Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Samba 4.13.0 kumasulidwa

Samba 4.13.0 kumasulidwa

Yovomerezedwa ndi kumasula Samba 4.13.0, amene anapititsa patsogolo chitukuko cha nthambi Samba 4 ndi kukhazikitsa kwathunthu kwa domain controller ndi Active Directory service, yogwirizana ndi kukhazikitsidwa kwa Windows 2000 komanso yokhoza kutumizira mitundu yonse yamakasitomala a Windows mothandizidwa ndi Microsoft, kuphatikiza Windows 10. Samba 4 ndi seva yamitundu yambiri yomwe imaperekanso kukhazikitsa seva yamafayilo, ntchito yosindikiza ndi seva yodziwika (winbind).

Chinsinsi kusintha mu Samba 4.13:

  • Chitetezo chowonjezera pachiwopsezo Zerologon (CVE-2020-1472) imalola wowukirayo kuti apeze ufulu woyang'anira pawoyang'anira madambwe pamakina omwe sagwiritsa ntchito "server schannel = inde".
  • Zofunikira zochepa za mtundu wa Python zawonjezedwa kuchokera ku Python 3.5 kupita ku Python 3.6. Kutha kupanga seva yamafayilo ndi Python 2 kwasungidwa pakadali pano (musanayambe ./configure' ndi 'kupanga' muyenera kukhazikitsa kusintha kwa chilengedwe 'PYTHON=python2'), koma munthambi yotsatira idzachotsedwa ndipo Python 3.6 idzafunika pakumanga.
  • Ntchito ya "wide links = inde", yomwe imalola oyang'anira seva ya fayilo kupanga maulalo ophiphiritsira kudera lomwe lili kunja kwa gawo la SMB / CIFS lomwe lilipo pano, lasunthidwa kuchokera ku smbd kupita ku gawo losiyana la "vfs_widelinks". Pakadali pano, gawoli lidakwezedwa ngati gawo la "wide link = inde" lilipo pazokonda. M'tsogolomu, akukonzekera kuchotsa chithandizo cha "wide links = inde" chifukwa cha chitetezo, ndipo ogwiritsa ntchito samba akulimbikitsidwa kwambiri kuti asinthe kuchokera ku "wide links = inde" kuti agwiritse ntchito "mount --bind" kuti akhazikitse mbali zakunja za fayilo ya fayilo.
  • Thandizo lachiwongolero chamtundu wakale chatsika. Ogwiritsa ntchito madomeni ngati NT4 ('classic') akuyenera kusintha kugwiritsa ntchito Samba Active Directory domain controller kuti athe kugwira ntchito ndi makasitomala amakono a Windows.
  • Njira zotsimikizirika zosatetezedwa zomwe zingagwiritsidwe ntchito ndi protocol ya SMBv1 yokha: "madomeni logons", "raw NTLMv2 auth", "client plaintext auth", "client NTLMv2 auth", "client lanman auth" ndi "client use spnego".
  • Thandizo la "ldap ssl ads" njira yachotsedwa ku smb.conf. Njira ya "seva schannel" ikuyembekezeka kuchotsedwa pakutulutsidwa kotsatira.

Source: opennet.ru

Kuwonjezera ndemanga