Sponsored by:

Opening windows
sambaXP 2025

Samba eXPerience is the yearly meeting of the Samba team and the ecosystem of developers, users and vendors all around the globe since 2002  – organized by SerNet.

The 24th international conference dedicated to the OpenSource software Samba will take place from April 7th to 8th 2025 in Goettingen, Germany. Attendees can meet the Samba Team, discuss requirements as well as new features and get updated on current development projects.

New this year – following sambaXP on April 8th to 10th, there will be an onsite SMB3 Interoperability Lab, sponsored by Microsoft and organized by SNIA.This offers developers the unique opportunity to test their SMB3 implementations in a real test environment and ensure interoperability with other solutions. If you are interested in participating, please check the related box in the sambaXP registration process and complete the separate Interoperability Lab registration via SNIA.

Further information regarding the venue and room booking will be available soon down on this page.

To pass the time, take a look at our archive or YouTube Channel and find recordings of past events.

 

Jeremy Allison (Chairman of sambaXP)

Conference program 2025

9.00 - 10.00 am

Registration & Welcome

10.00 - 10.10 am

Welcome Note

Ralph Böhme
(Samba-Team/ SerNet)
10.15 - 10.40 am

Key Note: The Government and the Art of Infrastructure Maintenance

The Sovereign Tech Agency is a state-funded organization in Germany dedicated to strengthening the open-source ecosystem in the public interest. This talk provides insights into its mission, key initiatives, and the diverse programs in its portfolio. Mirko, who has over 15 years of experience in software engineering across various roles and environments, is particularly interested in how engineering communities organize to achieve sustainable productivity. Since last year, he has been leading the Sovereign Tech Fund and continues to drive efforts to support open-source infrastructure from his base in Dresden, Germany.

Mirko Swillus
(Sovereign Tech Fund)
10.45 - 11.30 am

SMB3, NFS4, A View From Above

Tom Talpey, our presenter of this talk, has a deep and long-term involvement with both protocols, and has (perhaps) a unique perspective to share. No, he is not going to propose merging them or replacing one with the other. He's not going to touch ACLs with a 40-foot pole. But the protocol differences and similarities are important, and necessary to understand. This will be a high-level view, focusing on the role of the protocols, rather than the implementations. Agree, disagree or differ, it may give you a new perspective on the protocols, moving forward.

Slides (PDF)

Tom Talpey
11.35 am - 11.55 am

Introduction to The Microsoft Interoperability Commitment

This session provides a comprehensive overview of the available interoperability resources and programs. It introduces the Open Specifications and covers key technology areas, including Windows, Office, SharePoint, Exchange, and SQL. Additionally, it highlights various content types and related resources to support effective utilization.

Slides (PDF)

Hagit Galatzer
(Microsoft)
11.55 am - 1.15 pm

Lunch break

1.15 - 2.00 pm 1

Azure Entra ID Auth in Samba: Introducing the Himmelblau Daemon

This talk explores the integration of Azure Entra ID authentication in Samba using the Himmelblaud daemon. It examines the challenges of securely storing sensitive enrollment details and the risks associated with unauthorized access. Additionally, the session provides a status update on Microsoft's cooperation in documenting enrollment processes and enabling access to Intune policy enforcement capabilities.

David Mulder
(SUSE)
1.15 - 2.00 pm 2

SMB3 Test Suite Overview

This session provides an in-depth overview of the SMB3 Test Suite architecture, test methodology, and practical guidelines for testing both server and client SMB3 implementations. It also offers valuable insights and techniques to ensure accurate and reliable SMB3 deployments.

Slides (PDF)

James Omitiran
(Microsoft)
2.00 - 2.45 pm 1

localkdc - A general local authentication hub

For several decades we used simple username/password authentication to access services, being them at home, somewhere in the internet or in an enterprise environment. We started to get Single-Sign-On (SSO) support, first via Kerberos and later via web authentication mechanism.

A local Kerberos Key Distribution Center (KDC) is not a new invention. It is a useful tool in combination with the Kerberos IAKerb extension but also allows to map SSO from a web authentication to local authentication or in a network environment isolated from the rest of the enterprise environment.

This talk aims to show a prototype of a common set of requirements and approaches to represent a secure POSIX identity management integration with OAuth 2.0-based identity providers. We also show how use of NTLM in SMB protocol will be replaced by a localkdc in combination with IAKerb.

Andreas Schneider
(Samba-Team/ Red Hat) Alexander Bokovoy
(Samba-Team/ Red Hat)
2.00 - 2.45 pm 2

Working with the Office Open XML File Format and Azure AI

In this talk, learn how to use the Open XML SDK to work with the Office Open XML File Format and integrate it with Azure AI for enhanced document processing and automation.

Slides (PDF)

Michael Bowen
(Microsoft)
2.45 - 3.15 pm

Coffee break

3.15 - 4.00 pm 1

The CTDB Report 2025

Slides (PDF)

Martin Schwenke
(DDN)
3.15 - 4.00 pm 2

New Outlook (Monarch) Overview

In this talk, we will compare the features of New Outlook and Classic Outlook, highlighting key differences and improvements. Additionally, we will explore the product roadmap and upcoming developments.

Slides (PDF)

Andrew Davidoff
(Microsoft)
4.00 - 4.45 pm 1

Unleashing authentication for the Linux CIFS client with gssproxy

The CIFS client in the Linux kernel relies on the cifs.upcall helper to obtain user credentials in a Kerberos environment. While traditionally implemented with native Kerberos library calls only, the upcall has been extended with an option to use the standardized GSSAPI. This also means that cifs.upcall can now interact with gssproxy, a generic daemon for credential management that opens up several use cases, especially when combined with either regular or Resource-based Constrained Delegation to secure non-interactive filesystem access.

This presentation shows how SMB-based filesystem mounts can make use of gssproxy's features in typical usage scenarios. It also delves into the properties of Resource-based Constrained Delegation, and the pitfalls of kerberized filesystems on current Linux versions.

Slides (PDF)

Daniel Kobras
(Puzzle ITC) Michael Weiser
(science+computing)
4.00 - 4.45 pm 2

SMB in Windows Server 2025 and Beyond

Join Microsoft’s SMB team to discuss the new SMB capabilities that shipped with Windows Server 2025. This session will also provide early thoughts on the roadmap for SMB beyond Windows Server 2025.

Slides (PDF)

Raymond Wang
(Microsoft) Genghis Karimov & Dan Cuomo
(Microsoft)
from 6.30 pm

Social Event

8.00 - 8.55 am

Registration & Welcome

8.55 - 9.00 am

Welcome Note

Ralph Böhme
(Samba-Team/ SerNet GmbH)
9.00 - 9.45 am 1

Redefining CephFS bridge with the new VFS module for Ceph

To better align with the handle-based approach, libcephfs initially provided low-level APIs, while the high-level ones remained unused in the existing Ceph module. But was this the only reason for developing a parallel VFS module for Ceph? This presentation explores the motivation and background behind introducing a new VFS module in Samba to bridge CephFS. Additionally, it examines the evolution of the ceph_new module over the past 6–8 months, highlighting its stabilization through CI/CD pipelines.

Anoop C S
(IBM)
9.00 - 9.45 am 2

How do LDB indexes work?

The Samba AD DC relies on the LDB database, which uses indexes to accelerate attribute searches. While these indexes are typically effective, the underlying code can sometimes appear complex and difficult to follow.

This talk will explore the history of LDB indexes and propose potential improvements for the future. Visual diagrams will be included to clearly explain the concepts and ideas presented.

Douglas Bagnall
(Samba-Team/Catalyst IT)
9.45 - 10.30 am 1

Scaling Ceph-Samba connections

As a continuation of the discussion on integrating CephFS with Samba, this talk explores the challenges encountered when scaling SMB services in Ceph. The SMB service utilizes a Samba container to export CephFS volumes via the vfs_ceph_new plugin. However, scaling the number of client connections led to resource exhaustion on the server host, traced back to Samba's forking model and libcephfs caching behavior. This presentation delves into the root cause of the issue and introduces the proposed solution—the multiplexing proxy. Additionally, we will discuss planned enhancements to further improve the proxy's efficiency and scalability.

 

Slides (PDF)

Sachin Prabhu
(IBM/ Red Hat) Avan Thakkar
(IBM/ Red Hat)
9.45 - 10.30 am 2

New keytab generation

Starting with Samba 4.21, keytab generation has been significantly improved. The new smb.conf parameter, sync machine password to keytab, enables the creation of multiple keytabs with fine-grained content control. These keytabs are automatically updated whenever the machine password changes, including during the regular Winbind password update. This talk will explore the details of the configuration parameters, their functionality, and the motivation behind these enhancements.

Slides (PDF)

Pavel Filipenský
(Red Hat)
10.30 - 11.00 am

Coffee break

11.00 – 11.45 am 1

Managed SMB Support in Ceph: The New SMB MGR Module

In this talk, we introduce the Ceph SMB Manager (MGR) module, designed to streamline the deployment and management of SMB shares backed by CephFS. This module provides an interface for orchestrating Samba services, enabling Active Directory authentication, and seamlessly integrating SMB into Ceph storage clusters.

We will explore two management approaches—imperative and declarative—offering flexibility in configuring SMB clusters and shares. Additionally, we will discuss the earmarking feature, which prevents cross-protocol conflicts between SMB and NFS by tagging subvolumes for exclusive use, reducing the risk of data inconsistencies.

The session will conclude with a live demo, showcasing the full end-to-end workflow—from enabling the module to setting up SMB shares and connecting Windows and Linux clients.

Slides (PDF)

Avan Thakkar
(IBM)
11.00 – 11.45 am 2

A Deep Dive Into OAuth 2.0: Part 1

OAuth2 has become the de facto standard for web-based single sign-on, gradually replacing technologies like SAML. Its influence has extended beyond websites to platform logins, including its adoption in Azure AD.

In the first part of this talk, we will compare OAuth2 with existing authentication technologies such as LDAP, Kerberos, and on-premises Active Directory. We will explore how OAuth2 works, its strengths and weaknesses, and key extensions like OpenID Connect (OIDC) and their role in the authentication ecosystem.

By the end of this session, you will understand key concepts such as claims, the impact of scopes on authorization, and why OAuth2 has become a powerful choice for identity management services.

William Brown
(SUSE)
1.30 - 2.15 pm 1

A Deep Dive Into OAuth 2.0: Part 2

This presentation explores the complexities of Azure Entra ID's OAuth 2.0 implementation, with a particular focus on Microsoft’s proprietary extensions, as defined in the [MS-OAPX] and [MS-OAPXBC] standards. Through in-depth analysis, practical examples, and live demonstrations, we will break down these extensions and their impact on authentication and authorization workflows.

A key component of this ecosystem is the Broker client, a privileged intermediary responsible for managing access tokens across multiple applications and services. We will examine its role, including its implementation on Linux as a DBus system service.

By understanding the intricate interplay between these elements, developers and architects will gain the knowledge needed to navigate the challenges and opportunities within Azure Entra ID’s OAuth framework effectively.

David Mulder
(SUSE)
1.30 - 2.15 pm 2

Accessing remote storage better from Linux

Accessing Samba and other servers from Linux over SMB3.1.1 continues to improve . We will explore some of the exciting recent enhancements to the Linux SMB3.1.1 client for better access to remote storage across the wide variety of SMB3 file servers (Samba, Azure, ksmbd, Windows, Netapp, Macs and many others). Improvements have been made to security (including adding new auth mechanisms and making password rotation easier to leverage), performance (e.g. improved use of directory leases and better metadata caching, and improvements to netfs/folios for better data caching), and many new features have been added (including better support for the SMB3.1.1 POSIX Extensions), and even some new Linux system calls have been added. The Linux SMB3.1.1 client, cifs.ko, continues to be one of the most active filesystems in Linux, and the userspace tooling has also had excellent improvements over the past year.

This presentation will describe many of these SMB3.1.1 features and improvements, and what to expect in the coming months, and how to best use these new features to improve your workloads.

Steven French
(Samba-Team / Microsoft Azure Storage)
2.15 - 3.00 pm 1

Leveraging eBPF for Analysing Performance of the Linux SMB Client

Linux users often ask: Why is my application slow? How can I improve performance? Why did it crash?

This presentation introduces new diagnostic tools from the Azure Files team for troubleshooting Linux SMB client issues. After a brief overview of existing tools for latency and diagnostics, the focus will shift to new eBPF-based (BPF CO-RE) scripts. A technical overview and live demonstration will show how these tools collect and analyze key data in common failure scenarios.

Attendees will also get a glimpse of the upcoming Always-On Diagnostics project, aimed at enhancing debugging on the Linux SMB client. Feedback is welcome to refine these tools and improve Linux SMB performance analysis.

Meetakshi Setiya
(Microsoft)
2.15 - 3.00 pm 2

SMB3 POSIX Extensions in the Linux client, Update on Current Implementations

Enhancing compatibility with applications that rely on Linux and POSIX file semantics is crucial. This presentation explores the current state of SMB3.1.1 POSIX Extensions across various clients and multiple servers. Over the past year, significant improvements have been made to these implementations. The session includes a live demonstration of key features enabled by SMB3.1.1 POSIX Extensions, showcasing examples with multiple servers, including Samba and ksmbd, and their impact on common workloads. Additionally, the discussion will cover requests for new features as Linux filesystem syscalls and capabilities continue to evolve.

Steven French
(Samba-Team / Microsoft Azure Storage)
3.00 - 3.30 pm

Coffee break

3.30 - 4.15 pm

SMB3 POSIX Extensions in Samba, current status

Significant progress was made in 2024 toward completing the SMB3 Unix extension, particularly in handling special files and symlinks on the server side. This talk will provide an overview of the current state of SMB3 symlink implementation and highlight the remaining gaps for achieving a seamless Linux-to-Linux mount experience over SMB.

Slides (PDF)

Volker Lendecke
(Samba-Team / SerNet)
4.15 - 5.00 pm

Panel Discussion

Program Committee

Chairman of the 24th samba eXPerience conference is Jeremy Allison – one of the founding members of the Samba Team.

The program of talks and other contributions is supervised by the program committee:

  • Jeremy Allison, CIQ
  • Stefan Kania, author
  • Ralph Boehme, SerNet

 

Local Organizing Committee

The local organizing committee (LOC) is responsible for all activities during the conference:

  • Ms. Friederike Rottmann, SerNet
  • Mr. Dr. Johannes Loxen, SerNet

Do not hesitate to contact them via loc@remove-this.sambaxp.org.

Venue

Hotel FREIZEIT IN

Dransfelder Straße 3
37079 Göttingen, Germany

Tel: +49 551 9001-0
Fax: +49 551 9001-100
E-Mail: info@remove-this.freizeit-in.de

Get Direction

Room Booking


 

Contact

sambaXP is organised by SerNet:

SerNet GmbH
Bahnhofsallee 1b
37081 Goettingen
Germany

phone: +49 551 370000-0
email: contact@remove-this.sernet.de

Managing Directors: Dr. Johannes Loxen, Reinhild Jung

Datenschutzerklärungdata protection declaration

everything that matters sambaXP:

phone: +49 551 370000-0
e-mail: loc@remove-this.sambaxp.org