After 6 months of development presented release Samba 4.24.0, which continued the development of the Samba 4 branch with a full implementation of the domain controller and Active Directory service, compatible with the Windows 2008 implementation and capable of serving all Microsoft-supported versions of Windows clients, including Windows 11. Samba 4 is a feature-rich server product that also provides a file server implementation, a print service, and an identity server (winbind). The project code is written in C and distributed under the GPLv3 license.
Key changes in Samba 4.24:
- Added new VFS module vfs_aio_ratelimit for limiting the intensity (rate-limit) of asynchronous input/output (AIO) operations. Limits can be specified in bytes per second or operations per second. When the specified limit is exceeded, the module begins to introduce artificial delays into asynchronous operations to maintain the specified upper threshold.
- The VFS module vfs_ceph_new has added support for the Keybridge RPC protocol and the FSCrypt mode for encryption of data and file names in the CephFS file system. It is possible to enable encryption at the level of individual directories.
- The VFS module vfs_streams_xattr has been added to the VFS module, which allows you to save alternative NTFS data sets (NTFS alternate data stream) in extended file attributes (xattr) in Linux the “streams_xattr:max xattrs per stream” setting, which determines the allowed number of xattrs used to store data. In Linux, the xattr size is limited to 65536 bytes, but the XFS file system makes it possible to bind more than one xattr to a single file, which allows you to use multiple xattrs to store up to 1 MB of alternative data.
- Support for auditing authentication-related information has been implemented. Added debugging classes “dsdb_password_audit” and “dsdb_password_json_audit” to reflect changes in Active Directory attributes in the log: altSecurityIdentities, dNSHostName, msDS-AdditionalDnsHostName, msDS-KeyCredentialLink and servicePrincipalName.
- Added support for external Microsoft Entra password management systems ID and Keycloak, which use a password reset operation (SSPR, password reset) when changing a password without transferring the old password to the domain controller. To comply with policies that control the expiration date of passwords, when resetting a password, additional parameters (“password policy hints”) are passed, allowing the operation to be treated as a normal password change. Samba now takes into account similar parameters when applying local password-related policies.
/Reports, release notes, official announcements.