Samba is the open source implementation of the SMB/CIFS network protocol that is used for sharing files and printers. It runs on most UNIX and UNIX-like systems and is a standard for a lot of operating systems. The newest 4.5 version brings many updated security features and updates that make the implementation more secure.
Samba 4.5 Has Better Security
The newest stable branch of Samba has been updated with the major 4.5 update. The open source implementation is used on all Gnu/Linux distributions, and Mac OS X for accessing file and printers shared on local networks with Microsoft Windows computers. The latest update not only resolves various issues but includes new security updates and tweaks that make it much more reliable and secure.
One of the biggest changes in the newest version is the modification of the default settings of the server. Now Samba will amend the default value of the ntlm_auth option from yes to no. This will not impact existing clients, except those that have not implemented the NTLMv2 standard yet. This is the protocol that is used for authentication on Windows networks. This default option, when set to yes, does not introduce good security as several weaknesses that are related to this behavior have been used in attacks. The developers of Samba have opted to change the value to no to help mitigate some attack scenarios against the hosts.
Another prominent new feature is the support for the LDAP_SERVER_NOTIFICATION_OID control that is used with the LDAP protocol for changes to the Active Directory database.
Samba now also features support for the Active Directory Domain Controller implementation of Virtual List View that allows the paging of the LDAP directory with two options – online local search and asynchronous operation. The DNS forwarding option has been improved, and a multiple DNS forwarders can be used. Administrators can provide a list of servers, and when a query fails on the first server, the service will automatically prompt the next on the list.
As every major update, performance has been improved. System owners should update to the latest version to protect their systems and provide better performance to all network devices that use SAMBA.
