ProHoster > Blog > talafou initaneti > Samba 4.15.0 tatala

Samba 4.15.0 tatala

O le faʻasalalauga Samba 4.15.0 o loʻo tuʻuina atu, lea o loʻo faʻaauauina le atinaʻeina o le Samba 4 lala faʻatasi ai ma le faʻatinoina atoatoa o se pule faʻatonu ma se auaunaga Active Directory e fetaui ma le faʻatinoga o le Windows 2000 ma e mafai ona tuʻuina atu ituaiga uma o. Windows clients supported by Microsoft, including Windows 10. Samba 4 is a multifunctional server product , lea e maua ai foi se faatinoga o le faila faila, auaunaga lolomi, ma le faasinomaga (winbind).

Suiga taua ile Samba 4.15:

  • Ua mae'a le galuega ile fa'aleleia o le VFS layer. Mo mafuaʻaga faʻasolopito, o le code faʻatasi ma le faʻaogaina o le faila faila na faʻapipiʻiina i le faʻaogaina o ala faila, lea na faʻaaogaina foi mo le SMB2 protocol, lea na faʻafeiloaʻi i le faʻaaogaina o faʻamatalaga. O le fa'aonaponei e aofia ai le fa'aliliuina o le code lea e maua ai le avanoa i le faila faila a le server e fa'aaoga ai faila faila nai lo ala faila (mo se fa'ata'ita'iga, vala'au fstat() nai lo stat() ma SMB_VFS_FSTAT() nai lo SMB_VFS_STAT()).
  • O le faʻatinoina o le BIND DLZ (Dynamically-loaded zones) tekinolosi, lea e mafai ai e tagata faʻatau ona tuʻuina atu talosaga faʻafeiloaʻi DNS i le BIND server ma maua se tali mai Samba, ua faʻaopoopoina le tomai e faʻamalamalamaina ai lisi avanoa e mafai ai ona e iloa po o ai tagata o loʻo i ai. na fa'atagaina ia talosaga ae leai. O le DLZ DNS plugin ua le toe lagolagoina le Bind lala 9.8 ma le 9.9.
  • Lagolago mo le SMB3 multi-channel extension (SMB3 Multi-Channel protocol) e mafai ona faʻaogaina ma faʻamautu, faʻatagaina tagata faʻatau e faʻatuina le tele o fesoʻotaʻiga e faʻatusatusa ai felauaiga faʻamatalaga i totonu o le SMB se tasi. Mo se faʻataʻitaʻiga, pe a faʻaogaina se faila e tasi, e mafai ona tufatufaina atu galuega I / O i le tele o fesoʻotaʻiga tatala i le taimi e tasi. O lenei faiga e mafai ai e oe ona faʻateleina le gaosiga ma faʻateleina le teteʻe atu i toilalo. Ina ia tape le SMB3 Multi-Channel, e tatau ona e suia le "server multi channel support" filifiliga i smb.conf, lea ua mafai nei ona o le faaletonu i luga o Linux ma FreeBSD platforms.
  • Ua mafai nei ona faʻaogaina le samba-tool command i Samba configurations fausia e aunoa ma le Active Directory domain controller support (pe a faʻamaonia le "--without-ad-dc" filifiliga). Ae i lenei tulaga, e le o avanoa uma e maua; mo se faʻataʻitaʻiga, o le gafatia o le 'samba-tool domain' e faʻatapulaʻa.
  • Fa'aleleia le fa'aogaina o laina fa'atonu: Ua fa'atūina se fa'atonuga fou o le fa'atonuga mo le fa'aogaina i le tele o fa'aoga samba. O filifiliga tutusa e eseʻese i faʻaoga eseese ua tuʻufaʻatasia, mo se faʻataʻitaʻiga, o le faʻagasologa o filifiliga e fesoʻotaʻi ma faʻailoga, galue ma saini numera, ma le faʻaogaina o kerberos ua tuʻufaʻatasia. smb.conf o loʻo faʻamatalaina tulaga mo le setiina o tau faʻaoga mo filifiliga. I mea sese, fa'aoga uma e fa'aoga le STDERR (mo le gaosiga i le STDOUT, o le filifiliga "--debug-stdout" e ofoina atu).

    Fa'aopoopoina le "--client-protection=off|sign|encryption" filifiliga.

    Filifiliga toe fa'aigoa: --kerberos -> --use-kerberos=mana'omia|mana'omia|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --use -ccache -> --faaaoga- winbind-ccache

    Aveese filifiliga: “-e|—encryption” ma le “-S|—signing”.

    Ua mae'a galuega e fa'amama ai fa'alua filifiliga i le ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename ma ldbsearch, ndrdump, net, sharesec, smbcquotas, nmbd, smbd ma winbindd utilities.

  • Ona o le faaletonu, su'esu'e le lisi o Domains Fa'atuatuaina pe a fa'aletonu le ta'avale winbindd, lea e talafeagai i aso o le NT4, ae le talafeagai mo Active Directory.
  • Fa'aopoopoina le lagolago mo le ODJ (Offline Domain Join) masini, lea e mafai ai ona e fa'afeso'ota'i se komipiuta i se vaega e aunoa ma le fa'afeso'ota'i sa'o i le pule o le domain. I le Samba-based Unix-like OSes, o le 'net offlinejoin' command e ofoina atu mo le auai, ma i Windows e mafai ona e faʻaogaina le polokalame djoin.exe masani.
  • O le 'samba-tool dns zoneoptions' o lo'o tu'uina atu ai filifiliga mo le fa'atulagaina o taimi fa'afou ma le fa'atonutonuina o le fa'amamaina o fa'amaumauga DNS tuai. Afai e tape uma faʻamaumauga mo se igoa DNS, e tuʻu le node i se tulaga maʻa tuugamau.
  • DNS server DCE/RPC ua mafai nei ona fa'aogaina e samba-tool ma Windows utilities e fa'aogaina fa'amaumauga DNS i luga o se server i fafo.
  • Pe a fa'atinoina le fa'atonuga o le "samba-tool domain backup offline", o le loka sa'o i luga o le LMDB database e mautinoa e puipuia mai suiga tutusa o fa'amaumauga i le taimi o le fa'amaumauga.
  • Lagolago mo gagana faʻataʻitaʻiga o le SMB protocol - SMB2_22, SMB2_24 ma SMB3_10, lea na faʻaaogaina i suʻega suʻega o Windows, ua faʻagata.
  • I le fausiaina ma se faʻataʻitaʻiga faʻatinoga o Active Directory faʻavae i luga o le MIT Kerberos, o manaʻoga mo le faʻasologa o lenei afifi ua siitia. Fausia nei e manaʻomia le itiiti ifo i le MIT Kerberos version 1.19 (faʻatau ma Fedora 34).
  • Ua aveese le lagolago a le NIS.
  • Fa'amautu vaivai CVE-2021-3671, lea e mafai ai e se tagata e le'i fa'amaoniaina ona fa'ato'ilaloina se Heimdal KDC-based domain controller pe afai e lafo se pepa TGS-REQ e le aofia ai se igoa server.

puna: opennet.ru

Faaopoopo i ai se faamatalaga