ProHoster > Блог > labaran intanet > Sakin Samba 4.15.0

Sakin Samba 4.15.0

An gabatar da sakin Samba 4.15.0, wanda ya ci gaba da haɓaka reshen Samba 4 tare da cikakken aiwatar da mai sarrafa yanki da sabis na Active Directory, wanda ya dace da aiwatar da Windows 2000 kuma yana iya yin hidima ga duk nau'ikan abokan cinikin Windows. goyan bayan Microsoft, ciki har da Windows 10. Samba 4 samfuri ne na uwar garken multifunctional , wanda kuma yana ba da aiwatar da sabar fayil, sabis na bugawa, da uwar garken ainihi (winbind).

Canje-canje masu mahimmanci a cikin Samba 4.15:

  • An kammala aikin haɓaka Layer VFS. Don dalilai na tarihi, lambar tare da aiwatar da uwar garken fayil an haɗa shi da sarrafa hanyoyin fayil, wanda kuma aka yi amfani da shi don ka'idar SMB2, wanda aka canjawa wuri zuwa amfani da masu bayyanawa. Zamantakewa ya haɗa da canza lambar da ke ba da dama ga tsarin fayil ɗin uwar garken don amfani da masu kwatanta fayil maimakon hanyoyin fayil (misali, kiran fstat() maimakon stat() da SMB_VFS_FSTAT() maimakon SMB_VFS_STAT()).
  • Aiwatar da fasahar BIND DLZ (Yanayin da aka ɗora Kwatancen), wanda ke ba abokan ciniki damar aika buƙatun canja wurin yankin DNS zuwa uwar garken BIND kuma su karɓi amsa daga Samba, ya ƙara da ikon ayyana jerin hanyoyin shiga waɗanda ke ba ku damar tantance ko wane abokin ciniki ne. an yarda da irin waɗannan buƙatun kuma waɗanda ba. DLZ DNS plugin baya goyon bayan Bind rassan 9.8 da 9.9.
  • Taimako don tsawaita tashar tashoshi da yawa na SMB3 (SMB3 Multi-Channel Protocol) an kunna ta tsohuwa kuma an daidaita shi, baiwa abokan ciniki damar kafa haɗin kai da yawa don daidaita canja wurin bayanai a cikin zaman SMB guda ɗaya. Misali, lokacin samun damar fayil guda ɗaya, ana iya rarraba ayyukan I/O a cikin haɗe-haɗe masu buɗewa a lokaci ɗaya. Wannan yanayin yana ba ku damar haɓaka kayan aiki da haɓaka juriya ga gazawa. Don musaki Multi-Channel SMB3, dole ne ku canza zaɓin "tallafin tashoshi da yawa na uwar garken" a cikin smb.conf, wanda yanzu an kunna shi ta tsohuwa akan dandamali na Linux da FreeBSD.
  • Yanzu yana yiwuwa a yi amfani da umarnin samba-kayan aiki a cikin saitunan Samba da aka gina ba tare da goyan bayan mai sarrafa yanki na Active Directory ba (lokacin da aka ƙayyade zaɓin "--ba tare da-ad-dc") ba. Amma a wannan yanayin, ba duka ayyuka ke samuwa ba; misali, ikon 'yankin samba-tool' yana da iyaka.
  • Ingantattun layin umarni: An ƙaddamar da sabon binciken zaɓukan layin umarni don amfani a cikin kayan aikin samba daban-daban. Irin waɗannan zaɓuɓɓuka waɗanda suka bambanta a cikin kayan aiki daban-daban an haɗe su, alal misali, sarrafa zaɓuɓɓukan da suka shafi ɓoyewa, aiki tare da sa hannun dijital, da amfani da kerberos an haɗa su. smb.conf yana bayyana saituna don saita tsoffin ƙima don zaɓuɓɓuka. Don fitar da kurakurai, duk abubuwan amfani suna amfani da STDERR (don fitarwa zuwa STDOUT, ana ba da zaɓin "--debug-stdout").

    Ƙara "--client-protection=off|sign|encrypt" zaɓi.

    Zaɓuɓɓukan da aka sake suna: --kerberos -> --use-kerberos=ake buqata|ake buƙata -ccache -> --amfani- winbind-ccache

    Zaɓuɓɓukan da aka cire: “-e|—encrypt” da “-S|— sa hannu”.

    An yi aiki don tsaftace zaɓuɓɓukan kwafi a cikin ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename da ldbsearch, ndrdump, net, sharesec, smbcquotas, nmbd, smbd da winbindd utilities.

  • Ta hanyar tsohuwa, bincika jerin Amintattun Domain yayin gudanar da winbindd ba a kashe, wanda ke da ma'ana a zamanin NT4, amma bai dace da Active Directory ba.
  • Ƙara goyon baya ga tsarin ODJ (Yana Haɗin Domain Yanar Gizo), wanda ke ba ka damar haɗa kwamfuta zuwa yanki ba tare da tuntuɓar mai sarrafa yanki kai tsaye ba. A cikin tsarin aiki na Unix-kamar Samba, ana ba da umarnin 'net offlinejoin' don shiga, kuma a cikin Windows zaku iya amfani da daidaitaccen shirin djoin.exe.
  • Umurnin 'samba-tool dns zoneoptions' yana ba da zaɓuɓɓuka don saita tazarar sabuntawa da sarrafa share bayanan DNS da suka wuce. Idan an share duk bayanan don sunan DNS, an sanya kumburin a cikin jihar kabari.
  • DCE/RPC uwar garken DNS yanzu ana iya amfani da samba-tool da kayan aikin Windows don sarrafa bayanan DNS akan sabar waje.
  • Lokacin aiwatar da umarnin "samba-tool domain madadin offline", ana tabbatar da madaidaicin kullewa akan bayanan LMDB don karewa daga daidaitawar bayanai yayin wariyar ajiya.
  • Taimakon yarukan gwaji na ƙa'idar SMB - SMB2_22, SMB2_24 da SMB3_10, waɗanda aka yi amfani da su kawai a ginin Windows na gwaji.
  • A cikin ginawa tare da aiwatar da gwaji na Active Directory bisa MIT Kerberos, an ɗaga buƙatun sigar wannan fakitin. Gina yanzu yana buƙatar aƙalla nau'in MIT Kerberos 1.19 (wanda aka aika tare da Fedora 34).
  • An cire tallafin NIS.
  • Kafaffen rauni CVE-2021-3671, wanda ke ba mai amfani da ba shi da tabbacin ya yi karo da mai kula da yanki na Heimdal KDC idan an aika fakitin TGS-REQ wanda bai haɗa da sunan uwar garke ba.

source: budenet.ru

Add a comment