of SMB/CIFS protocol documentation. This will be published as part of the MCPP/WSPP set and made freely available from Microsoft's website.

This is the first Microsoft-sponsored SMB/CIFS documentation to be made available without restrictions since the 1997 IETF draft specifications. The first new document, [MS-CIFS], covers the SMB protocol as implemented in Windows NT. It is almost 500 pages at present, and is just entering the review and markup stage. It should be available in a few months.

Volker Lendecke has been re-writing winbind, making it asynchronous. Here are the details:

In ancient days, winbind was just a single process. Later on came a separate deamon to update a cache, so that the main code paths in winbind would not be blocked by slow domain controllers or the network being slow to enumerate thousands of users. In an environment where winbind has to authenticate thousands of users from all over the world this can become a bit slow. So with 3.0.20, winbind was turned into a multi-process daemon. One asynchronous main daemon that in good Unix tradition is supported by several helper processes. This architecture made winbind asynchronous for all important code paths. In particular Windows clients logging into a Samba server running winbind could not block winbind from replying to other requests.

In subsequent years, this clear architecture was blurred a bit. It turned out that the architecture of winbind was not as easy to extend as everyone would have liked, so for later extensions to winbind many of the nice asynchronous code paths have become blocking again. This is not a real problem in a small installation, but for scalability this is bad. As of July 31, we laid the groundwork to make a fully async winbind a lot easier to achieve and program than it used to be: The Samba3 RPC client libraries have become asynchronous, thanks to great work by Stefan Metzmacher. Volker checked in code to make the winbind parent->child communication completely based on an IDL file and auto-generated RPC client/server stubs. This will lead to a much, much more scalable winbind soon.

o Michael Adam is working on the design of transactions in clustered Samba's CTDB database code. He's been re-factoring and re-writing the code to ensure we only access the persistent databases through the proper transaction layer.

o Jeremy Allison has been working on a particularly intransigent bug when a certain version of Excel is used on Vista with Offline file capabilities. Read more about the details here.

o Kai Blin has been working on adding internationalization to Samba's "net" command, to enable this to be used in the native language of system administrators. This is hard, unglamourous but very necessary work, so a big thanks to Kai for taking this on.

o Stefan Metzmacher (Metze) has been working on adding SMB2 support into the Samba3 fileserver. Only directory listings left to do !

o Bo Yang has been fixing authentication bugs in winbind and working on the correctness of dynamic permissions detection in the share mode database.

Samba4 has picked up a cracking pace in the past 6 weeks, with new features, new bug fixes and new developers.

The biggest change over the past few months is that Samba4 now attempts to emulate a Windows 2008 domain. This brings in new complications in Kerberos, but also a new clarity about the features we are aiming to support, and what we must compare ourselves against.

We have also seen a restart of the lively discussion between Samba developers and Microsoft, chiefly around interoperability issues between Samba4 domains an windows 2008 servers. Matthieu Patou (our Russian connection in Samba4 development, and sysadmin for our secret Russian production site) has found and fixed some very interesting bugs. A misplaced 0 or the PAC in the wrong position in a list can have big consequences in the world of AD interop!

Matthieu has also been at work with Wireshark, producing a decryption plugin for Netlogon SCHANNEL and NTLM, using a keytab.

Andrew Bartlett has been hard at work in the land of Kerberos, producing a new tool 'net export keytab' to produce the keytab input used by wireshark. He has also been working to chase the 'make test' back to passing, as well as numerous other small changes to keep others moving.

Andrew has also been working with the NTP community to integrate the patches for MS-SNTP authenticated time.

Matthias Dieter Wallnöfer has been hard at work on what should have been a very simple RPC call - the NetLogon LogonGetDomainInformations call looks like a simple query for a bit of info about the primary domain, but instead turns out to be really 'update computer OS version, service principal names and dnsHostName in the domain'. Matthias rose to the challenge, asking Microsoft for clarification and producing a client test suite to prove it's correctness.

Matthias also does a great job maintaining the Samba4 section of our Bugzilla, and is now a proud member of the Samba Team.

Nadezhda Ivanova and Zahari Zahariev are less dominant in the Samba4 commit logs, but this is because they have taken on the massive task of implementing AD compatible access control lists in Samba4. Their work and testing continues, and rumour has it that pending some final explanations, they will have patches landing shortly.

Anatoliy Atanasov continues to bash his head against the brick wall known as AD replication, but hopes to make some progress soon. With his work, and the groundwork by Metze, two-way Samba4 <-> Samba4 and Samba4 <-> AD replication will be possible.

Steve French and Jeff Layton have been working hard on the CIFS kernel client. The upcoming Linux kernel version 2.6.31 will include more than 50 CIFS patches which improve both performance and stability. Among the most recent patches is one that fixes sendfile, which was noticed by the Apache community when the Apache server was running over CIFS. The POSIX open and create code have significantly sped up these operations to Samba servers. Steve is working with Pavel on the new SMB2 kernel client, now that they are past the session establishment code, they are now working on the inode handling code which needs to be ported and updated to handle SMB2 semantics.

Finally, with an appropriate quotation from Bertolt Brecht, Karolin Seeger, our hard working and long suffering release manager, released the final version of the Samba 3.0.x series - Samba 3.0.36. This is the FINAL release of Samba 3.0, no more fixes, enhancements or security updates will be available. If you haven't already moved to a later version of Samba, this should be your wake up call :-).

Thanks for reading and don't forget you can contact all the Team on the samba@samba.org and samba-technical@samba.org lists. Don't be shy, we love to hear from you all :-).

This is the latest bug fix release for Samba 3.0 series. The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.0.35 is also available. See the release notes for more info.

Please note that this is the last release of the Samba 3.0 series. For more information on current Samba versions, please see Release Planning.

This is the latest stable release of the Samba 3.3 series

The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded now. A patch against Samba 3.3.7 is also available. See the release notes for more info.