Skip to content
Home » Samba 4.20 Released: Enhancements for Seamless Integration

Samba 4.20 Released: Enhancements for Seamless Integration

Samba 4.20 Released with Improved Active Directory Compatibility and New Utilities.

Samba, the popular open-source software suite that provides file, print, and authentication services for SMB/CIFS networks, has announced the release of Samba 4.20.0. This release comes after six months of development and includes several new features and improvements, particularly in the areas of Active Directory (AD) compatibility and new utilities.

One of the key changes in Samba 4.20 is the inclusion of the “wspsearch” utility, which implements an experimental client for the WSP (Windows Search Protocol) protocol. This utility allows users to send search requests to a Windows server running the WSP service, enabling more efficient and precise file searches.

The “smbcacls” command has also been updated to provide support for writing DACLs (Discretionary Access Control Lists) to a file and restoring DACLs from a file. This feature ensures portability of files with saved DACLs, as the data is saved in a format supported by the Windows utility ‘icacls.exe’.

The “samba-tool” utility has also received several updates, including the addition of extensions for centralized Active Directory access policies (Claims), authentication policies (Authentication Policies), and policy containers (Authentication Silos). These updates allow users to bind a user to claims for later use in rules that determine whether a user can access an authentication policy. The samba-tool utility can now be used to create and manage authentication policies and policy containers, providing greater control over user authentication and access.

The Samba-based Active Directory domain controller has added support for Authentication Policies and Authentication Silos created through the samba-tool utility or imported from Microsoft AD configurations. This feature is only available on systems with an Active Directory functional level of at least 2012_R2.

The samba-tool utility has also added client-side support for gMSA (Group Managed Service Account) accounts, which use automatically updated passwords. This support allows users to manage gMSA passwords and Kerberos TGTs using the samba-tool utility.

Additionally, Samba 4.20 includes support for conditional access control entries (Conditional ACEs), allowing access to be allowed or blocked depending on additional conditions. This feature provides greater flexibility and control over access to securable objects.

The ctdb cluster implementation has added the ability to provide the MS-SWN (Service Witness Protocol) service, allowing clients to monitor their SMB connections to cluster nodes. This feature includes a series of commands that allow the cluster administrator to view registered clients and request that the connection be transferred to other cluster nodes.

Finally, Samba 4.20 includes several other improvements and updates, including support for MIT Kerberos5 running as an Active Directory domain controller, the removal of support for the utmp file due to the Year 2038 issue, and the use of the JSON::PP module built into Perl5 instead of the Perl JSON module.

You can download the compressed tar balls from this page:

This version should arrive at Ubuntu, Fedora and Arch Linux repositories within a few days.

Via Samba mailing list

Recent articles from

Notify of

Inline Feedbacks
View all comments