Samba 4.23.7 delivers targeted stability patches that stop memory leaks in the GlusterFS VFS module caused by persistent SMB2 connections. The update also resolves unbounded keytab growth in RPC workers, fixes broken libsmbclient POSIX extensions over SMB3, and corrects vfs_snapper subdirectory enumeration failures. Build system adjustments ensure FORTIFY_SOURCE protection remains active while autobuild checks now handle trailing spaces correctly. Server administrators should apply the release during scheduled maintenance windows to guarantee clean daemon restarts and maintain reliable cross-platform file sharing.

Samba 4.23.7 Fixes Memory Leaks and GlusterFS Connection Issues for Better File Sharing Stability

The latest stable update for Samba 4.23 drops directly into the repository with targeted patches that address memory leaks and broken RPC calls. Server administrators running mixed environments will finally get relief from unbounded memory growth on persistent SMB2 connections. This release tightens up stability without adding unnecessary features or bloating the installation footprint.

Samba 4.23.7 Memory Leaks and Persistent SMB2 Connections

The GlusterFS VFS module has been patched to stop leaking directory file descriptors when clients maintain long running sessions. Server admins have reported unbounded memory growth on storage bricks when persistent SMB2 connections stay open past the usual maintenance window, and this update targets that exact failure point. The fix closes handles properly during routine directory enumeration operations so the system stops hoarding stale references in RAM. Watching a file server eat its own memory until it chokes is never on the agenda, which makes this patch a necessary cleanup for anyone running continuous cross platform shares.

RPC Workers and Keytab Growth

Long living clients connected through rpc workers were previously causing server memory keys to expand without bound. This issue stems from how authentication tickets get cached when sessions stay open for extended periods. The patch clears those keytab entries correctly so the system does not accumulate stale credentials over time. Systems that host remote desktop bridges or always on network drives will run cleaner under this adjustment, and administrators can stop manually clearing memory caches just to keep services responsive.

Build System and Client Library Fixes

Developers compiling from source now face fewer hurdles thanks to a corrected autobuild check for trailing spaces in the system version file. The libsmbclient posix extensions also receive attention after failing completely with SMB3 protocols. Those changes restore expected behavior when client applications attempt direct POSIX operations over modern encryption standards. A build flag update ensures FORTIFY_SOURCE remains active during compilation, which adds a layer of runtime buffer overflow protection without slowing down the final binary. Skipping this step leaves production builds exposed to basic memory corruption vectors that have been patched for years.

Snapper Integration and Spooler RPC Behavior

The vfs_snapper module previously failed to access or list files inside subdirectories when snapshot features were enabled. This update resolves the path resolution logic so backup tools can properly traverse versioned directories without throwing permission errors. Meanwhile, rpcclient enumport commands now return accurate data instead of dropping connections unexpectedly. These adjustments matter most for environments that rely on automated backups and legacy printer queue management over the network. Legacy spooler scripts will finally stop timing out when querying active ports across mixed operating systems.

Installation and Verification Steps

Server operators should pull the updated packages through their standard package manager before restarting background services because applying patches while daemons are running can leave orphaned processes holding onto old memory allocations. Running a quick version check confirms the patch level matches the stable release branch, which prevents accidental downgrades or mismatched library dependencies. Verifying service status afterward ensures SMB and RPC daemons reload without dropping active client sessions, since a clean restart guarantees all new file descriptor handling routines are properly loaded into kernel space. This approach prevents unnecessary downtime while confirming all memory management fixes are active before pushing the server back to production traffic.

All uncompressed tarballs and patch files are signed with GnuPG using key ID AA99442FB680B620. You can download the source code  from here.

Keep those file shares tidy and watch for the next round of stability patches. The team behind Samba continues to prioritize quiet reliability over flashy new features, which is exactly what production servers need. Grab the update when maintenance windows open up and let the background processes handle the rest.