Kutulutsidwa kwa Samba 4.17.0 kumaperekedwa, komwe kukupitiliza kukula kwa nthambi ya Samba 4 ndikukhazikitsa kwathunthu kwa woyang'anira dera ndi ntchito ya Active Directory yomwe imagwirizana ndi kukhazikitsidwa kwa Windows 2008 ndipo imatha kugwiritsa ntchito mitundu yonse ya Makasitomala a Windows omwe amathandizidwa ndi Microsoft, kuphatikiza Windows 11. Samba 4 ndi multifunctional server product , yomwe imaperekanso kukhazikitsidwa kwa seva ya fayilo, ntchito yosindikiza, ndi seva yodziwika (winbind).
Zosintha zazikulu mu Samba 4.17:
- Ntchito yachitidwa kuti athetseretu kuyambiranso kwa ma seva otanganidwa a SMB omwe adawonekera chifukwa chowonjezera chitetezo ku zovuta zosokoneza ma symlink. Zina mwa zokometsera zomwe zimachitika, zimatchulidwanso za kuchepetsa mafoni amachitidwe mukamayang'ana dzina lachikwatu komanso osagwiritsa ntchito zochitika zodzuka pokonza zomwe zimabweretsa kuchedwa.
- Kutha kumanga Samba popanda kuthandizidwa ndi protocol ya SMB1 mu smbd kwaperekedwa. Kuti mulepheretse SMB1, njira ya "--without-smb1-server" imayikidwa mu configure build script (imangokhudza smbd; thandizo la SMB1 limasungidwa m'malaibulale a kasitomala).
- Mukamagwiritsa ntchito MIT Kerberos 1.20, kuthekera kothana ndi kuukira kwa Bronze Bit (CVE-2020-17049) kumayendetsedwa ndi kusamutsa zambiri pakati pa KDC ndi KDB. Mu KDC yokhazikika ya Heimdal Kerberos, nkhaniyi idakonzedwa mu 2021.
- Ikamangidwa ndi MIT Kerberos 1.20, woyang'anira dera la Samba tsopano amathandizira zowonjezera za Kerberos S4U2Self ndi S4U2Proxy, ndikuwonjezeranso kuthekera kwa Resource Based Constrained Delegation (RBCD). Kuwongolera RBCD, 'add-principal' ndi 'del-principal' subcommand awonjezedwa ku lamulo la "samba-tool delegation". KDC yokhazikika ya Heimdal Kerberos sichigwirizana ndi RBCD mode.
- Ntchito yomangidwa mu DNS imapereka mwayi wosintha doko la netiweki lomwe limalandira zopempha (mwachitsanzo, kuyendetsa seva ina ya DNS pamakina omwewo omwe amalozeranso zopempha zina ku Samba).
- Mu gawo la CTDB, lomwe limayang'anira magwiridwe antchito amagulu amagulu, zofunikira za syntax ya fayilo ya ctdb.tunables zachepetsedwa. Mukamanga Samba ndi zosankha za "--with-cluster-support" ndi "--systemd-install-services", kukhazikitsa kwa systemd service kwa CTDB kumatsimikizika. ctdbd_wrapper script yathetsedwa - ndondomeko ya ctdbd tsopano yakhazikitsidwa mwachindunji kuchokera ku systemd service kapena init script.
- Zosintha za 'nt hash store = never' zakhazikitsidwa, zomwe zimaletsa kusungidwa kwa "maliseche" (popanda mchere) ma passwords a Active Directory. Mu mtundu wotsatira, zosintha za 'nt hash store' zidzakhazikitsidwa kukhala "auto", momwemo "never" idzagwiritsidwa ntchito ngati 'ntlm auth = disabled' ilipo.
- Kumanga kwaperekedwa kuti mupeze smbconf library API kuchokera ku Python code.
- Pulogalamu ya smbstatus imagwiritsa ntchito kuthekera kotulutsa zambiri mumtundu wa JSON (wothandizidwa ndi "-json").
- Woyang'anira dera amathandizira gulu lachitetezo la "Protected Users", lomwe lidawonekera mu Windows Server 2012 R2 ndipo sililola kugwiritsa ntchito mitundu yofowoka ya encryption (kwa ogwiritsa ntchito pagulu, kuthandizira kutsimikizika kwa NTLM, Kerberos TGTs kutengera RC4, kukakamizidwa komanso kusagwirizana. nthumwi ndizolemala).
- Thandizo la malo osungira achinsinsi ozikidwa pa LanMan ndi njira yotsimikizira zathetsedwa (makonzedwe a "lanman auth=yes" tsopano alibe mphamvu).
Source: opennet.ru