Kuburitswa kweSamba 4.15.0 kwaunzwa, uko kunoenderera mberi nekuvandudzwa kwebazi reSamba 4 nekuita kwakazara kwedomain controller uye Active Directory sevhisi, inoenderana neWindows 2000 kuita uye inokwanisa kushandira ese mavhezheni eWindows vatengi vanotsigirwa ne Microsoft, kusanganisira Windows 10. Samba 4 is a multifunctional server product , iyo inopawo kushandiswa kwefaira yefaira, sevhisi yekudhinda, uye identity server (winbind).
Kuchinja kukuru muSamba 4.15:
- Basa rekusimudzira VFS layer rakapedzwa. Nokuda kwezvikonzero zvezvakaitika kare, kodhi nekushandiswa kwefaira yefaira yakasungirirwa pakugadziriswa kwefaira nzira, iyo yakashandiswawo kune SMB2 protocol, iyo yakaendeswa kune kushandiswa kwezvinotsanangurwa. Iyo yemazuva ano inosanganisira kushandura kodhi inopa mukana kune server's faira system kushandisa faira zvinotsanangura panzvimbo yemafaira nzira (semuenzaniso, kufona fstat() pachinzvimbo che stat() uye SMB_VFS_FSTAT() pachinzvimbo cheSMB_VFS_STAT()).
- Kuitwa kweiyo BIND DLZ (Dynamically-loaded zones) tekinoroji, iyo inobvumira vatengi kutumira zvikumbiro zveDNS zone kuBIND server uye kugamuchira mhinduro kubva kuSamba, yakawedzera kugona kutsanangura rondedzero yekuwana iyo inokutendera kuti uone kuti ndevapi vatengi. vakabvumira zvikumbiro zvakadaro uye izvo zvisiri. Iyo DLZ DNS plugin haichatsigire Bind mapazi 9.8 uye 9.9.
- Tsigiro yeSMB3 yakawanda-channel yekuwedzera (SMB3 Multi-Channel protocol) inogoneswa nekusarudzika uye yakagadzikana, ichibvumira vatengi kumisikidza akawanda makubatanidza kuti aenzanise kufambiswa kwedata mukati mechikamu chimwe cheSMB. Semuenzaniso, kana uchiwana imwe faira, I/O mashandiro anogona kugovaniswa pane akawanda akavhurika ekubatanidza kamwechete. Iyi modhi inobvumidza iwe kuti uwedzere kubuda uye kuwedzera kuramba kune kukundikana. Kudzima SMB3 Multi-Channel, unofanira kushandura "sevha yakawanda chiteshi tsigiro" mu smb.conf, iyo yave kugoneswa nekusarudzika paLinux uye FreeBSD mapuratifomu.
- Izvozvi zvinogoneka kushandisa samba-chishandiso kuraira muSamba zvigadziriso zvakavakwa pasina Active Directory domain controller rutsigiro (kana iyo "--pasina-ad-dc" sarudzo yatsanangurwa). Asi mune iyi kesi, hazvisi zvese zvinoshanda zviripo; semuenzaniso, kugona kweiyo 'samba-tool domain' yekuraira kunogumira.
- Yakavandudzwa yekuraira mutsara interface: Iyo nyowani yekuraira mutsara sarudzo parser yakakurudzirwa kuti ishandiswe mune dzakasiyana samba zvinoshandiswa. Sarudzo dzakafanana dzakasiana mumhando dzakasiyana dzekushandisa dzakabatanidzwa, semuenzaniso, kugadzirisa kwesarudzo dzine chekuita nekuvharidzira, kushanda nemasiginecha edhijitari, uye kushandisa kerberos kwakabatanidzwa. smb.conf inotsanangura marongero ekugadzirisa zvimiro zvesarudzo. Kuburitsa zvikanganiso, zvese zvinoshandiswa zvinoshandisa STDERR (yekubuda kuSTDOUT, iyo "-debug-stdout" sarudzo inopihwa).
Yakawedzerwa "--client-protection=off|sign|encrypt" sarudzo.
Sarudzo dzakapihwa mazita: --kerberos -> --use-kerberos=required|desired|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --kushandisa -ccache -> --shandisa- winbind-ccache
Sarudzo dzakabviswa: β-e|βencryptβ uye β-S|βkusainaβ.
Basa rakaitwa kuchenesa zvakapetwa sarudzo muldbadd, ldbdel, ldbedit, ldbmodify, ldbrename uye ldbsearch, ndrdump, net, sharesec, smbcquotas, nmbd, smbd uye winbindd utilities.
- Nekusagadzika, kuongorora rondedzero yeTrusted Domains kunovharwa kana uchimhanya winbindd, izvo zvine musoro mumazuva eNT4, asi hazvina basa kune Active Directory.
- Yakawedzera tsigiro yeODJ (Offline Domain Join) meshini, iyo inokutendera iwe kujoinha komputa kune dhomeini pasina kubata zvakananga domain controller. MuSamba-based Unix-senge masisitimu anoshanda, iwo 'net offlinejoin' murairo unopihwa kuti ubatanidze, uye muWindows unogona kushandisa yakajairwa djoin.exe chirongwa.
- Iwo 'samba-tool dns zoneoptions' murairo unopa sarudzo dzekugadzirisa nguva yekuvandudza uye kutonga kucheneswa kwemarekodhi ekare eDNS. Kana zvese zvinyorwa zvezita reDNS zvadzimwa, node inoiswa muguva.
- DNS sevha DCE/RPC ikozvino inogona kushandiswa nesamba-turusi uye Windows zvinoshandiswa kugadzirisa marekodhi eDNS pane sevha yekunze.
- Paunenge uchiita iyo "samba-tool domain backup offline" kuraira, kukiya kwakaringana pane iyo LMDB dhatabhesi kunovimbiswa kudzivirira kubva kunoenderana kuchinjika kwedata panguva yekuchengetedza.
- Tsigiro yemitauro yekuyedza yeSMB protocol - SMB2_22, SMB2_24 uye SMB3_10, iyo yaishandiswa chete mukuyedza kuvaka kweWindows, yamiswa.
- Mukuvaka nekuyedza kuita kweActive Directory yakavakirwa paMIT Kerberos, izvo zvinodikanwa zveshanduro yepakeji iyi zvakasimudzwa. Kuvaka ikozvino kunoda kanenge MIT Kerberos shanduro 1.19 (yakatumirwa neFedora 34).
- Tsigiro yeNIS yakabviswa.
- Fixed vulnerability CVE-2021-3671, iyo inobvumira mushandisi asina kutenderwa kukanganisa Heimdal KDC-based domain controller kana TGS-REQ packet yatumirwa isingasanganisire zita reseva.
Source: opennet.ru