Software Update: Samba 4.0.0 TP1

The developers of Samba are busy developing version 4.0 and have released a technology preview to show the progress. Samba runs on Unix, BSD and Linux based servers and is able to provide file and/or printer services to Windows clients via the CIFS protocol. For the documentation about the how and what of Samba you can take a look at this page. The full announcement of this technology preview is as follows:

What’s new in Samba 4 Technology Preview

Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above.

Samba 4 is currently not yet in a state where it is usable in production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work.

With 3 years of development under our belt since Tridge first proposed a new Virtual File System (VFS) layer for Samba3 (a project which eventually lead to our Active Directory efforts), it was felt that we should create something we could ‘show off’ to our users. This is a Technology Preview (TP), aimed at allowing users, managers and developers to see how we have progressed, and to invite feedback and support.


Samba4 TP is currently a pre-alpha technology. It may eat your cat, but is far more likely to choose to munch on your password database. We recommend against upgrading any production servers from Samba 3 to Samba 4 at this stage. If you are upgrading an experimental server, you should backup all configuration and data.

We expect that format changes will require that the user database be rebuilt from scratch a number of times before we make a final release, losing password data each time.

Samba 4 Technology Preview includes basic Access Control List (ACL) protection on the main user database, but due to time constraints, none on the registry at this stage. We also do not currently have ACLs on the SWAT web-based management tool. This means that Samba 4 Technology Preview is not secure.

File system access should occur as the logged in user, much as Samba3 does.

Again, we strongly recommend against use in a production environment at this stage.


Samba4 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue.

SWAT is now integrated into Samba 4 as the user-friendly interface to Samba server management. SWAT provides easy access to our setup and migration tools. Using SWAT, you can migrate windows domains in Samba 4, allowing easy setup of initial user databases, and upgrades from Samba 3.

The new VFS features in Samba 4 adapts the filesystem on the server to match the Windows client semantics, allowing Samba 4 to better match windows behavior and application expectations. This includes file annotation information (in streams) and NT ACLs in particular. The VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing JavaScript programs to interface to Samba’s internals.

The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports standards compliant LDAP servers (including OpenLDAP), and we are working on modules to map between AD-like behaviors and this backend. We are aiming for Samba 4 to be powerful frontend to large directories.


  • Standalone server and domain member roles are not currently supported. While we have much of the infrastructure required, we have not collected these pieces together.
  • There is no printing support in the current release.
  • SWAT can be painful with and forms. Just use the mouse, as the JavaScript layer doing this will change.
  • Domain logons (using Kerberos) from windows clients incorrectly state that the password expires today.

Version number 4.0.0 TP1
Operating systems Linux, BSD, macOS, Solaris, UNIX
Website Samba
File size


License type GPL