Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Samba 4.15.0 kumasulidwa

Samba 4.15.0 kumasulidwa

Kutulutsidwa kwa Samba 4.15.0 kumaperekedwa, komwe kukupitiliza kukula kwa nthambi ya Samba 4 ndikukhazikitsa kwathunthu kwa woyang'anira dera ndi ntchito ya Active Directory yomwe imagwirizana ndi kukhazikitsidwa kwa Windows 2000 ndipo imatha kugwiritsa ntchito mitundu yonse ya Makasitomala a Windows omwe amathandizidwa ndi Microsoft, kuphatikiza Windows 10. Samba 4 ndi multifunctional server product , yomwe imaperekanso kukhazikitsidwa kwa seva ya fayilo, ntchito yosindikiza, ndi seva yodziwika (winbind).

Zosintha zazikulu mu Samba 4.15:

  • Ntchito yokweza VFS layer yatha. Pazifukwa zakale, kachidindo ndi kukhazikitsidwa kwa seva yamafayilo kumalumikizidwa ndi kukonza njira zamafayilo, zomwe zidagwiritsidwanso ntchito pa protocol ya SMB2, yomwe idasamutsidwa kugwiritsa ntchito zofotokozera. Kusintha kwamakono kumaphatikizapo kusintha kachidindo komwe kamapereka mwayi wofikira ku fayilo ya seva kuti agwiritse ntchito zofotokozera mafayilo m'malo mwa mafayilo (mwachitsanzo, kuyitana fstat () m'malo mwa stat () ndi SMB_VFS_FSTAT () m'malo mwa SMB_VFS_STAT ()).
  • Kukhazikitsidwa kwaukadaulo wa BIND DLZ (Dynamically-loaded zones), womwe umalola makasitomala kutumiza zopempha za DNS zone ku seva ya BIND ndikulandila yankho kuchokera ku Samba, kwawonjezera kuthekera kofotokozera mindandanda yofikira yomwe imakupatsani mwayi wodziwa makasitomala omwe ali. amalola zopempha zotere ndi zomwe sizili. Pulogalamu yowonjezera ya DLZ DNS sikuthandizanso nthambi za Bind 9.8 ndi 9.9.
  • Thandizo la SMB3 multi-channel extension (SMB3 Multi-Channel protocol) imayatsidwa mwachisawawa komanso yokhazikika, zomwe zimalola makasitomala kukhazikitsa maulendo angapo kuti agwirizane ndi kusamutsidwa kwa deta mkati mwa gawo limodzi la SMB. Mwachitsanzo, mukapeza fayilo imodzi, ntchito za I/O zitha kugawidwa pamalumikizidwe angapo otseguka nthawi imodzi. Njirayi imakupatsani mwayi wowonjezera kutulutsa ndikuwonjezera kukana zolephera. Kuti mulepheretse SMB3 Multi-Channel, muyenera kusintha njira ya "server multi channel support" mu smb.conf, yomwe tsopano imayatsidwa mwachisawawa pa nsanja za Linux ndi FreeBSD.
  • Tsopano ndizotheka kugwiritsa ntchito lamulo la chida cha samba mumasinthidwe a Samba omangidwa popanda Active Directory domain controller support (pamene njira ya "--without-ad-dc" yafotokozedwa). Koma pamenepa, si ntchito zonse zomwe zilipo; mwachitsanzo, mphamvu za lamulo la 'samba-tool domain' ndizochepa.
  • Kuwongolera kwa mzere wamalamulo: Chosankha chatsopano cha mzere wamalamulo chaperekedwa kuti chigwiritsidwe ntchito pazinthu zosiyanasiyana za samba. Zosankha zofananira zomwe zimasiyana pazothandizira zosiyanasiyana zalumikizidwa, mwachitsanzo, kukonza zosankha zokhudzana ndi kubisa, kugwira ntchito ndi siginecha ya digito, ndikugwiritsa ntchito kerberos kwalumikizidwa. smb.conf imatanthawuza zoikamo zokhazikitsira makonda pazosankha. Kuti mutulutse zolakwika, zida zonse zimagwiritsa ntchito STDERR (zotulutsa ku STDOUT, njira ya "-debug-stdout" imaperekedwa).

    Chowonjezera "--client-protection=off|sign|encrypt".

    Zosankha zosinthidwa: --kerberos -> --use-kerberos=required|desired|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --use -ccache -> --use- winbind-ccache

    Zosankha zomwe zachotsedwa: β€œ-e|β€”encrypt” ndi β€œ-S|β€”signing”.

    Ntchito yachitidwa kuyeretsa zobwereza muzothandizira za ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename ndi ldbsearch, ndrdump, net, sharesec, smbcquotas, nmbd, smbd ndi winbindd.

  • Mwachikhazikitso, kusanthula mndandanda wa Ma Domain Odalirika poyendetsa winbindd kumayimitsidwa, zomwe zinali zomveka m'masiku a NT4, koma sizogwirizana ndi Active Directory.
  • Thandizo lowonjezera la makina a ODJ (Offline Domain Join), omwe amakulolani kuti mulowetse kompyuta ku domain popanda kulankhulana mwachindunji ndi woyang'anira dera. Mu Samba-based Unix-like OSes, lamulo la 'net offlinejoin' limaperekedwa kuti mulowe nawo, ndipo mu Windows mutha kugwiritsa ntchito pulogalamu ya djoin.exe.
  • Lamulo la 'samba-tool dns zoneoptions' limapereka zosankha zokhazikitsa nthawi yosinthira ndikuwongolera kuchotsedwa kwa ma DNS akale. Ngati zolemba zonse za dzina la DNS zichotsedwa, mfundoyi imayikidwa pamwala wamanda.
  • Seva ya DNS DCE/RPC tsopano itha kugwiritsidwa ntchito ndi zida za samba ndi Windows kusokoneza ma DNS marekodi pa seva yakunja.
  • Mukamapereka lamulo la "samba-tool domain Backup offline", kutseka kolondola pa nkhokwe ya LMDB kumatsimikiziridwa kuti mutetezedwe kukusintha kofananira kwa data pakusunga zosunga zobwezeretsera.
  • Thandizo la zilankhulo zoyesera za protocol ya SMB - SMB2_22, SMB2_24 ndi SMB3_10, zomwe zidangogwiritsidwa ntchito pamayesero a Windows, zathetsedwa.
  • Pakumanga ndi kuyesa koyeserera kwa Active Directory kutengera MIT Kerberos, zofunikira za mtundu wa phukusili zakwezedwa. Kumanga tsopano kumafuna osachepera MIT Kerberos version 1.19 (yotumizidwa ndi Fedora 34).
  • Thandizo la NIS lachotsedwa.
  • Chiwopsezo chokhazikika CVE-2021-3671, chomwe chimalola wogwiritsa ntchito wosavomerezeka kusokoneza woyang'anira dera la Heimdal KDC ngati paketi ya TGS-REQ yatumizidwa yomwe ilibe dzina la seva.

Source: opennet.ru

Kuwonjezera ndemanga