After 6 months of development a new release of Samba has been presented. Samba is a multifunctional server product that provides implementation of file seal service and winbind server.
Key changes in Samba 4.20 include:
- The security of “Valid Users”, “Invalid Users”, “Read List” and “Write List” has been strengthened. Errors in determining SIDs due to data transfer issues are now appropriately recorded. Non-existent users and groups are ignored.
- The LDAP server now supports authentication using SASL via Kerberos or NTLMSSP with connections displayed on top of TLS (LDAPS or StartTLS). The default setting for LDAP Server now requires strong authentication using SASL on TLS, equivalent to LDapenForCeChanNelbinding in Windows.
- The LDB database used in Samba AD DC has been converted into a public library without separate TAR archive. Strapping with LDB Modules API for Python has been removed and Unicode processing in LDB has been changed.
- Several public libraries in Samba have been converted to internal categories. LDAPS can now be used from ‘Winbindd’ and ‘Net Ads’, with support for ‘Starttls’ and ‘LDaps’ values.
- A new option “DNS Hostname” has been added to set the client name in DNS by default, and Samba AD now supports rotation of overdue passwords for accounts using Smartkarts.
- Settings for “Veto Files” and “Hide Files” can now be specified for individual users and groups. Automatic KeyTab update is now allowed after changing the password used to authenticate the computer in the Domain.
/Reports, release notes, official announcements.