The launch of the new version of Samba 4.14.0 in which the development of the Samba 4 branch is continued with a complete implementation of a domain controller and Active Directory service, compatible with the Windows 2000 implementation and capable of serving all versions of Microsoft supported Windows clients, including Windows 10.
Samba 4 is a multifunctional server product that also provides a file server, print service, and identity server (winbind) implementation.
Main new features of Samba 4.14
In this new version a significant update of the VFS layer has been made For historical reasons, the code with the file server implementation was tied to file path processing, which was also used for the SMB2 protocol, which was translated to use descriptors. In Samba 4.14.0, the code for accessing the server’s file system has been redesigned to use file descriptors instead of file paths.
Another important change is that the ability to use Group Policy was provided for Winbind clients. Active Directory administrator can now define policies that change sudoer settings or add recurring cron jobs. To enable group policy enforcement for a client, smb.conf provides the »apply group policies’ setting.
Policies are applied every 90-120 minutes and in case of problems, changes can be undone with “samba-gpupdate –unapply” or reapply with “samba-gpupdate –force”. The command “samba-gpupdate –rsop” can be used to view the policies that will be applied to the system.
On the other hand, It is mentioned that Samba is now required to have at least Python version 3.6. Build support has been removed with older versions of Python, plus samba-tool utility implements tools to manage objects in Active Directory (users, computers, groups). To add a new object to AD, it is now allowed to use the “add” command in addition to “create”. The “rename” command is supported for renaming users, groups, and contacts. To unlock users, the command ‘samba tool user unlock’ is suggested. The ‘samba-tool user list’ and ‘samba-tool group listmembers’ commands have implemented the “–hide-expired” and “–hide-disabled” options to hide expired or disabled user accounts.
Reliability of publishing printers in Active Directory has been improved and the information about printers passed to Active Directory has been improved. Added support for Windows printer drivers on ARM64 systems.
In the component CTDB responsible for the operation of cluster configurations, politically incorrect terms have been cleaned up. Instead of master and slave when configuring NAT and LVS, it is suggested to use “leader” to refer to the main node in the group and “follower” to reach the rest of the group members. The command “ctdb natgw master” has been replaced by “ctdb natgw leader”. To indicate that a node is not a master, the “follower only” indicator is now displayed instead of “slave only”. The “ctdb isnotrecmaster” command has been removed.
What’s more, an explanation is provided on the scope of the GPL license, under which the Samba code is distributed, to VFS (Virtual File System) components. The GPL license requires that all derivative works be opened on the same terms. Samba has a plugin interface that allows you to call external code. One of these plugins is VFS modules, which use the same header files as Samba with an API definition through which the services implemented in Samba are called, so Samba VFS modules must be distributed under the GPL or a compatible license.
The uncertainty arises in relation to the third-party libraries accessed by the VFS modules. In particular, it has been argued that only GPL libraries and compatible licenses can be used in VFS modules. The Samba developers have clarified that the libraries do not call Samba code through the API or access internal structures, so they cannot be considered derivative works and do not need to be distributed under GPL-compliant licenses.
Finally if you are interested in knowing more about it about this new version of samba, you can check the following link.