Samba 4.22.3 Release Summary and Implications
The Samba Team has announced the release of Samba version 4.22.3, the latest stable update in the 4.22 release series. This version includes significant modifications to the Microsoft RPC Netlogon protocol, specifically enhancing access checks for certain RPC requests. Samba installations operating as member servers within Windows Active Directory (AD) domains will be affected, particularly those utilizing the 'ad' idmapping backend. Following an upcoming Microsoft security update, current versions of Samba configured in this manner may cease to function properly.
Key Updates and Changes:
1. Impact of Upcoming Microsoft Update:
- On July 8, Microsoft plans to implement a security update for Active Directory Domain Controllers on all Windows Server versions prior to 2025. This update includes critical security hardening that will affect Samba servers using the 'ad' idmapping backend.
- Windows Server 2025 already has these security measures in place, but the update will extend these requirements to older versions down to Windows Server 2008.
2. Affected User Base:
- Samba installations configured with the 'ad' idmapping backend will be unable to provide SMB services for domains after the Microsoft update. Users not utilizing this configuration will not be impacted and do not need to take any action.
3. Bug Fixes in 4.22.3:
- The release addresses several bugs, including:
- The inability of `samba-tool` to add users to groups with names exactly 16 characters long.
- Issues related to security hardening that locks out certain Netlogon calls.
- Startup messages from RPC daemons that clutter log files.
Community Engagement and Reporting:
Users are encouraged to discuss the release on the samba-technical mailing list or join the relevant matrix room or IRC channel. Feedback is vital for addressing any issues that arise, and bug reports should be filed in the Samba Bugzilla database.
Download and Support:
The uncompressed tarballs and patch files for Samba 4.22.3 are available for download on the Samba website, with the release notes providing additional context and information.
Conclusion:
As Samba 4.22.3 is rolled out, users, particularly those in mixed Windows and Samba environments, should prepare for the upcoming Microsoft update and ensure their configurations are compatible to avoid service disruptions.
For further details, users can visit the following links:
- [Download Samba 4.22.3](https://download.samba.org/pub/samba/stable/)
- [Release Notes for Samba 4.22.3](https://www.samba.org/samba/history/samba-4.22.3.html)
- [Samba Bugzilla](https://bugzilla.samba.org/)
Enjoy!
The Samba Tea
The Samba Team has announced the release of Samba version 4.22.3, the latest stable update in the 4.22 release series. This version includes significant modifications to the Microsoft RPC Netlogon protocol, specifically enhancing access checks for certain RPC requests. Samba installations operating as member servers within Windows Active Directory (AD) domains will be affected, particularly those utilizing the 'ad' idmapping backend. Following an upcoming Microsoft security update, current versions of Samba configured in this manner may cease to function properly.
Key Updates and Changes:
1. Impact of Upcoming Microsoft Update:
- On July 8, Microsoft plans to implement a security update for Active Directory Domain Controllers on all Windows Server versions prior to 2025. This update includes critical security hardening that will affect Samba servers using the 'ad' idmapping backend.
- Windows Server 2025 already has these security measures in place, but the update will extend these requirements to older versions down to Windows Server 2008.
2. Affected User Base:
- Samba installations configured with the 'ad' idmapping backend will be unable to provide SMB services for domains after the Microsoft update. Users not utilizing this configuration will not be impacted and do not need to take any action.
3. Bug Fixes in 4.22.3:
- The release addresses several bugs, including:
- The inability of `samba-tool` to add users to groups with names exactly 16 characters long.
- Issues related to security hardening that locks out certain Netlogon calls.
- Startup messages from RPC daemons that clutter log files.
Community Engagement and Reporting:
Users are encouraged to discuss the release on the samba-technical mailing list or join the relevant matrix room or IRC channel. Feedback is vital for addressing any issues that arise, and bug reports should be filed in the Samba Bugzilla database.
Download and Support:
The uncompressed tarballs and patch files for Samba 4.22.3 are available for download on the Samba website, with the release notes providing additional context and information.
Conclusion:
As Samba 4.22.3 is rolled out, users, particularly those in mixed Windows and Samba environments, should prepare for the upcoming Microsoft update and ensure their configurations are compatible to avoid service disruptions.
For further details, users can visit the following links:
- [Download Samba 4.22.3](https://download.samba.org/pub/samba/stable/)
- [Release Notes for Samba 4.22.3](https://www.samba.org/samba/history/samba-4.22.3.html)
- [Samba Bugzilla](https://bugzilla.samba.org/)
Enjoy!
The Samba Tea
Samba 4.22.3 released
Samba 4.22.3 has been released. The update introduces a modification to the Microsoft RPC Netlogon protocol, enhancing access checks for a specific set of RPC requests. Samba installations functioning as member servers within Windows AD domains will be impacted if they are set up to utilize the 'ad' idmapping backend. Current versions of Samba with the affected configuration will cease to operate correctly following the implementation of the Microsoft update.
