ProHoster > Блог > rongo ipurangi > Samba 4.20.0 tuku

Samba 4.20.0 tuku

I muri i te ono marama o te whanaketanga, ka tukuna a Samba 4.20.0, e haere tonu ana te whanaketanga o te peka Samba 4 me te whakatinanatanga katoa o te kaiwhakahaere rohe me te ratonga Active Directory e hototahi ana ki te whakatinanatanga. Windows 2008, ā, ka taea te whakahaere i ngā putanga katoa e tautokona ana e Microsoft Windows-ngā kiritaki, tae atu ki Windows 11. He hua tūmau maha-mahi a Samba 4 e whakarato ana hoki i te tūmau kōnae, te ratonga tā, me te tūmau manatoko (winbind).

Nga huringa matua i Samba 4.20:

  • Mā te taunoa, ka whakahohea te hanganga o te taputapu hou "wspsearch" me te whakatinanatanga o tētahi kiritaki whakamātautau mō te kawa WSP (Windows Kawa Rapu). Mā te taputapu ka taea e koe te tuku patai rapu ki Windows- te tūmau e whakahaerehia ana te ratonga WSP.
  • Ka tautokona e te whakahau "smbcacls" te tuhi i ngā DACL ki tētahi kōnae me te whakaora i ngā DACL mai i tētahi kōnae. Ka tiakina ngā raraunga i roto i tētahi hōputu e tautokona ana e Windows-te taputapu 'icacls.exe', e whakarite ana i te kawe ngāwari o ngā kōnae me te DACL (Discretionary Access Control List) kua tiakina.
  • Ko nga taapiri mo nga kaupapa here uru ki te Active Directory (Kereme), nga kaupapa here motuhēhēnga (Nga Kaupapahere Motuhēhēnga) me nga ipu kaupapa here (Authentication Silos) kua taapirihia ki te taputapu "samba-taputapu". Ka taea te whakamahi i te Samba-tool ki te here i tetahi kaiwhakamahi ki nga kerēme mo te whakamahi i muri mai i roto i nga ture e whakatau ana ka taea e te kaiwhakamahi te uru ki tetahi kaupapa here motuhēhēnga.

    I tua atu, ka taea te whakamahi i te taputapu samba-tool ki te hanga me te whakahaere i nga kaupapa here motuhēhēnga, me te hanga me te whakahaere i nga ipu kaupapa here. Hei tauira, ma te whakamahi i te samba-tool ka taea e koe te whakatau i hea me te waahi ka taea e te kaiwhakamahi te hono mai, mena ka whakaaetia te NTLM, me nga ratonga ka taea te whakamana i te kaiwhakamahi.

  • I roto i te kaiwhakahaere Samba rohe Kei te tautoko a Active Directory i ngā kaupapa here motuhēhēnga (Ngā Kaupapa Here Motuhēhēnga) me ngā ipu kaupapa here (Ngā Silo Motuhēhēnga) i hangaia mā te whakamahi i te taputapu samba-tool, i kawemai rānei mai i ngā whirihoranga Microsoft AD. E wātea ana tēnei āhuatanga i runga i ngā pūnaha he taumata mahi Active Directory o te 2012_R2 neke atu rānei ("taumata mahi ad dc = 2016" i roto i te smb.conf).
  • Kua whakahoutia te taputapu samba-tool me te tautoko taha-kiritaki mō ngā pūkete gMSA (Pūkete Ratonga Whakahaere Rōpū), e whakamahi ana i ngā kupuhipa kua whakahoutia aunoa. Ko ngā whakahau whakahaere kupuhipa i whakaratohia i roto i te samba-tool, i mua ko te pātengi raraunga sam.ldb ā-rohe anake te whakamahinga, ka taea inaianei te whakamahi ki tētahi pātengi raraunga o waho. tūmau mō te urunga manatoko, mā te whakamahi i te kōwhiringa -H ldap://$DCNAME. Ko ngā mahi e tautokona ana ko: samba-tool user getpassword hei pānui i te kupuhipa gMSA o nāianei me o mua; samba-tool user get-kerberos-ticket hei tuhi i te Kerberos TGT (Ticket Granting Ticket) ki te keteroki pūkete ā-rohe.
  • He tautoko taapiri mo nga whakaurunga mana uru herenga (Aces here), ka whakaaehia, ka aukatihia ranei te uru i runga i nga tikanga taapiri - ki te kore te korero herenga e mahi, ka warewarehia te ACE, mena ka whakamahia hei ACE auau. Ka taea hoki te whakamahi i nga arowhai here ki nga huanga ahanoa haumaru e whakaahuatia ana e nga huanga rauemi punaha (Nga Huanga Rauemi ACE).
  • Ko te whakatinanatanga o te roopu ctdb kua taapirihia te kaha ki te whakarato i te ratonga MS-SWN (Service Witness Protocol), e taea ai e nga kiritaki te aro turuki i o raatau hononga SMB ki nga kohinga kohinga. Hei tauira, ka taea e te kiritaki e hono ana ki te node "A" te tono i te node "B" ki te tuku panui ki te kore e taea te toro atu ki te pona "A". Hei whakahaere i te ratonga, ka tukuna he raupapa whakahau "kaiwhakaatu kupenga [rarangi|neke-kaitono|whakawhitinga-whakahe|whakakore-rehita|whakahoki-whakahoki]" ka tukuna, ka taea e te kaiwhakahaere roopu te tiro i nga kiritaki kua rehitatia me te tono kia whakawhitia te hononga. ki etahi atu pona kahui.
  • Ko nga whirihoranga me te MIT Kerberos5 e whakahaere ana hei kaiwhakahaere rohe Active Directory me hiahia te iti rawa o te MIT Krb5 putanga 1.21, hei taapiri atu i te whakamarumaru ki te whakaraeraetanga CVE-2022-37967.
  • I te wa e hanga ana me te Heimdal Kerberos kawemai, kaore e hiahiatia kia whakauruhia te waahanga Perl JSON, engari ka whakamahia te JSON::PP i hangaia ki Perl5.
  • Ko nga whakahau "Samba-tool user getpassword" me "samba-tool user syncpasswords" i whakamahia hei whakatau me te tukutahi i te kupuhipa kua huri i o raatau putanga ina whakamahi i te ";rounds=" tawhā me nga huanga virtualCryptSHA256 me virtualCryptSHA512 (hei tauira, '—huanga ="virtualCryptSHA256; rauna=50000″'). Ko: virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF Inaianei: virtualCryptSHA256;rounds=2561:{CRYPT}$5$rounds=2561$hXem.M9onhM9VuixF
  • Ko te whakatinanatanga MS-WKST (Kawa Mamao Ratonga Teihanamahi) kua kore e tautoko i te whakaatu i te rarangi o nga kaiwhakamahi hono i runga i nga ihirangi o te konae /var/run/utmp, e penapena ana i nga raraunga mo nga kaiwhakamahi e mahi ana i te punaha. Kua whakakorehia te tautoko utmp na te whakaraeraetanga o te whakatakotoranga ki te putanga Tau 2038.

Source: opennet.ru

Hokona te manaaki pono mo nga waahi me te tiaki DDoS, nga kaiwhakarato VPS VDS 🔥 Hokona he manaaki paetukutuku pono me te tiakitanga DDoS, ngā tūmau VPS VDS | ProHoster