SAMBA eXPerience archive

In our archive you will find impressions and information gathered at the past SAMBA eXPerience conferences:

  • talks as MP3 audio files
  • slides from the conference as PDF

Conference program 2019

Creating and managing Trusts with Samba 4.9

In this tutorial you will setup a trust between two active directory-domains. You will learn how to manage the trust and how to add users and groups from a trusted domain to a trusting domain.


  • How do trusts work 
  • Different kind of trusts 
  • Samba supported trust
  • Samba limitations 
  • Setting up a DNS-Proxy
  • Creating a forest-trust between two domains 
  • Manging trusts
  • Testing the trusts und authentication 
  • Managing users and groups between trusts

Welcome Note from SerNet

Chairman’s note


SMB3 Protocol Update

Slides (PDF)


Improve S4U2Self in Samba

  • Why s4u2self is important and how it could be useful.
  • Implementation challenges in MIT, Heimdal and Samba.
  • Open issues, help wanted, etc

Slides (PDF)

Linux 5 - SMB3 reborn. Access to Samba, Azure, Windows and the World from Linux

The release of Linux version 5 earlier this year, coincides with the "rebirth of SMB3" as the Linux SMB3 client has become the most active network/cluster file system with a wealth of new features and fixes added. Access to Samba, and the Cloud (e.g. Azure) and network storage from Linux is better than ever. Dramatically improved performance of large files access, especially with the integration of RDMA support (“SMB Direct” support), improved direct I/O support and also with many metadata and compounding optimizations which help access to large directories, especially in the cloud (like Azure Files).

In addition support for directory leases (and many other caching improvements) has also helped performance. The ability to do new workloads, more efficient compounding of complex operations for improved performance, changes to more easily recover from failures, improvements to DFS/Global Namespace support, improved metadata handling, many security enhancements, and changes to the default protocol dialects, have made this a great year for improvements to Linux's SMB3/SMB3.11 support. In addition, the POSIX extensions to the SMB3.11 protocol have greatly improved with testing over the past year, especially from Linux and Samba, and are leading to additional workloads being possible now over SMB3.11.

This presentation will demonstrate and describe some of the new features and progress over the past year in accessing Samba and also the cloud (Azure) via SMB3/SMB3.11 using Linux clients, as well as how to configure this optimally.

Slides (PDF)

Speeding up Samba by backing up

The team at Catalyst IT has been busy implementing quite a range of new features to Samba Active Directory. In doing so, there have been some unintended, but generally positive, consequences which have changed the way we have been developing new features. One such consequence has been from our new backup tools which has resulted in a huge improvement in our ability to test networks more reliably. Particularly at larger scales, it has made identifying performance issues significantly easier.

For users, these side-effects should also be appreciated like the potential for more reproducible lab networks, as we continue to build tools and features like Windows but a little differently (and maybe a little better).

This talk will go over some of the basics of the new backup and restore tools for AD domains, and cover some of the work that was done to make simple group policy objects (GPO) portable. It will also include some of the changes in how we have been doing testing and some of the impacts to the selftest system. Hopefully there'll be something interesting to everyone.

Slides (PDF)

Dive into Pathname Processing

How Samba processes incoming pathnames is a black art, and very old code that has been developed over twenty years. Listen to one of the developers go through the pathname processing code, function by function and explain how and why it got to be this way, and what we can do about it. This talk will be of interest for Samba VFS developers as well as general SMB1/2/3 fileserver developers.

Slides (PDF)


What should we do with our UI

To the newcomer, Samba's command line user interface appears to be a haphazard jumble of scripts and binaries with options and design principles that fade in and out of use according to some esoteric pattern. The tools report back to the user with a eclectic mixture of python tracebacks, NT_STATUS error codes, and friendly messages that sometimes neglect to say what was attempted and if it worked.

To the expert it is actually worse, because in the time it took them to become an expert another layer of new functionality has settled over the UI. The expert realises there is no underlying principle--the interface just collects up like leaves in a drain--and memorises the minimal set of finger-patterns to get their job done.

Can we do better? Without breaking anybody's scripts and finger habits? Could samba-tool provide consistently useful feedback? Is automatic shell-completion possible? Can we get beyond a simple text UI without falling into a horrific expanse of GTK checkboxes or web based graph visualisations?

Some of these questions might be answered.

Slides (PDF)

Hardwired: An SMB3 Offload Engine

What can be achieved, in terms performance and reliability, by isolating SMB3 message marshalling and unmarshalling into a separate layer? This talk will describe experimentation with a low-level SMB2/3 message handling engine.

Slides (PDF)

Samba Active Directory tools for Windows Admins

Managing AD via terminal commands can be alien to many Windows users and admins, so providing them with familiar tools could ease their transition. This talk will demonstrate new GUI tools, which can run via either qt in a graphical environment, or also via ncurses in the terminal, which simplify the administration of users and groups in an AD domain. These tools emulate the familiar ADUC and ADSI tools in a Windows environment.

Slides (PDF)

Introduce New In-kernel SMB3 server called CIFSD

CIFSD is a new SMB server implementation for the Linux kernel, intended to provide higher performance than user-space analogues.  This talk will start with a brief introduction to CIFSD architecture (high level) and its main design goals: outline components, their responsibilities and communication protocols. In the second part of the talk we will focus on current state of affairs and our future development plans.

Slides (PDF)


Samba and the road to Python3

Samba 4.10 is the first release to support Python3 (and also Python2)

The talk will cover

  • The reasons why we are moving to Python3
  • Some details that attempt to explain what will be supported and in which version.
  • Some of the challenges encountered migrating to Python3
  • Lessons learned

Slides (PDF)

Spotlight: Samba and Elasticsearch

Where is that file when you need it? This presentation will give an overview of the current status of macOS Spotlight support in Samba with a brief detour on Microsoft WSP and an outlook on the ongoing work to replace the current search backend Gnome Tracker with something more scalable: Elasticsearch.

Social Event

will be announced at the conference

One DCE/RPC server to serve them all

On the way to Samba 4.0 a more feature-complete DCE/RPC server was designed and implemented which allows asynchronous execution, a fundamental requirement for some services such as the witness protocol.

This talk will present an approach to DCE/RPC server reunification where the server core has been extracted from the samba4 implementation and a new PIDL compiler class generates code able to invoke samba3 RPC interfaces implementations.

The topics will cover the dissection of the DCE/RPC server to present the components that compose it, the analysis of the initialization to identify the parts that can not be shared, the execution of the common processing loop, the new PIDL compiler class and finally some problems such as the local dispatching (rpcint vs irpc binding handles) and how they have been solved.

Slides (PDF)

SMB debugging tools

In this talk the speaker will give an overview of the existing tools to help debug SMB issues (smbcmp, smblog-mode,wireshark, ...) and some of their recent new features.

Slides (PDF)

Samba in love with GnuTLS

With Samba 4.10 and older versions, Samba is currently implementing its own cryptography primitives for commonly used ciphers and hashes(AES, RC4, SHA-1/SHA-2, MD4 and MD5). Writing cryptographic functions is not that hard, you do not even need to understand the math behind a cryptographic primitive you want to implement to be able to construct a set of functions that correctly encrypts and decrypts a ciphertext. 

Cryptographers keep saying you should not implement your own crypto. History of Samba shows why it is indeed a sensible suggestion to anyone.We look into why we implemented our own crypto primitives and why it was a bad idea. 

This talk will explain the benefits of moving to a proper crypto library for an open source project implementing a complex network-facing protocol set. We also will look into how this helps us to become a predictable code base to be able to pass a FIPS 140-2 certification.

Slides (PDF)

SMB3 Multichannel update

Adding SMB3 multichannel as a fully supported feature to the Samba SMB server has been a long and difficult journey. Not only some aspects of the protocol regarding oplocks and leases needed to be properly

researched and tested - also the implementation design needed to be adapted to the way SMB clusters are run with CTDB. The talk will give an update to the completeness of the multichannel feature and also explore other aspects of clustered SMB with Samba and CTDB using the Gluster filesystem.

Slides (PDF)


Samba as the default directory

In the Microsoft world, AD is well established as "the only" source of identity information for workstations and servers. However, in the opensource world, we have a variety of artisinal solutions to identity management, every one with pros, cons, complexities and hurdles. Sadly as a result, almost no business gets the arcane system right, and wide issues exist.

We want our Linux and BSD machines to "just work" in the same way that Windows "just works" with AD. But surely this is a dream? I'll explore the current changing landscape of services and authentication in opensource and application deployment. From there I will talk about the ways that Samba 4 can be turned into the default LDAP server for use in opensource environments. Finally I'll talk about the future of applications and how Samba 4 could step up to be the default directory server in any environment.

Slides (PDF)

Improvements in CTDB and Clustered Samba testing

This presentation will provide details of improvements to CTDB's testing infrastructure and to Autocluster.

CTDB's test suite was created in an ad hoc manner to run a limited range of test cases. This included running multiple "local daemons" to allow CTDB's clustering, messaging and database capabilities to be tested. As more test cases appeared, the local daemons functionality was extended in more ad hoc ways, but was still embedded in the "simple" test suite. The "local daemons" support was recently extracted into a standalone script that relies on CTDB's test mode. While this is still used by the "simple" test suite, it can also be used for standalone debugging and could be integrated into Samba's autobuild to test some Clustered Samba capabilities.

Autocluster is a tool for generating virtual clusters for testing Clustered Samba. It has now been rewritten as a small Python script that reads configuration from a YAML file, creates a cluster with Vagrant and configures it with Ansible.  As a result it is now about 5.5K lines smaller and much more maintainable.

Slides (PDF)

More Fancy Talk about Rust

In the third talk talk of the quest to get a more modern programming language supported in Samba we are re-visiting the re-visit to finally get it right (tm).

Last year, we saw a proof of principle project implementing a DNS-like protocol in Rust, and then using the server-side parser for it from a C server providing the rest of the business logic. When the time came to figure out how to handle memory ownership between C and Rust functions, my solution was to implement a Rust wrapper to Samba's Talloc memory management library and keeping the C process in charge of all allocated memory. This turned out to be an unpopular design decision.

So this time around we'll stick to handling the Rust-allocated memory in Rust while giving the project another go. In addition, the talk gives an overview of the current state of automatic C binding generation from Rust and other features relevant for integrating Rust into a real world project.

Slides (PDF)

The CTDB report

This is a report on the status of CTDB, similar to that presented at recent SambaXP conferences.

We will review design and associated plans, including those presented at SambaXP 2018 - some of those still aren't in a release. We will discuss how the design as evolved over time and the summarise the current state of the design, including protocol, transport, messaging and use of sockets.

The circumstances of CTDB's lead developers have changed, so there is less time available for development. We will discuss the consequences of these changes, including some musings about competing philosophies for achieving our design and implementation goals.

New requirements appear, so are worthy of mention. This will include the SMB Witness Protocol and some potential database performance optimisations.

We will close by discussing some long term goals for CTDB.

Slides (PDF)


Windows Hello Internals

A protocol level deep dive into how Windows Hello Authentication works.

Slides (PDF)

SMB3 POSIX Extensions

For SMB3 (and Samba) to be used even more broadly, it is critical to improve the experience of Linux users (running POSIX applications). The SMB3 POSIX Extensions, a set of protocol extensions to allow for optimal Linux and Unix interoperability with Samba, NAS and Cloud file servers, have greatly improved with feedback and test results from expermental implementations in Samba and now merged into the Linux kernel. These

extensions address various compatibility problems for Linux and Unix clients (such as case sensitivity, locking, delete semantics and mode bits among others). This presentation will review the state of the protocol extensions, what was learned in the implementations in Samba and also in the Linux kernel (including from running exhaustive Linux file system functional tests to try to better match local file system

behavior over SMB3 mounts) and what it means for real applications.

With the deprecation of older less secure dialects like CIFS (which had standardized POSIX Extensions documented by SNIA), these SMB3 POSIX Extensions are urgently needed to be more broadly deployed to avoid functional or security problems and to optimally access Samba from Linux.

Slides (PDF)


A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain with 8000 users

"They did not know it was impossible so they did it" had written Mark TWAIN. This quote is such a perfect fit for the French Ministry of Culture.

In this talk, we want to tell you about the tools and methods that Tranquil IT used to merge 170 Samba3-NT4 domains into 1 Samba-AD domain for 8000 users quickly and with very little manpower. Beside the most practical tool in IT which is loving your users, we'll show you how python scripts, Ansible, our tool WAPT, and Samba's legendary flexibility helped achieve that.

Along the way, we have improved security, upgraded all systems and normalized their network. That's one more happy client to put on Samba's scoreboard.

Slides (PDF)

GitLab: One year on

Andrew Bartlett will look back at the year since the introduction of GitLab in the Samba Team, first for CI and then also for merge requests, and then look forward to future opportunities to improve the Samba Development process.

Samba started to use GitLab, hosted at in June 2018. Thiscame after a failed attempt to integrate GitHub with our workflow, but was motivated by the same desire: To make contributing to Samba easy for a new generation of Samba developers, as well as a pleasure for existing developers.

Slides (PDF)

Panel Discussion

Past Conferences

Looking for slides, audio files or pictures older than 2018? Please visit the directory preserving our old sambaXP archive and browse through the years.


sambaXP archive