Release , who continued the development of the branch with a full implementation of a domain controller and an Active Directory service compatible with the implementation Windows 2000 and capable of handling all Microsoft supported versions Windows-clients, including Windows 10Samba 4 is a multi-functional server product that also provides a file server, print service, and authentication server (winbind).
Key in Samba 4.13:
- Added vulnerability protection (CVE-2020-1472) that allows an attacker to gain administrative rights on a domain controller on systems that do not use the "server schannel = yes" setting.
- The minimum Python version requirement has been raised from Python 3.5 to Python 3.6. The ability to build a file server with Python 2 has been preserved for now (before running ./configure' and 'make' you should set the environment variable 'PYTHON=python2'), but in the next branch it will be removed and Python 3.6 will be required for the build.
- The "wide links = yes" functionality, which allows file server administrators to create symbolic links to an area outside the current SMB/CIFS partition, has been moved from smbd to a separate "vfs_widelinks" module. Currently, this module is automatically loaded when the "wide links = yes" parameter is present in the settings. Support for "wide links = yes" is planned to be removed in the future due to security concerns, and samba users are strongly encouraged to use "mount --bind" to mount external parts of the file system instead of "wide links = yes".
- Support for classic domain controller mode has been deprecated. Users of NT4-based domain controllers ('classic') should migrate to using Samba Active Directory domain controllers to support modern features. Windows-clients.
- The insecure authentication methods that can only be used with the SMBv1 protocol have been deprecated: "domain logons", "raw NTLMv2 auth", "client plaintext auth", "client NTLMv2 auth", "client lanman auth", and "client use spnego".
- Removed support for "ldap ssl ads" option from smb.conf. The "server schannel" option is expected to be removed in the next release.
Source: opennet.ru
