The Samba Team has released Samba version 4.21.7, the latest stable version in the 4.21 series. This update includes significant enhancements to the Microsoft RPC Netlogon protocol, aimed at improving security through stricter access checks for RPC requests. Specifically, this update may affect Samba installations configured as member servers in Windows Active Directory (AD) domains that utilize the 'ad' idmapping backend. Following an upcoming Microsoft security update scheduled for July 8, 2023, these configurations will not operate correctly, rendering users unable to connect to the SMB service provided by Samba for any domain using the affected idmapping backend.
Windows Server versions prior to 2025 will receive the changes, which have already been implemented in Windows Server 2025. The update will extend these security enhancements down to Windows Server 2008.
- Bug 15876: Enhancements to Windows security hardening, which could result in issues with schannel'ed netlogon domain controller calls.
- Bug 15680: Fix for problems related to trust domains not being created.
- Bug 15869: Adjustments to prevent excessive startup messages from RPC daemons filling the log files.
In summary, Samba 4.21.7 introduces important security enhancements that require user awareness and potential configuration changes, particularly for those operating in Windows AD environments. Users are advised to stay updated on both Samba and Microsoft developments to ensure seamless operation
Windows Server versions prior to 2025 will receive the changes, which have already been implemented in Windows Server 2025. The update will extend these security enhancements down to Windows Server 2008.
Key Changes in Samba 4.21.7
The release addresses several bugs, specifically:- Bug 15876: Enhancements to Windows security hardening, which could result in issues with schannel'ed netlogon domain controller calls.
- Bug 15680: Fix for problems related to trust domains not being created.
- Bug 15869: Adjustments to prevent excessive startup messages from RPC daemons filling the log files.
Reporting and Discussion
Users are encouraged to discuss this release on the samba-technical mailing list or through IRC and Matrix channels. Feedback is crucial for effective bug tracking, and users are urged to provide detailed reports when submitting issues.Download Information
The new version can be downloaded from Samba’s official site, with the source code available as uncompressed tarballs and patch files signed with GnuPG. The release notes detailing changes and improvements are also accessible online.Additional Context
As organizations increasingly rely on Samba for file sharing and domain services in mixed environments, maintaining compatibility with Microsoft updates is crucial. Users should prepare for the upcoming changes and ensure their Samba installations are properly configured to avoid service disruptions.In summary, Samba 4.21.7 introduces important security enhancements that require user awareness and potential configuration changes, particularly for those operating in Windows AD environments. Users are advised to stay updated on both Samba and Microsoft developments to ensure seamless operation
Samba 4.21.7 released
The Samba Team has announced the release of Samba 4.21.7, the most recent stable version in the Samba 4.21 series. The update introduces a modification to the Microsoft RPC Netlogon protocol, enhancing security through stricter access checks for RPC requests. If you set up Samba installations functioning as member servers within Windows AD domains to utilize the 'ad' idmapping backend, the update will impact them. The current versions of Samba configured in the affected manner will cease to operate correctly following the application of the Microsoft update.
