Sponsored by:

Opening windows
sambaXP 2020

SambaXP 2020 is an online event!

SambaXP is the yearly Samba team meeting and it's ecosystem of developers, users and vendors all around the globe since 2002. This year the event is not possible to be held in the usual Goettingen venue due to travel restrictions for many people caused by COVID-19.

Therefore, the organizing committee decided to organize a virtual event. The complete agenda will take place in online rooms that can be visited from any place in the world with internet connection and the speakers will give their presentations from their home or work place. Participants can switch between tracks more easy than in real life or even try to follow two talks at the same time! The event will be recorded if the speakers agree. The planned IO-Lab cannot take place for obvious reasons, we are sorry.

More information will be published during April and May at sambaXP.org. For now, we only answer the most immediate questions and ask you to contact our team in case of other demands.

Q: I ordered and paid a ticket already. Can I ask for a refund?
A: Yes, of course. We will contact you during April. You may decide to ask for a refund OR you consider to visit the conference in person next year? Then you are already done with registration and payment for sambaXP 2021!

Q: I am a speaker or member of Samba team with a free ticket. Do I need to register again
A: No, please not. Your registration is in our records and we keep it active

Q: I booked a hotel room. How does that work?
A: If you made the reservation on your own, please cancel right now. If SerNet took care of your speaker or team reservation, we will take care and cancel your hotel reservation.

Q: What about the tutorial on Tuesday?
A: The tutorial will be a webinar. Already registered participants can ask for refund. OR they stay registered for this year and free of charge at sambaXP 2021, too.

Do not hesitate to contact the organizers at loc@sambaXP.org or stay tuned for the updates at sambaXP.org - stay safe!

best regards - your sambaXP team at SerNet.

program     registration



The registration process of this conference is managed by XING Events, in particular ticket sales and payment handling. The purpose and scope of the data collection and the ongoing processing and use of data by XING Events as well as your rights in this regard and related setting options to protect your personal privacy are listed in the Privacy Policy of XING Events.

According to German law the place where the service is rendered is Goettingen, Germany, therefore value added tax must be paid under the German Added Tax Act (§ 3 a Abs. 2 Nr. 3 a Umsatzsteuergesetz.)

Conference program 2020


This year's tutorial will cover CTDB. In one day you will see how to set up a GlusterFS with two nodes as an active-active cluster.

After setting up the Gluster-Cluster comes the main part of this year's tutorial: Setting up CTDB on two nodes. We will take a look at the new way of configuring CTDB, since version 4.9 of Samba the CTDB-configuration changed a lot.

Here are the topics of the one day tutorial:

  • Setting up a Gluster replicated Volume with two nodes
  • Activating the new Samba-settings in Gluster
  • Installing an configuring the Sernet-Pakages for the use as CTDB-cluster
  • See how you can mount the Gluster-volume into a Samba-CTDB-Filesserver
  • Joining the cluster into a Samba4 Domain
  • Looking at the log-files
  • See how CTDB is managing the failover

At the end of the day you will have a CTB-cluster with GlusterFS as the storage. You will be able to replace or add a node from the CTDB-cluster. We will not take a closer look at GlusterFS, we will just use it for the CTDB-cluster.

Welcome Note from SerNet

Chairman’s note


SMB3 Protocol Update

This talk covers the changes in the past two Windows releases, and a look forward. There are some related developments in RDMA Push Mode that the speaker wants to touch on, too.


The Samba Files Server in IBM Spectrum Scale – Use cases and requirements of Enterprise customers

IBM has deployed Samba as part of file storage solutions for many years now. The current product of IBM is called Spectrum Scale and it delivers clustered Samba to a world-wide base of Enterprise customers on top of IBM's clustered file system known as gpfs.

The first part of the talk is supposed to describe selected requirements, use cases and enhancements this mission has been driving over the last years. This could include topics like file contention, access control lists, and Mac support.

The second part of the talk will address the new challenging requirements with respect to identity mapping like the server side group resolution for NFS clients and the increasing demand to add sssd to the clustered Samba server nodes.

FreeIPA Global Catalog challanges

At SambaXP 2017, we reported an initial progress into making Global Catalog service available as a part of FreeIPA deployment. Three years later, Global Catalog in FreeIPA is becoming a reality. In this talk we are going to demo a working Global Catalog service and dive into challenges we faced in mapping FreeIPA to Active Directory world without being an Active Directory domain controller. FreeIPA's use of Samba services continues to exercise Samba infrastructure from a perspective not commonly experienced and well tested. Finally, semantic differences we encountered across multiple protocols and their implementations in open source and proprietary products represent a good lesson in interoperability efforts.

Lessons learned from using Samba in IBM Spectrum Scale

IBM Spectrum Scale is a software defined storage offering of a clustered file system bundled together with other services. Samba is included as part of the product to provide a clustered SMB file server and integration into Active Directory. This talk discusses from a development point of view the integration of Samba into a storage product and what the development team has learned over the years. Topics will include the requirement for automated testing on multiple levels and the collaboration with the upstream Samba project. Examples will be used to illustrate problems encountered over time and how they have been solved. Further topics will be challenges that have been solved and gaps that have been seen with the usage of Samba.

A stage for Samba in the era of the container platform!?

In recent times, container application platforms, in particular kubernetes, have become extremely popular, have for instance overtaken the virtual machine centric cloud operating system OpenStack in popularity. In contrast to virtual machine environments which run a variety of operating systems and therefore also have natural use cases for Samba, container platforms are usually running one operating system (kernel) only, and thus don’t offer a very obvious space for Samba, whose main purpose is to act as an agent between different operating systems. Is there still a stage for Samba in container land?

This presentation will start with an introduction to the storage concepts of kubernetes and the container storage interface standard CSI, which generalizes these to other container platforms. It will explain the roles of file, block, and object storage in kubernetes and then shows how a distributed software defined storage system like ceph or gluster is brought into kubernetes, running alongside the consuming applications and managed by so called “operators”, providing storage self service for the applications. Time permitting, the presentation may include a demo of what is possibly the easiest installation of a ceph cluster so far.

From here on, the presentation will explore some very interesting and possibly surprising opportunities for Samba in this environment. Details are omitted in this abstract in order to keep up the suspense.


Report from the field: Samba clustering with GlusterFS

Samba supports building a clustered SMB storage solution using the Gluster filesystem for several years now. While Samba and it’s cluster component CTDB are well established components for SMB clustering, the Gluster filesystem itself needed to adapt in various areas to provide all necessary features.

The talk will cover the lessons learned during the process of maturing the Samba and GlusterFS setup and explore the architecture of Samba and GlusterFS in general. Based on support experiences we want to point out the importance of sometimes overseen prerequisites in the area of networking and DNS. Driven by customer demands several important performance improvements have been made in the past months. Users of the glusterfs fuse filesystem now can use a new Samba VFS module that provides enhanced guarantees for accessing files within the cluster. It also implements a mechanism to circumvent expensive case folding pathname operations. The older Samba VFS module which consumes Gluster’s gfapi library now uses Samba’s threadpool implementation based on pthreads which lead to significant performance improvements. The presentation will conclude with an outlook for the ongoing work related to SMB3 features such as multichannel and transparent failover.

The way to modern Kerberos features

  • Using S4U2Self in winbindd
  • The limitations of existing kerberos libraries
  • The challenges of adding new features to kerberos libraries
  • Kerberos testing with plain python

Testing, testing, one, two, one, two...

Testing is an extremely important part of the software development process. Luckily, a lot of the testing work is automated today. Continuous integration (CI) is a buzzword. In Samba, we have come a long way from manually running tests (sometimes) to our own autobuild system enforcing a full run of the test-suite as a push-gate to running various tests in parallel in the gitlab ci system for each merge request.

While testing server client systems like Samba in an automated way is demanding already, testing a cluster is even more complicated and resource hungry. CTDB itself has been tested in isolation with local processes since the beginning, and recently a test-environment has been added to Samba’s selftest that helps test the samba+ctdb stack entirely with local process and socket wrapper. But an automated, periodic test of a samba and ctdb setup on top of a real clustered file system is still missing. One aspect why this is not so easy to implement is the fact that it would usually require a couple of virtual machines to set up such a test cluster.

This presentation will introduce a project that we recently started to investigate and work on. It aims to create a periodic test run pulling the latest bits of Samba and Gluster, setting up a cluster and running test suites against it. Errors would be reported to both projects. As compute resources for the test runs, the centos-ci is used. This project provides jenkins-managed bare metal server resources for open source projects to integrate into their CI systems. These servers are powerful enough to run realistic cluster setups in virtual machines. The presentation will demonstrate how the centos-ci resources are integrated into this test system. Furthermore, possibilities will be explored, how to integrate centos-ci resources as additional runners for Samba’s gitlab CI runners.

Developers guide to smbd: SMB2 packet processing

From the network down to the filesystem and back. This talk will give an overview on Samba's SMB2 packet processing with the goal of giving novice smbd hackers a starting point to the most important source code subsystems involved when a client sends a "create a file" request to the server.


CTDB Report 2020

This is a report on the status of CTDB, similar to that presented at recent SambaXP conferences. The report will focus on 2 main areas: progress and plans. What is new upstream in CTDB? What do our plans look like compared to those presented in recent years? There is also the intersection of progress and plans: what useful things are sitting in development branches but are not merged?

Progress includes: Clustered Samba testing is now in Samba's test suite and autobuild, CTDB's inter-node TCP transport is now more resilient (with some pain along the way), database vacuuming has been simplified, the recovery lock has been enhanced, code is generally cleaner (largely due to csbuild showing issues) and there have been many improvements in testing.

Plans include: splitting CTDB into multiple daemons (as previously presented), a transport using datagram messaging and simple code for new developers to understand and embrace.

Stretching WSP

Recently spotlight got support for elasticsearch, what about the experimental WSP support?
1. Can it do the same?
2. What's involved
3. How does it affect the existing implementation

Ceph Samba Gateway and transparent failover improvements

CephFS and Samba can be combined to provide a highly scalable filesystem which can be accessed from SMB clients such as Linux, Windows and macOS.

This talk will look at Samba clustering features under development, which aim to provide improved availability and performance, with a focus on:

  • New RADOS dbwrap backend as an alternative to CTDB
  • Fast Client failover with Witness Protocol as an alternative to tickles ACKs

Samba Active Directory tools for Windows Admins

This is a follow up to last years talk about managing AD via an ncurses gui. This talk will cover additional improvements to the ADUC and ADSI Edit modules, as well as covering a new DNS Manager. ADUC and ADSI Edit now communicate with AD via samba python bindings, and the DNS Manager interacts with samba-tool calls. The tools have also been wrapped in a redistributable AppImage, which can run on multiple distros. Automated testing has also been written.

Combining Samba and a Groupware (Nextcloud/eGroupWare) to get a for a secure environment for Non Governent Organisations

File shares are a critical infrastructure especially for non-government organizations. Many civil society organisations work with partner organisations and people who work in and on social conflicts, deal with human rights issues or address environmental problems. Some of these organisations and people are exposed to a "shrinking space". Their room for action is restricted, sometimes they even face acute threats. Some of them may risk there life when they work under oppressive governments. So NGOs don‘t only face commercial losses, a security leak may have other side effects.
So NGOs should carefully decide on their infrastructure and the location of data. For us as forumZFD, sharing data in a cloud that is not self-hosted is out of the question in principle, as sovereignty over data is important to us. The choice of open source for critical systems is also important to us. At the same time we work decentralized and work with difficult conditions. Furthermore, NGOs are often limited in their resources. Technology used must therefore be efficiently maintainable and reliable.
But on the other hand we are of course dependent on modern collaboration tools too. Employees expect these tools for their daily work. NGOs often have a quite lean structure and work in a agile way. Colleagues all over the world should be able to share knowledge and work on the same processes at the same time. Without collaboration tools NGOs risk their flexibilty and slow down their daily work.
We have therefore decided to use Samba 4 to create an ActiveDirectory across all our country offices and connect a groupware solution to enable collaboration. For selection security, the individual servers run in a CTDB cluster. Glusterfs and georeplication makes sure, that a copy of all data is stored on another machine in another country too.
The presentation will discuss techniques which NGOs may use in situations of „shrinking spaces“. We will explain our architecture we use on the server side. We will name challenges and opportunities and open the discussion for further extensions of the tools used in the NGO context.

Migration story of 515 server from AD to Samba

Turkish Government decided to move open source technology around 2013. After this decision Profelis work on desktop server migration project and developed OpenSuse based distribution called Gibux.

37.000+ desktop migrated in 3 years. After this migration, Ministry approved AD servers migration to Samba4. Today 515 servers on countrywide using Samba as Authentication. This is one of the biggest open source migration projects in Turkey. 


The Psychology of Multifactor Authentication

Multi Factor Authentication is becoming more important in our infrastructure, with organisations starting to require it for sensitive accounts and more. So why does Multi Factor Authentication ... work? How does human behaviour influence our security and interact with threats that exist online? How can design and human interaction extend to making safer systems?

Come along and learn about human interaction and design, the psychology of how humans interact with systems. We'll extend this into security to understand why human error is really the fault of poor systems design. Finally we'll talk about different threats and how MFA works to protect us from them - at a psychological level.

The Future of Accessing Files Remotely: Linux SMB3 update

The SMB3 kernel client has become the most active network/cluster file system on Linux over the past few years, and continues to add new features and optimizations at a rapid pace. These allow Linux to better access Samba server, as well as the Cloud (Azure), NAS appliances and Windows and Macs and an ever increasing number of embedded Linux devices.

Performance has dramatically improved, not just with the addition of GCM support, but also with continued improvements to compounding, and better parallelization, and also with the addition of multichannel support which allows Linux to spread I/O better across many network devices. New features continue to be added such as the ability to boot diskless systems from Samba, and even swap over SMB3 mounts. Sparse file support over SMB3 mounts is now much better. POSIX compatibility of the kernel client also has been improving with the SMB3 POSIX Extensions to the protocol and with improved testing (the "buildbot" automated testing framework has been invaluable and continues to improve quality). New security features like "modefromsid" allow Linux to better handle common scenarios over SMB3 mounts. In addition the new Linux Kernel server will enable even more use cases for SMB3 on Linux. This has been a very exciting year for SMB3 support in the Linux kernel!

This presentation will describe and demonstrate the progress that has been made over the past year in the Linux kernel SMB3 support in accessing Samba and also the Cloud (Azure) using Linux clients. In addition recommendations on common configuration choices, and troubleshooting techniques will be discussed. 


Optimizing Linux Access to Samba: POSIX Protocol Extensions for SMB3.1.1

Accessing files on Samba servers optimally from Linux clients is essential to a wide variety of workloads. Linux continues to evolve, with new file system features and syscalls being added every year. This presentation will provide an update on the status of the Linux/POSIX protocol extensions to the SMB3.1.1 protocol, what has been added to the specification, what the implementation status is for the Linux kernel client and for Samba server and client tools (like smbclient for example). We will show examples of what works today and why these extensions are so exciting and useful. Looking forward - we will also discuss any changes and suggestions for future versions to enable Linux to continue to improve its ability to access network storage.

smbcmp improvements from Google Summer of Code 2019

Smbcmp is a cli tool for making diffs between two pcap files containing SMB packets and rendering them using curses. For the first part of the project we had to make better diffs by using the pdml output of Tshark and for the second part we added a GUI and ported smbcmp to Windows.


Hardwired: A SMB2/SMB3 Hardware Offload Engine

SmartNICs -- programmable network offload cards -- are now very much "a thing", with several vendors in or entering the market. Storage acceleration is one of the most common use-cases cited by proponents, but what that actually means is not entirely clear. This talk addresses some of the ways in which the performance of the SMB2/SMB3 stack can be improved by SmartNICs, and the design criteria that needs to be considered in order to make SMB Offload viable. We will also cover the following questions:

  • Which SMB transports can be supported?
  • What state information, if any, should be maintained by the offload engine?
  • How can the engine be tested while it is being developed?
  • How will the upper levels of the stack connect to the offload layer?
  • Is this just a dream, or is there some skin in the game?

Penal Discussion

Program Committee

Chairman of the 19th samba eXPerience conference is Jeremy Allison – one of the founding members of the Samba Team.

The program of talks and other contributions is supervised by the program committee:

  • Jeremy Allison, Google
  • Stefan Kania, author
  • Thomas Pfenning, Microsoft
  • Karolin Seeger, SerNet

Local Organizing Committee

The local organizing committee (LOC) is responsible for all activities during the conference:

  • Ms. Dr. Chen-Yu Lin, SerNet
  • Mr. Dr. Johannes Loxen, SerNet

Do not hesitate to contact them via loc@remove-this.sambaxp.org.


sambaXP is organised by SerNet:

SerNet GmbH
Bahnhofsallee 1b
37081 Goettingen

phone: +49 551 370000-0
email: contact@remove-this.sernet.de

Managing Directors: Dr. Johannes Loxen, Reinhild Jung

Datenschutzerklärungdata protection declaration

everything that matters sambaXP:

phone: +49 551 370000-0
e-mail: loc@remove-this.sambaxp.org