INVITE: SMB3 IO Lab participation at Storage Developers Conference Sept. 18-21, 2023 in Freemont, CA.

[Jeremy Allison via samba-announce]

Hi Samba-people, Arnold Jones, Technical Council Managing Director
or the Storage Network Industry Association (SNIA) asked me to
forward this invitation to anyone who would like to participate
in the SMB3 IO Lab.

---
   Hi Samba Developers,

   Presentations are only part of what is going on at the SNIA’s
   2023 Storage Developer Conference, September 18-21, Fremont, CA.
   The SNIA SMB3 IO Lab is also an integral part of the program.

   The purpose of this IO Lab is for vendors to bring their
   implementations of SMB3 to test, identify, and fix bugs in a
   collaborative setting with the goal of providing a forum in which
   companies can develop interoperable products.  There are several new
   features that have recently been added to the SMB3 protocol:
 * SMB over QUIC support for mutual authentication.
 * Server Notification update for logon session scenario (when server
   discards a logon session before client).
 * Significant Windows security behavior defaults updates in certain
   Windows releases:
  + SMB Signing required by default.
  + Auth rate limiter on by default.
  + Guest auth fallback now off by default.
  + Mail slots off by default and SMB1 now disabled in all Windows
releases.
 * And other SMB security updates and features.

   The IO Lab is an opportunity to learn about these new features and test
   your implementation with Microsoft Windows protocol test suites.
   During the IO Lab you can directly engage with Windows Protocol
   Support, Test Suite Development, and members of the Windows development
   team as well as network with other professionals from all over the
   world.

   This IO Lab is held in one large room (open 24 hrs.), giving
   participants an easy way to interact with both Microsoft professionals
   and with all other participants and their implementations.

   If you are reluctant to participate because you feel that your SMB
   implementation is "not ready", you should still participate! The SMB3
   IO Lab is also a development opportunity, not just a testing
   opportunity. Implementations still in development are encouraged to
   participate.  It's a great opportunity to get help and learn from the
   experts!

   This year we are pleased to announce the full participation and
   continued support of Microsoft, our 2023 SNIA SDC SMB3 IO Lab
   underwriter.

   For complete details on how to participate please see:
   http://www.snia.org/SMB3IOLab

   If you have any additional questions, please contact me at arn...@snia.org.

   I look forward to seeing you and your company at the SMB3 IO Lab this
   year!

   --  Arnold


   Arnold Jones
   Technical Council Managing Director
   SNIA

   http://www.storagedeveloper.org/
   http://www.snia.org/SMB3IOLab
---

New minimal SMB2 client library !

[Jeremy Allison via samba-announce]

Ronnie Sahlberg, Samba Team member - has
written a new small-footprint SMB2/3 client
library. Compiled size is 120KB (yes, that
is *KB*, not MB :-). It supports signing,
sealing, NTLM authentication (and krb5
with external libraries).

It has *no* dependencies (other than the
afore-mentioned krb5 if you need it) and
is available for checkout and hacking at:

git clone git://git.samba.org/libsmb2.git

License is LGPLv2.1+, and it is developed
independently of the main samba project,
so please send patches directly to:

Ronnie Sahlberg 

Submission of patches grants him the rights
to integrate into the code under LGPLv2.1+.

It's designed to expand SMB2/3 use into
the small device Internet of Things and
is already used by the VLC and Kodi projects,
and someone has ported it to load games
off an SMB3 server instead of a cassette
tape for a Tandy TRS-80 (for the over 45's
on the list :-).

It will *never* support SMB1 :-).

Thanks Ronnie for making samba.org
the home of all things SMB !

Samba Team.

SambaXP 2018 Conference Program is out !

[Jeremy Allison via samba-announce]

Hi all,

The annual Samba Conference, Samba XP takes
place on 5th - 7th of June 2018 in Göttingen,
Germany:

https://sambaxp.org

The conference program is now
available here:

https://sambaxp.org/#c5

Anyone using, working with or developing
Samba or shipping products that include
Samba should consider attending. Plus
the beer in Germany is world-class and
Göttingen has wonderful chocolate shops !

(Beer and chocolate, what more could you
want from a conference :-).

Hope to see lots of you all there.

Cheers,

Jeremy Allison,
Samba Team.

Re: [Announce] Samba 4.8.0 Available for Download

[Jeremy Allison via samba-announce]

On Tue, Mar 13, 2018 at 06:11:50PM -0700, Richard Sharpe via samba-technical 
wrote:
> On Tue, Mar 13, 2018 at 12:22 PM, Karolin Seeger via samba-technical
>  wrote:
> > 
> > "It is time that we all see gender as a
> >  spectrum instead of two sets of
> >  opposing ideals. We should stop
> >  defining each other by what we are not
> >  and start defining ourselves by who we
> >  are."
> >
> >  Emma Watson
> > 
> 
> Is this the thin edge of the wedge?
> 
> I am an XY (male) individual and make no apologies for that!

Richard, it's not a wedge at all, it's just a quote. Feel free
to ignore if you don't agree.

Let's just leave it at that please !

Jeremy.

Re: [Samba] [Announce] Samba 4.8.0 Available for Download

[Jeremy Allison via samba-announce]

On Tue, Mar 13, 2018 at 09:21:12PM +, Miguel Medalha wrote:

> The only possibility here is for me to unsubscribe? Is it forbidden to just
> give my views about it and then go on with life? Why?

Because complaining as you did about an innocent quote in release notes
is bullying. You can agree or not, you didn't need to tell anyone about
it unless you were trying to intimidate Karolin into not using quotes
that conflict with your world-view.

I don't want to see bullying on this list please. Let's drop the matter
and get back to technical issues.

Re: [Samba] [Announce] Samba 4.8.0 Available for Download

[Jeremy Allison via samba-announce]

On Tue, Mar 13, 2018 at 09:08:36PM +, Miguel Medalha via samba wrote:
> 
> 
> On 13-03-2018 19:22, Karolin Seeger via samba-technical wrote:
> > 
> > "It is time that we all see gender as a
> >  spectrum instead of two sets of
> >  opposing ideals. We should stop
> >  defining each other by what we are not
> >  and start defining ourselves by who we
> >  are."
> > 
> >  Emma Watson
> > 
> 
> 
> Isn't this a technical mailing list? If so, it would be nice if we could
> keep it free from political propaganda, ideological brainwashing and other
> such BS.
> 
> Thank you!

Miguel, Karolin is the Samba release manager and as such is
free to chose whichever quotes for the release she feels are
appropriate. I am constantly delighted at the range of
material she finds and uses !

If you don't like the quotes you are free to unsubscribe
from samba-technical, and you won't have to see them.

Regards,

Jeremy Allison.

Re: [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download

[Jeremy Allison via samba-announce]

On Wed, May 24, 2017 at 09:21:14AM +0200, Karolin Seeger via samba-technical 
wrote:
> Release Announcements
> -
> 
> These are a security releases in order to address the following defect:
> 
> o  CVE-2017-7494 (Remote code execution from a writable share)
> 
> ===
> Details
> ===
> 
> o  CVE-2017-7494:
>All versions of Samba from 3.5.0 onwards are vulnerable to a remote
>code execution vulnerability, allowing a malicious client to upload a
>shared library to a writable share, and then cause the server to load
>and execute it.
> 
> 
> Changes:
> 
> 
> o  Volker Lendecke 
>* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
>  share.
> 
> 
> ###
> Reporting bugs & Development Discussion
> ###
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
> 
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
> 
> 
> ==
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ==

Thanks Karolin ! Here are some mitigation techniques from Red Hat in
case servers cannot be patched immediately:

-
https://bugzilla.redhat.com/show_bug.cgi?id=1450347#c3

Huzaifa S. Sidhpurwala 2017-05-15 04:02:57 EDT
Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of
modules from outside of samba's module directories and therefore blocks the 
exploit

2. Mount the filessytem which is used by samba for its writeable share,
using "noexec" option.

3. Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents
clients from accessing any named pipe endpoints. Note this can disable some
expected functionality for Windows clients.
-

Jeremy.

Re: [Samba] [Announce] Samba 4.3.0 Available for Download

[Jeremy Allison]

On Tue, Sep 08, 2015 at 09:28:20PM +0200, Michael Adam wrote:
> On 2015-09-08 at 11:39 -0700, Jeremy Allison wrote:
> > On Tue, Sep 08, 2015 at 05:01:14PM +0200, Karolin Seeger wrote:
> > >=
> > >Release Notes for Samba 4.3.0
> > >September 8, 2015
> > >=
> > > 
> > > 
> > > This is the first stable release of Samba 4.3.
> > 
> > *Wonderful* news Karolin - thanks a *LOT for getting
> > this out there.
> 
> Indeed, many Kudos to Karolin, and also to Metze who did
> a lot of work to help getting this one out of the door!
> 
> This is also quite an impressive release, feature-wise!
> Great stuff!

Yes, Metze too - but Metze is usually too shy to appreciate
a shout-out :-). Thanks Metze !

Re: [Samba] [Announce] Samba 4.3.0 Available for Download

[Jeremy Allison]

On Tue, Sep 08, 2015 at 05:01:14PM +0200, Karolin Seeger wrote:
>=
>Release Notes for Samba 4.3.0
>September 8, 2015
>=
> 
> 
> This is the first stable release of Samba 4.3.

*Wonderful* news Karolin - thanks a *LOT for getting
this out there.

Cheers,

Jeremy.

Samba 4.0 released - The First Free Software Active Directory Compatible Server is now available !

[Jeremy Allison]

  Samba Team Releases Samba 4.0
  =

December 11th 2012.

The Samba Team is proud to announce the release of Samba 4.0, a major
new release of the award-winning Free Software file, print and
authentication server suite for Microsoft Windows clients.


The First Free Software Active Directory Compatible Server
==

As the culmination of ten years' work, the Samba Team has created the
first compatible Free Software implementation of Microsoft’s Active
Directory protocols. Familiar to all network administrators, the
Active Directory protocols are the heart of modern directory service
implementations.

Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos
authentication server, a secure Dynamic DNS server, and
implementations of all necessary remote procedure calls for Active
Directory. Samba 4.0 provides everything needed to serve as an Active
Directory Compatible Domain Controller for all versions of Microsoft
Windows clients currently supported by Microsoft, including the
recently released Windows 8.

The Samba 4.0 Active Directory Compatible Server provides support for
features such as Group Policy, Roaming Profiles, Windows
Administration tools and integrates with Microsoft Exchange and Free
Software compatible services such as OpenChange.

The Samba 4.0 Active Directory Compatible Server can also be joined to
an existing Microsoft Active Directory domain, and Microsoft Active
Directory Domain Controllers can be joined to a Samba 4.0 Active
Directory Compatible Server, showing true peer-to-peer
interoperability of the Microsoft and Samba implementations of the
Active Directory protocols.

Acknowledging the value of the interoperability of the Samba 4.0
Active Directory Compatible Server, Steve van Maanen, the co-founder
of Starsphere LLC, an IT services company in Tokyo, said:

Thanks to Samba4, I have two fully replicating Active Directory
Domain controllers that boot in under 10 seconds ! It is nice to have
alternatives, and Samba4 is a great one.

Upgrade scripts are also provided for organizations using the previous
Microsoft Windows NT Domain Controller functionality in Samba 3.x, to
allow them to migrate smoothly to Samba 4.0.

Suitable for low-power and embedded applications, yet scaling to large
clusters, Samba 4.0 is efficient and flexible. Its Python programming
interface and administration toolkit help in enterprise deployments.


Created Using Microsoft Documentation
=

The Samba 4.0 Active Directory Compatible Server was created with help
from the official protocol documentation published by Microsoft
Corporation and the Samba Team would like acknowledge the
documentation help and interoperability testing by Microsoft engineers
that made our implementation interoperable.

Active Directory is a mainstay of enterprise IT environments, and
Microsoft is committed to support for interoperability across
platforms, said Thomas Pfenning, director of development, Windows
Server. We are pleased that the documentation and interoperability
labs that Microsoft has provided have been key in the development of
the Samba 4.0 Active Directory functionality.


Introducing SMB2.1 File Serving Support
===

Samba 4.0 includes the first Free Software implementation of
Microsoft's SMB2.1 file serving protocol. Building on the success of
the SMB2.0 server in Samba 3.6, the Samba 4.0 file server component is
an evolution of the trusted Samba file serving code that is used
worldwide by vendors of file servers, such as IBM's clustered Scale
Out Network Attached Storage (SONAS), and many other commercial
products.

In addition, the Samba 4.0 file server contains an initial
implementation of SMB3, which will be further developed in later Samba
4 releases into a fully-featured SMB3 clustered file server
implementation.

Future developments of our SMB3 server and client suite, in
combination with our expanding number of SMB3 tests, will keep driving
the performance improvements and improved compatibility with Microsoft
Windows that Samba users have come to expect from our software.


Integrated Clustered File Server Support


Building on our success as the first commercial implementation of a
clustered SMB/CIFS server, Samba 4.0 provides industry-leading
scalability and performance as a clustered SMB2/SMB/CIFS file server,
using our clustered tdb (ctdb) technology - also available as Free
Software.

Clustered Samba provides a Single Server view of clustered file
storage, allowing clients to connect to the least loaded server and
still providing a completely coherent view of the underlying clustered
file system.

Written and tested to be compatible with most clustered file systems,
both Free Software and proprietary, Samba 4.0 with ctdb provides a
scalable clustered file server 

Re: [Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available

[Jeremy Allison]

On Mon, Feb 28, 2011 at 10:15:23AM -0500, Chris Smith wrote:
 On Mon, Feb 28, 2011 at 8:35 AM, Karolin Seeger ksee...@samba.org wrote:
  Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
  address CVE-2011-0719.
 
 Will there be a new 3.5.7 Jumbo Patch available for those using it
 with 3.5.6 and strict allocate? Or does the current 3.5.6 Jumbo Patch
 work fine with 3.5.7 (I'm assuming it's not included as there was no
 mention of any other fixes in the release notes)?

Both patches should work fine together. As per our policy, security
fix releases contain no other changes than the security bugfix.

Just take the 3.5.7 release and apply the jumbo patch on top of
it, as you did with 3.5.6.

A 3.5.8 will be released soon with all the pending patches we
were planning the next release before it got preempted by the
security fix.

Hope this helps,

Jeremy.

CIFS Engineering Workshop in Mountain View, California: September 26-28th 2007

[Jeremy Allison]

CIFS Engineering Workshop: September 26-28th 2007.

The Samba Team  will be running a CIFS Engineering Workshop
event hosted at the Google Campus in Mountain View, California, USA
on September 26-28th 2007.

This event is intended for engineers working on any CIFS products
and services, not just products based on the Samba codebase. We
welcome engineers from any implementers of the CIFS and SMB2
protocols, or from people shipping products based on these
protocols, or people with a deep interest in advancing the
standardization of these protocols.

This is not a marketing or customer focused event, the intent
is that engineers will get together and discuss protocol details
and implementation choices in an open and free environment, helped
along with free Google food and a gigabit network for testing. There
will be some arranged talks, but mostly this will be an interoperability
event.

There will be some restrictions on using information gathered at
the event for marketing purposes in the same way as the Connectathon
event restricts using any performance or defect data learned at the
event. The goal is for engineers from competing companies to feel free to
work together without fear of revealing information they wish to
keep secret.

There is no charge for attending, but as this event will be hosted
on the Google Campus space will be limited, so if you would like
to attend or send engineers to this event please email :

[EMAIL PROTECTED]

as soon as possible so we can get an idea of the numbers involved
(and help Google with planning). If you'd like to present a talk,
please send a brief abstract to the same address. Currently the same
review board who accepts talks for SambaXP will review the abstracts,
but if this event is successful a more formal review process will
be adopted.

FAQ:

Why a new event ?

Attendance at the CIFS conference has fallen to such an extent that
it has become a small interest group in the larger storage conference.
The Samba Team wishes to revive interest in a broader discussion of
implementation and standardization of the CIFS protocols, as well as
promote an interoperability lab.

Who decides who will be allowed to attend ?

Currently the same group who runs the SambaXP conference, mainly
the Samba Team, SerNet, and Google (who are hosting). The goal is
to make this event as inclusive as possible, so initially we are
trying to gage interest to finalize the numbers we can host (this
is where Google comes in).

I don't use Samba, should I come ?

Certainly ! Anyone who has an interest in working on, documenting
or standardizing the CIFS and SMB2 protocols is welcome. This includes
any proprietary vendors as well as vendors who OEM the Samba codebase.
Service vendors who implement and support CIFS networking with
third-party software are also welcome.

What software will be available to test against ?

All versions of Samba, as well as any required versions of DOS
and Windows products will be available on the test network. Other
software will depend on the participants bringing versions of their
software along. We hope to be able to get a varied mixture of CIFS
implementations for testing.

My company has signed the MCPP license with Microsoft, are we welcome ?

Yes, although of course we would expect that your attendees please
respect the MCPP licensing process and not divulge any information
you have learned from the MCPP documents. You are especially welcome
to bring equipment running your CIFS implementation so we can test
against each other's implementations.

Why is Google helping ?

Google holds events on behalf of Open Source projects like Ubuntu,
and has generously donated the use of facilities within their Mountain
View Campus for this event.

Is it free ?

Yes, although you will of course have to fund any travel and
accommodation expenses yourself.

What about a T-shirt ?

Currently we don't have a logo for this event, but the organizers are
investigating making a T-shirt available for the participants.

Do I get free food ?

Yes, this is a chance to try out the famous Google cuisine :-).