Registration

To better align with the handle-based approach, libcephfs initially provided low-level APIs, while the high-level ones remained unused in the existing Ceph module. But was this the only reason for developing a parallel VFS module for Ceph? This presentation explores the motivation and background behind introducing a new VFS module in Samba to bridge CephFS. Additionally, it examines the evolution of the ceph_new module over the past 6–8 months, highlighting its stabilization through CI/CD pipelines.

The Samba AD DC relies on the LDB database, which uses indexes to accelerate attribute searches. While these indexes are typically effective, the underlying code can sometimes appear complex and difficult to follow.

This talk will explore the history of LDB indexes and propose potential improvements for the future. Visual diagrams will be included to clearly explain the concepts and ideas presented.

As a continuation of the discussion on integrating CephFS with Samba, this talk explores the challenges encountered when scaling SMB services in Ceph. The SMB service utilizes a Samba container to export CephFS volumes via the vfs_ceph_new plugin. However, scaling the number of client connections led to resource exhaustion on the server host, traced back to Samba's forking model and libcephfs caching behavior. This presentation delves into the root cause of the issue and introduces the proposed solution—the multiplexing proxy. Additionally, we will discuss planned enhancements to further improve the proxy's efficiency and scalability.

Starting with Samba 4.21, keytab generation has been significantly improved. The new smb.conf parameter, sync machine password to keytab, enables the creation of multiple keytabs with fine-grained content control. These keytabs are automatically updated whenever the machine password changes, including during the regular Winbind password update. This talk will explore the details of the configuration parameters, their functionality, and the motivation behind these enhancements.

In this talk, we introduce the Ceph SMB Manager (MGR) module, designed to streamline the deployment and management of SMB shares backed by CephFS. This module provides an interface for orchestrating Samba services, enabling Active Directory authentication, and seamlessly integrating SMB into Ceph storage clusters.

We will explore two management approaches—imperative and declarative—offering flexibility in configuring SMB clusters and shares. Additionally, we will discuss the earmarking feature, which prevents cross-protocol conflicts between SMB and NFS by tagging subvolumes for exclusive use, reducing the risk of data inconsistencies.

The session will conclude with a live demo, showcasing the full end-to-end workflow—from enabling the module to setting up SMB shares and connecting Windows and Linux clients.

OAuth2 has become the de facto standard for web-based single sign-on, gradually replacing technologies like SAML. Its influence has extended beyond websites to platform logins, including its adoption in Azure AD.

In the first part of this talk, we will compare OAuth2 with existing authentication technologies such as LDAP, Kerberos, and on-premises Active Directory. We will explore how OAuth2 works, its strengths and weaknesses, and key extensions like OpenID Connect (OIDC) and their role in the authentication ecosystem.

By the end of this session, you will understand key concepts such as claims, the impact of scopes on authorization, and why OAuth2 has become a powerful choice for identity management services.

SMB3 Directory Leases are a powerful protocol feature that can significantly improve client performance, reduce network traffic, and lower server load by enabling clients to maintain a consistent cache of directory contents.

In 2020, I implemented SMB3 Directory Leases as a proof of concept for a customer. At the time, it was clear that further research and rigorous testing were necessary. Now, four years later, Samba 4.22 is set to deliver a production-ready implementation.

This talk will explain how Directory Leases work, showcase real-world examples of performance improvements, and reveal how critical bugs in Samba’s existing SMB2 Leases functionality were discovered and fixed along the way.

This presentation explores the complexities of Azure Entra ID's OAuth 2.0 implementation, with a particular focus on Microsoft’s proprietary extensions, as defined in the [MS-OAPX] and [MS-OAPXBC] standards. Through in-depth analysis, practical examples, and live demonstrations, we will break down these extensions and their impact on authentication and authorization workflows.

A key component of this ecosystem is the Broker client, a privileged intermediary responsible for managing access tokens across multiple applications and services. We will examine its role, including its implementation on Linux as a DBus system service.

By understanding the intricate interplay between these elements, developers and architects will gain the knowledge needed to navigate the challenges and opportunities within Azure Entra ID’s OAuth framework effectively.

This presentation provides an update on the current status of CTDB. It will reflect on the progress made since the last update in 2022 and outline a realistic roadmap for future development.

Key developments include improvements in cluster lock reliability, the ability to read the nodes list from a command, enhanced failover capabilities, rewrites for NFS lock recovery, and low-level adjustments to support a broader range of network configurations.

Accessing Samba and other servers from Linux over SMB3.1.1 continues to improve . We will explore some of the exciting recent enhancements to the Linux SMB3.1.1 client for better access to remote storage across the wide variety of SMB3 file servers (Samba, Azure, ksmbd, Windows, Netapp, Macs and many others). Improvements have been made to security (including adding new auth mechanisms and making password rotation easier to leverage), performance (e.g. improved use of directory leases and better metadata caching, and improvements to netfs/folios for better data caching), and many new features have been added (including better support for the SMB3.1.1 POSIX Extensions), and even some new Linux system calls have been added. The Linux SMB3.1.1 client, cifs.ko, continues to be one of the most active filesystems in Linux, and the userspace tooling has also had excellent improvements over the past year.

This presentation will describe many of these SMB3.1.1 features and improvements, and what to expect in the coming months, and how to best use these new features to improve your workloads.

Linux users often ask: Why is my application slow? How can I improve performance? Why did it crash?

This presentation introduces new diagnostic tools from the Azure Files team for troubleshooting Linux SMB client issues. After a brief overview of existing tools for latency and diagnostics, the focus will shift to new eBPF-based (BPF CO-RE) scripts. A technical overview and live demonstration will show how these tools collect and analyze key data in common failure scenarios.

Attendees will also get a glimpse of the upcoming Always-On Diagnostics project, aimed at enhancing debugging on the Linux SMB client. Feedback is welcome to refine these tools and improve Linux SMB performance analysis.

Enhancing compatibility with applications that rely on Linux and POSIX file semantics is crucial. This presentation explores the current state of SMB3.1.1 POSIX Extensions across various clients and multiple servers. Over the past year, significant improvements have been made to these implementations. The session includes a live demonstration of key features enabled by SMB3.1.1 POSIX Extensions, showcasing examples with multiple servers, including Samba and ksmbd, and their impact on common workloads. Additionally, the discussion will cover requests for new features as Linux filesystem syscalls and capabilities continue to evolve.