Samba 4.24.2 drops a stable update that finally plugs a GlusterFS memory leak draining RAM on persistent SMB2 connections. The release patches CVE-2026-40170, fixes the Windows Offline Files permission errors that break laptop sync, and repairs winbindd crashes that have been tripping up domain controllers. Administrators should pull the update through their package manager or compile it manually after testing in a staging environment. Keeping the server patched stops those predictable memory spikes and keeps client sync workflows from falling apart.

Samba 4.24.2 Fixes Critical Network Shares and Stops GlusterFS Memory Leaks

Samba 4.24.2 just dropped and brings more than routine maintenance to Linux network shares. The update patches a third-party cryptographic library, stops a GlusterFS memory leak that eats RAM on persistent SMB2 connections, and finally fixes Windows Offline Files permission errors that have plagued homelab setups. Anyone running file servers or domain controllers should grab this release before the next patch cycle closes.

Why the Samba 4.24.2 GlusterFS descriptor leak matters for persistent shares

The directory file descriptor leak in vfs_glusterfs has been silently draining system memory for anyone using GlusterFS bricks with long-lived SMB2 sessions. Sysadmins routinely watch memory graphs climb during peak hours when persistent connections refuse to release handles, and this patch stops the slow bleed before it forces a reboot. The fix closes the leak and keeps the brick responsive without requiring a service restart. Homelab administrators who rely on GlusterFS for distributed storage should treat this as a priority update rather than a nice-to-have.

Windows Offline Files and permission errors finally get sorted

Windows Offline Files has been throwing permission errors when directories carry the read-only attribute, which breaks sync workflows for laptops and remote workers. The update clears that roadblock so clients can cache files without hitting access denials. Network admins who manage mixed Windows and Linux environments will notice fewer helpdesk tickets about broken offline folders. The change aligns Samba behavior closer to what Windows clients expect without forcing administrators to strip read-only flags across shared folders.

Domain controller stability and security patches take priority

The third-party ngtcp2 library update addresses CVE-2026-40170, which affects how Samba handles TLS connections in certain networking stacks. Skipping that patch leaves the server exposed to potential cryptographic bypasses or connection drops. The release also repairs winbindd crashes triggered by smbpasswd commands and fixes a CTDB use-after-free bug that could corrupt cluster records. Domain controllers and RODC setups get additional attention since restricting anonymous connections to level two previously broke read-only replica functionality. Those trust relationships now work correctly when NTLMv2 session security is enforced.

How to apply the update without breaking active shares

Downloading the source tarball from the official Samba stable directory is the standard path for distribution maintainers and custom builds. Administrators running Debian, Ubuntu, or RHEL based systems should check their package repositories first since most distros will push this update automatically through security channels. Manual compilation requires rebuilding the winbind and smbd components against the new headers, followed by a graceful restart of the samba service to clear old memory pools. Testing the update in a staging environment before rolling it out to production file servers prevents unexpected permission shifts or cluster sync delays.

Keep the shares running clean and drop a note if the GlusterFS leak bites anyone else. Happy file serving.