[Announce] Samba 4.22.0rc4 Available for Download

Jule Anger janger at samba.org
Thu Feb 27 13:15:30 UTC 2025 

Release Announcements
=====================

This is the fourth release candidate of Samba 4.22.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

Samba 4.22 will be the next version of the Samba suite.


UPGRADING
=========


NEW FEATURES/CHANGES
====================

SMB3 Directory Leases
---------------------

Starting with Samba 4.22 SMB3 Directory Leases are supported. The new global
option "smb3 directory leases" controls whether the feature is enabled or
not. By default, SMB3 Directory Leases are enabled on non-clustered 
Samba and
disabled on clustered Samba, based on the "clustering" option. See man 
smb.conf
for more details.

SMB3 Directory Leases allow clients to cache directory listings and, 
depending
on the workload, result in a decent reduction in SMB requests from clients.

Netlogon Ping over LDAP and LDAPS
---------------------------------

Samba must query domain controller information via simple queries on
the AD rootdse's netlogon attribute. Typically this is done via
connectionless LDAP, using UDP on port 389. The same information is
also available via classic LDAP rootdse queries over TCP. Samba can
now be configured to use TCP via the new "client netlogon ping
protocol" parameter to enable running in environments where firewalls
completely block port 389 or UDP traffic to domain controllers.

Experimental Himmelblaud Authentication in Samba
------------------------------------------------

Samba now includes experimental support for Azure Entra ID 
authentication via
`himmelblaud`, located in the `rust/` directory. This implementation 
provides
basic authentication and is configured through `smb.conf`, utilizing options
such as `realm`, `winbindd_socket_directory`, and `template_homedir`. 
New global
parameters include `himmelblaud_sfa_fallback`, 
`himmelblaud_hello_enabled`, and
`himmelblaud_hsm_pin_path`.
To enable, configure Samba with `--enable-rust --with-himmelblau`.

REMOVED FEATURES
================

The "nmbd proxy logon" feature was removed. This was used before
Samba4 acquired a NBT server.

The parameter "cldap port" has been removed. CLDAP runs over UDP port
389, we don't see a reason why this should ever be changed to a
different port. Moreover, we had several places in the code where
Samba did not respect this parameter, so the behaviour was at least
inconsistent.

fruit:posix_rename
------------------

This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could 
result
in severe problems for Windows clients.

As a possible workaround it is possible to prevent creation of .DS_Store 
files
(a Finder thingy to store directory view settings) on network mounts by 
running

   $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true

on the Mac.


smb.conf changes
================

   Parameter Name                          Description     Default
   --------------                          -----------     -------
   smb3 directory leases                   New             Auto
   vfs mkdir use tmp name                  New             Auto
   client netlogon ping protocol           New             cldap
   himmelblaud hello enabled               New             no
   himmelblaud hsm pin path                New             default hsm 
pin path
   himmelblaud sfa fallback                New             no
   client use krb5 netlogon                Experimental    no
   reject aes netlogon servers             Experimental    no
   server reject aes schannel              Experimental    no
   server support krb5 netlogon            Experimental    no
   fruit:posix_rename                      Removed
   cldap port                              Removed


CHANGES SINCE 4.22.0rc3
=======================

o  Stefan Metzmacher <metze at samba.org>
    * BUG 15815: client use krb5 netlogon is experimental and should not 
be used
      in production.


CHANGES SINCE 4.22.0rc2
=======================

o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    * BUG 15738: Creation of GPOs applicable to more than one group is 
impossible
      with Samba 4.20.0 and later.

o  Björn Baumbach <bb at sernet.de>
    * BUG 15806: samba-tool acl commands broken for relative path names
    * BUG 15807: pysmbd seg faults when file is not found.

o  Ralph Boehme <slow at samba.org>
    * BUG 15796: Spotlight search results don't show file size and 
creation date.

o  Pavel Filipenský <pfilipensky at samba.org>
    * BUG 15759: net ads create/join/winbind producing unix dysfunctional
      keytabs.

o  Volker Lendecke <vl at samba.org>
    * BUG 15806: samba-tool acl commands broken for relative path names.
    * BUG 15807: pysmbd seg faults when file is not found.

o  Stefan Metzmacher <metze at samba.org>
    * BUG 15680: Trust domains are not created.

o  Andreas Schneider <asn at samba.org>
    * BUG 15680: Trust domains are not created.

o  Shweta Sodani <ssodani at redhat.com>
    * BUG 15703: General improvements for vfs_ceph_new module.


CHANGES SINCE 4.21.0rc1
=======================

o  Björn Baumbach <bb at sernet.de>
    * BUG 15798: libnet4: seg fault after dc lookup failure


KNOWN ISSUES
============

https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.22#Release_blocking_bugs


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================

================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID AA99442FB680B620).  The source code can be downloaded
from:

         https://download.samba.org/pub/samba/rc/

The release notes are available online at:

https://download.samba.org/pub/samba/rc/samba-4.22.0rc4.WHATSNEW.txt

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                         --Enjoy
                         The Samba Team

More information about the samba-announce mailing list