Samba 4.22.9 is out and it fixes a nasty regression where Kerberos authentication would silently break on Linux file servers. Administrators running long-term deployments should upgrade immediately because rpc workers were leaking memory until they consumed all available RAM. The update also patches critical failover bugs in CTDB clusters that caused state synchronization errors during node switches. Get this patch applied before your next maintenance window to keep Windows clients connected without authentication headaches.

Samba 4.22.9 Fixes Broken Kerberos Auth and Memory Leaks in File Servers

The latest stable release of Samba 4.22.9 addresses critical authentication failures and memory exhaustion issues that have plagued Linux file servers running Windows domain clients for months. This update targets administrators managing Active Directory environments where silent Kerberos breakage can lock users out of shared drives without any warning in the logs. Anyone who has tried to migrate from Windows Server to a Linux-based file server knows how frustrating it is when authentication silently fails after an update.

The Broken Kerberos Setting That Locks Users Out

The use-kerberos=desired configuration option has been failing since version 4.22.8, causing Windows clients to fall back to less secure authentication methods or deny access entirely. This matters because modern Active Directory deployments rely on Kerberos for single sign-on across multiple file shares and print services. Noel Power fixed this regression so that Samba servers now properly negotiate encrypted tickets with domain-joined workstations instead of forcing password prompts at every login.

Memory Growth in Long-Running RPC Connections

Servers running for extended periods have been consuming increasing amounts of RAM due to how rpc workers handle long-lived client connections and keytab files. The issue manifests as gradual slowdowns over weeks or months until the system either crashes or forces administrators into emergency reboots during peak hours. We have seen production file servers hit 90 percent memory usage after two months of uptime without any changes to the workload, only to stabilize immediately after this patch arrives. Version 4.22.9 patches this leak so that memory usage stays flat even when hundreds of Windows clients maintain persistent SMB sessions to your server.

Failover Clusters Need This Samba 4.22.9 Patch for Stability

Administrators using CTDB to run redundant file servers have been experiencing statd_callout failures that break state synchronization between nodes. When these calls fail or notify unnecessary clients, the cluster can lose track of which server holds locks on files and folders. The Schwenke brothers resolved both BUG 15938 and BUG 15939 to ensure that when one file server node fails over to another, your users do not get file in use errors or corrupted metadata from stale state information.

Keep those shares accessible and download the latest stable from samba.org before your next maintenance window.