ProHoster > Блог > labaran intanet > Sakin Samba 4.17.0

Sakin Samba 4.17.0

An gabatar da sakin Samba 4.17.0, wanda ya ci gaba da haɓaka reshen Samba 4 tare da cikakken aiwatar da mai sarrafa yanki da sabis na Active Directory, wanda ya dace da aiwatar da Windows 2008 kuma yana iya yin hidima ga duk nau'ikan abokan cinikin Windows. goyan bayan Microsoft, ciki har da Windows 11. Samba 4 samfuri ne na uwar garken multifunctional , wanda kuma yana ba da aiwatar da sabar fayil, sabis na bugawa, da uwar garken ainihi (winbind).

Canje-canje masu mahimmanci a cikin Samba 4.17:

  • An yi aiki don kawar da koma baya a cikin ayyukan sabar SMB masu aiki waɗanda suka bayyana sakamakon ƙara kariya daga lahanin magudin symlink. Daga cikin abubuwan ingantawa da aka yi, an ambaci rage kiran tsarin lokacin duba sunan directory da rashin amfani da abubuwan da suka faru lokacin da ake sarrafa ayyukan gasa waɗanda ke haifar da jinkiri.
  • An ba da ikon gina Samba ba tare da goyan bayan ka'idar SMB1 a cikin smbd ba. Don musaki SMB1, ana aiwatar da zaɓin "--without-smb1-uwar garke" a cikin saitin rubutun ginawa (yana shafar smbd kawai; tallafi ga SMB1 yana riƙe a cikin ɗakunan karatu na abokin ciniki).
  • Lokacin amfani da MIT Kerberos 1.20, ana aiwatar da ikon magance harin Bronze Bit (CVE-2020-17049) ta hanyar canja wurin ƙarin bayani tsakanin abubuwan KDC da KDB. A cikin tsohuwar KDC na tushen Heimdal Kerberos, an daidaita batun a cikin 2021.
  • Lokacin da aka gina shi tare da MIT Kerberos 1.20, mai kula da yanki na Samba yanzu yana goyan bayan Kerberos kari S4U2Self da S4U2Proxy, kuma yana ƙara iyawa don Taƙaddama Taƙaddama ta Resource Based Delegation (RBCD). Don sarrafa RBCD, 'add-principal' da 'del-principal' subcommands an ƙara zuwa umurnin "samba-tool tawagar". Tsohuwar tushen KDC na Heimdal Kerberos bai riga ya goyi bayan yanayin RBCD ba.
  • Sabis na DNS da aka gina a ciki yana ba da damar canza tashar tashar yanar gizon da ke karɓar buƙatun (misali, don gudanar da wani uwar garken DNS akan wannan tsarin da ke tura wasu buƙatun zuwa Samba).
  • A cikin ɓangaren CTDB, wanda ke da alhakin aiwatar da saitunan gungu, an rage abubuwan da ake buƙata don daidaitawa na fayil ɗin ctdb.tunables. Lokacin gina Samba tare da zaɓuɓɓukan "-with-cluster-support" da "--systemd-install-services", an tabbatar da shigar da tsarin sabis na CTDB. An dakatar da rubutun ctdbd_wrapper - yanzu an ƙaddamar da tsarin ctdbd kai tsaye daga sabis ɗin tsarin ko daga rubutun init.
  • Ba a aiwatar da saitin 'nt hash store = never', wanda ya haramta ajiyar "tsirara" (ba tare da gishiri) hashes na kalmomin shiga na Active Directory ba. A cikin sigar ta gaba, saitin 'nt hash store' na tsoho za a saita shi zuwa "auto", inda za a yi amfani da yanayin "ba" idan akwai saitin 'ntlm auth = disabled'.
  • An ba da shawarar ɗaure don samun damar API ɗin ɗakin karatu na smbconf daga lambar Python.
  • Shirin smbstatus yana aiwatar da ikon fitar da bayanai a cikin tsarin JSON (an kunna tare da zaɓin "-json").
  • Mai sarrafa yanki yana goyan bayan rukunin tsaro na "Masu Kare Masu Amfani", wanda ya bayyana a cikin Windows Server 2012 R2 kuma baya ba da izinin amfani da nau'ikan ɓoyayyen ɓoyayyen (ga masu amfani a cikin rukuni, tallafi don amincin NTLM, Kerberos TGTs dangane da RC4, ƙuntatawa da rashin ƙarfi). an kashe wakilai).
  • An dakatar da goyan bayan shagon kalmar sirri na tushen LanMan da hanyar tantancewa (saitin "lanman auth=ee" yanzu ba shi da wani tasiri).

    source: budenet.ru

Add a comment