Sponsored by:

Opening windows
sambaXP 2023

Samba eXPerience is the yearly Samba team meeting and it's ecosystem of developers, users and vendors all around the globe since 2002.

The 22nd international conference around the OpenSource software Samba has taken place from 10th to 11th of May 2023 in Goettingen, Germany. Attendees met the SAMBA Team, have discussed requirements as well as new features and were updated on current developments.

Recordings will be published on our YouTube channel shortly. Slides will be also available in our agenda after approval of all speakers.

Many thanks to our sponsors Microsoft and Google!

Please stay updated here for information about next year's event.

The conference is organized by SerNet.

 

Conference program 2023

How to set up a Samba Domain?

This tutorial is about the basics of setting up a Samba domain. The previous tutorials were always dedicated to specific topics. This time it addresses especially those who are faced with the following question: Should an Active Directory domain be set up with Samba or Windows? But even if you already have a Samba domain in use, there might be some interesting topics you can take away from this tutorial.

In this tutorial you will learn how easy and fast a domain can be set up with Samba and how data can be provided via Samba file servers. The topic of different client operating systems will also be addressed. After setting up the domain the topic of Windows-compliant permissions will be taken care of, so that there is no difference between the permissions in a Samba domain and a Windows domain.

By the end of the tutorial you will have set up a domain with two domain controllers and a file server. Also users will be able to log on different clients in the domain and access the data.

The following content will be discussed and set up:

- Setup of a first domain controller
- Failover of the domain by installing a second domain controller
- Replication of the share SYSVOL
- Integration of a Samba file server
- First shares and permissions
- Integration of Windows and Linux clients into the domain

What do you need to join the tutorial?

  •  PC (BYOD) with “VirtualBox” and “Vagrant” installed
  •  A Windows VM to test the setup and running RSAT

Please note:

You need at least a PC with 16GB RAM (32 GB would be better) to install the setup. The Vagrant-file will create 4 Linux-Hosts and you also need to install a Windows-System.

If you don't have a Windows-VM you can download an evaluation Version from Microsoft:

developer.microsoft.com/en-us/windows/downloads/virtual-machines/.

Download the VirtualBox version and import the VM to VirtualBox. It's a full featured version that is valid for 40 days.

 

Training material:

You will get a handout including all steps to be able to recap independently after the tutorial.

All the Linux-systems will be prepared. You will get a “Vagrantfile” to set up all the Linux-VMs needed for the tutorial.

Registration

Welcome Note from SerNet

Chairman’s note

SoS: Samba on (a large) Scale: exploring ctdb Alternatives

Scale-out clustered Samba uses its homegrown distributed database "ctdb" as a storage backend for maintaining coherent fileserver state. "ctdb" predates most, if not all, cloudy distributed NoSQL databases that came to rise on the wings of the likes of Google Bigtable, Amazon Dynamo and Apache Cassandra in the late 2000's to early 2010's.

"ctdb" has worked extremely well for the high performance scale-out NAS use-case, but the emerging shift to the cloud entails serious scalability, elasticity and manageability challenges. So are there alternatives to ctdb? In this presentation we're going to explore Samba's requirements on a distributed database, candidates being Apache Cassandra, Ceph librados, etcd, ScyllaDB, FoundationDB, TiKV and others.

In order to allow rapid prototyping and testing with different database, we've sketched a Python backend for Samba's database abstraction "dbwrap" that calls out to external Python code implementing the abstract interface which allows for quick prototyping and testing. At the end of the presentation we'll share the result of the functional evaluation and some performance metrics.

Slides (PDF)

Lunch Break

From an OpenLDAP back-end for Samba to a Samba back-end for OpenLDAP

The effort to integrate the Samba AD service with OpenLDAP has been going, off and on, for a few years now. While the idea to replace Samba's LDAP server with OpenLDAP is far from dead, the actual implementation plan has evolved, largely because of the progress Samba has made over the years, such as its LMDB back-end. What started as an effort to revive the long defunct OpenLDAP back-end for Samba and use it as a base to gradually port Samba functionality as overlay modules, is being transformed into a different type of integration - execute Samba's LDB module stack inside OpenLDAP, with the possibility to optimize it for better performance. The purpose of this talk is to give some history on the project development so far, explain the new direction, and present the challenges it faces.

Slides (PDF)

SINK: Does it still float? - An update on samba-operator, samba-container & friends

At sambaXP 2020, the samba-in-kubernetes project (aka “SINK”) was introduced which aims at running Samba in containers to offer SMB shares in Kubernetes. In 2021 and 2022, we presented progress updates on these efforts.
This year, we will give a similar general progress report on our projects. We will discuss some of the new challenges that have appeared as our corner of the overall Samba community grows. One way we have tried to expand our reach is to frequently emphasize that many of our component projects are not just restricted to a Kubernetes environment. So, we’ll take a look at some of the other container engines and orchestration platforms one can run on - and demonstrate that –despite its name– the SINK organization is not all Kubernetes.

Slides (PDF)

Fuzzing: how is it going

For a while now we have been fuzzing many parts of Samba using OSS-Fuzz and private runs. What have we learnt?

Slides (PDF)

Samba AD / MIT Kerberos: path out of experimental

Samba Active Directory domain controller can be built using both Heimdal Kebreros or MIT Kerberos. Since the beginning of the Samba AD project in 2004, Heimdal Kerberos was used to experiment and later build supported Samba AD releases. Samba AD has been ported to use MIT Kerberos in 2016 and has since that time kept an ‘experimental’ build status. With both Samba team and MIT Kerberos advancing the supported functionality, is it now a time to graduate out of the experimental state?

The talk will look at functional and feature differences between the MIT Kerberos and Heimdal builds of Samba AD, what is supported and what is not by each version.

Slides (PDF)

Break

Linux Group Policy: Latest Developments, Use Cases, Integration, and Best Practices

Join me for an informative and interactive session as we explore the latest developments in Linux Group Policy. We'll dive into the various policies and how they can help you manage and secure your organization's network infrastructure. Additionally, I'll be highlighting new documentation, which provides step-by-step instructions on setting up Linux Group Policy.

Slides (PDF)

Updates on distributed file system access via the new VFS

With the past 1-2 releases Samba has matured itself on the new VFS implementation rooted on the handle based approach for accessing the underlying UNIX file systems. Irrespective of the type of file system beneath it Samba successfully tackles the symbolic link race condition to the fullest. GlusterFS being a software defined distributed file system has always tried to keep up with the major changes in Samba to make use of safe and sound mechanisms in providing data access to SMB clients. But what are the challenges involved? How do we comply with pathref changes in Samba to ensure seamless service to end-users? In this talk we closely look at the changes done at the VFS module for GlusterFS as an attempt to adapt itself to the new VFS structure. As we move forward we also highlight the bugs (and improvements) discovered in this process with a note on overall performance impact on such distributed file systems.

Slides (PDF)

FIPS 140-3 and Samba/FreeIPA challenges in RHEL 9: take 2

SambaXP 2022 was supposed to give a perspective on RHEL 9.0 experience in making Active Directory interoperability possible in FIPS 140-3-compliant environments. The talk was canceled for health reasons. Since that time, we have found a few more stumbling stones on the path to make Samba and FreeIPA interoperate with Active Directory while being compliant with FIPS 140-3. This talk aims to cover our progress in understanding and solving tightened crypto requirements within the authentication and identity management area.

Slides (PDF)

io_uring status update

With the increasing amount of network throughput, we'll reach a point where a data copies are too much for a single cpu core to handle.

This talk gives an overview about how the io_uring infrastructure of the Linux kernel could be used in order to avoid copying data, as well as spreading the load between cpu cores. A prototype for this exists for quite some time and shows excellent results.

The talk will explain:

  • What the current implementation status is
  • How the proposed design looks like
  • What challenges we are hitting in bringing it upstream

Slides (PDF)

Social Event at the conference hotel

Opening Note from SerNet

SMB3 POSIX Extensions: Reparse Points current status

To implement smb2 unix extensions, smbd needs to implement ntfs reparse points to present symlinks, sockets and other special files to clients. This talk will present an overview of what reparse points are at their core and where Samba stands to implement them. This talk will serve as the basis for discussion about how Samba should go forward to implement smb2 unix extensions.

Slides (PDF)

Introduction to The Microsoft Interoperability Commitment

An overview of the available interoperability resources and programs. This talk will introduce the Open Specifications and highlight all major technology areas of the site – Windows, Office, SharePoint, Exchange, SQL, as well as types of content – Protocols, Standards, File Formats, Data Portability and Languages.

Continuation SMB3 POSIX Extensions: Reparse Points current status

Integrate the Power of Office365 through Co-Auth and File Synchronization Protocols

WOPI and FSSHTTP are important protocols in the overall Office protocol landscape. This session will provide an overview of how the WOPI and FSSHTTP protocols function and provide resources that will allow you to learn more. 

Passwordless Linux and directory services: where are we?

For the past several years FreeIPA and SSSD teams have been working on enabling end to end passwordless access in centralized and local environments, be it corporate or home deployment. This talk will go into details of our progress in passwordless access implementation for Linux systems. What can be shared across FreeIPA and Samba AD in this area?
In 2022 FreeIPA project introduced the ability to authenticate users against OAuth2 identity providers (IdPs). This functionality allows to obtain Kerberos credentials after authentication and authorization has been done by the external IdP. As many OAuth2 IdPs allow passwordless authentication with WebAuthn tokens, a true passwordless transition across Linux systems is now available, from login to console, raising privileges within PAM services (e.g. sudo access), to accessing remote systems over SSH. We hope to expand this support with native FIDO2/WebAuthn integration as well.
The work is not complete yet and needs a lot of collaboration across multiple open source projects. Come to the talk to see a demo and discuss how we can improve our passwordless experience together.

Slides (PDF)

Use the Capabilities of Azure Artificial Intelligence with the Open XML SDK to Protect Personally Identifiable Information

Learn about the Office Open XML file format and Azure Cognitive Services by using just a few lines of code and the Open XML SDK with Azure Cognitive Services for Language, to redact personally identifiable information from a Word document and save it to a new file.

Break

Active Directory Claims and conditional ACEs: how do they work and what are they for?

Samba will soon have full support for AD claims and conditional ACEs. But what are these good for apart from being able to tout functional level 2012 support? And what do these words actually mean? We'll try to find answers.

Slides (PDF)

File Sharing test suites overview and demo

Cover the latest updates of the Microsoft Protocol Test Suites for File Sharing protocols such as MS-SMB2.  The Test Suites tools were originally developed for in-house testing of the Microsoft Open Specifications and have been used extensively during Interoperability (IO) Labs to test partner implementations.   

We would also like to get your feedback on File Sharing parsers as we explore partners' needs and usage.  

Improved logging in winbind

Starting with Samba 4.17 we enhanced the the logging functionality of winbind. The code flow is easier to follow and the log message have been improved. Thanks to the introduction of a traceid requests can be tracked from the parent winbind down to the childs and back. Trace indentation using the nesting level of sub-requests is added. The talk will dive into the details of the improved logging and demo the tools to make log inspection easier.

Slides (PDF)

SMB3.1.1 POSIX Extensions

Now that Samba server has support for the SMB3.1.1 POSIX Extensions, this presentation will give a demo of some of the features enabled by the SMB3.1.1 POSIX extensions (with examples to multiple servers including Samba and ksmbd) – and how this can help common workloads.    

As Linux continues to evolve, adding syscalls every year – this presentation will also cover some of the places where additional extensions (or emulation) could help.  

WSP Update

After some neglect I have restarted some effort around WSP (windows search protocol) support
There is currently an upstream merge request to add a simple WSP search client for samba.

This talk will recap the previous WSP efforts, additionally it will introduce the client and what you can do with it.

What about the server side ? I'll talk about my plans about that too and also some of the choices and challenges around that.
 

Slides (PDF)

Accessing files remotely from the smallest to the largest devices (and the cloud): SMB3.1.1 improvements to the Linux client

The Linux SMB3.1.1 client continues to be one of the most active filesystems in Linux, with many improvements added each year, enhancing its ability to securely, reliably and efficiently access remote data. This presentation will cover new features added to the Linux client, and new features you can expect to see over the coming year. 

Lunch Break

GPL Compliance for Samba in Consumer Devices

Eleven years ago, Samba's non-profit organization, Software Freedom Conservancy, took over GPL compliance and enforcement work for the Samba project.  In the larger industry of servers and industrial-grade appliances, the results have been excellent.  Large companies, who primarily operate in business-to-business services have reputations to protect; they comply with the GPL and convincing them to comply is a simple education effort.

However, the end-user consumer electronics sector remains a conundrum.  GPL violations are common, and the mid-range devices (such as wireless routers with a USB port) provide file sharing services for the local network, and thus contain not just “usual suspects” such as BusyBox and Linux, but Samba as well.

In this talk, Kuhn will present the full details of this systemic problem, propose various potential ideas, and discuss interactively with the Samba developer community about how they can help.

Panel Discussion: Inside the Samba project

SambaXP chairman Jeremy Allison invites all Samba team members from around the globe to present and discuss there ongoing and planned work.

Program Committee

Chairman of the 22nd samba eXPerience conference is Jeremy Allison – one of the founding members of the Samba Team.

The program of talks and other contributions is supervised by the program committee:

  • Jeremy Allison, CIQ
  • Stefan Kania, author
  • Ralph Boehme, SerNet

 

Local Organizing Committee

The local organizing committee (LOC) is responsible for all activities during the conference:

  • Ms. Nadine Dreymann, SerNet
  • Ms. Alma Altergott, SerNet
  • Mr. Dr. Johannes Loxen, SerNet

Do not hesitate to contact them via loc@remove-this.sambaxp.org.

Venue

Hotel FREIZEIT IN

Dransfelder Straße 3
37079 Göttingen, Germany

Tel: +49 551 9001-0
Fax: +49 551 9001-100
E-Mail: info@remove-this.freizeit-in.de

Get Direction 

Room

Contact

sambaXP is organised by SerNet:

SerNet GmbH
Bahnhofsallee 1b
37081 Goettingen
Germany

phone: +49 551 370000-0
email: contact@remove-this.sernet.de

Managing Directors: Dr. Johannes Loxen, Reinhild Jung

Datenschutzerklärungdata protection declaration

everything that matters sambaXP:

phone: +49 551 370000-0
e-mail: loc@remove-this.sambaxp.org