SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

CERT NZ helps open source community with upgrade of Samba

Wed, 27th Jul 2022
FYI, this story is more than a year old

A collaboration between CERT NZ, Catalyst and the open source community has created a major update for Samba, making it more secure.

Samba is an open source software suite used as an active directory domain controller, like Microsoft Active Directory.

Samba is Free Software licensed under the GNU General Public License, and the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

The software is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function as a domain controller or regular domain member.

CERT NZ partnered with New Zealand open source service provider Catalyst to create an update for Samba, which will benefit users worldwide.

CERT NZ team leader of systems and security Pieter Meirsman says the organisation saw the opportunity to contribute to the security of Samba as providing a benefit for CERT NZ and others.

"The organisation is proud to support Catalyst making this software more secure for users, which enables its use as a free alternative for Windows active directory (AD)," he says.

CERT NZ says it provided funding for the Catalyst team to work on improving the Heimdal snapshot. A snapshot of the Heimdal Kerberos implementation has been included in Samba since Samba 4.0.

The update brings important new security features such as Kerberos request armouring, known as FAST. This tunnels ticket requests and replies, which might be encrypted with a weak password, inside a wrapper built with a stronger password. Work was also done to improve the plugin interface.

CERT NZ says the new upgrade brings Samba closer to Windows 2012 compatibility and allows the system to be updated more easily. As Catalyst's team works closely with Microsoft, the impact of the CERT NZ funding goes wider than the open source community.

"We want to acknowledge work done by the wider Samba community and thank them for giving feedback. CERT NZ appreciates all the effort involved," says Meirsman.

Catalyst IT managing director Don Christie says its amazing Samba AD team have been focused on security issues for many years.

"This work, on the open source platform, has improved the security of its sibling proprietary platform, Microsoft AD and Azure AD and therefore the security for hundreds of millions of computer users around the world," he says.

"We're proud of the work our team has led and delighted that CERT NZ saw the critical nature of this work and has chosen to help with its funding. The benefits to Kiwis and the rest of the world are clear and should not be underestimated."

Follow us on: