ProHoster > Blog > internet nhau > Samba 4.15.0 kuburitswa

Samba 4.15.0 kuburitswa

Samba 4.15.0 yaburitswa, ichienderera mberi nekugadzirwa kwebazi reSamba 4 nekushandisa zvizere domain controller uye Active Directory service inoenderana nekushandisa. Windows 2000 uye inokwanisa kubata shanduro dzese dzinotsigirwa neMicrosoft Windows-vatengi, kusanganisira Windows 10Samba 4 chigadzirwa cheseva chinoshanda mabasa akawanda chinopawo sevha yefaira, sevhisi yekudhinda, uye sevha yekuvimbisa (winbind).

Kuchinja kukuru muSamba 4.15:

  • Basa rekusimudzira VFS layer rakapedzwa. Nokuda kwezvikonzero zvezvakaitika kare, kodhi nekushandiswa kwefaira yefaira yakasungirirwa pakugadziriswa kwefaira nzira, iyo yakashandiswawo kune SMB2 protocol, iyo yakaendeswa kune kushandiswa kwezvinotsanangurwa. Iyo yemazuva ano inosanganisira kushandura kodhi inopa mukana kune server's faira system kushandisa faira zvinotsanangura panzvimbo yemafaira nzira (semuenzaniso, kufona fstat() pachinzvimbo che stat() uye SMB_VFS_FSTAT() pachinzvimbo cheSMB_VFS_STAT()).
  • Kuitwa kweiyo BIND DLZ (Dynamically-loaded zones) tekinoroji, iyo inobvumira vatengi kutumira zvikumbiro zveDNS zone kuBIND server uye kugamuchira mhinduro kubva kuSamba, yakawedzera kugona kutsanangura rondedzero yekuwana iyo inokutendera kuti uone kuti ndevapi vatengi. vakabvumira zvikumbiro zvakadaro uye izvo zvisiri. Iyo DLZ DNS plugin haichatsigire Bind mapazi 9.8 uye 9.9.
  • Rutsigiro rweSMB3 multi-channel extension (SMB3 Multi-Channel protocol) rwakagoneswa nedefault uye rwakagadzikiswa. Iyi protocol inobvumira vatengi kugadzira ma connection akawanda kuti vafambise data mukati meSMB session imwe chete. Semuenzaniso, kana uchitsvaga faira rimwe chete, mashandiro eI/O anogona kugoverwa pakati pema open connections akawanda. Iyi mode inowedzera throughput uye inovandudza kushivirira kukanganisa. Kuti udzime SMB3 Multi-Channel, chinja sarudzo ye "server multi-channel support" mu smb.conf, iyo ikozvino inogoneswa nedefault pamapuratifomu. Linux uye FreeBSD.
  • Izvozvi zvinogoneka kushandisa samba-chishandiso kuraira muSamba zvigadziriso zvakavakwa pasina Active Directory domain controller rutsigiro (kana iyo "--pasina-ad-dc" sarudzo yatsanangurwa). Asi mune iyi kesi, hazvisi zvese zvinoshanda zviripo; semuenzaniso, kugona kweiyo 'samba-tool domain' yekuraira kunogumira.
  • Yakavandudzwa yekuraira mutsara interface: Iyo nyowani yekuraira mutsara sarudzo parser yakakurudzirwa kuti ishandiswe mune dzakasiyana samba zvinoshandiswa. Sarudzo dzakafanana dzakasiana mumhando dzakasiyana dzekushandisa dzakabatanidzwa, semuenzaniso, kugadzirisa kwesarudzo dzine chekuita nekuvharidzira, kushanda nemasiginecha edhijitari, uye kushandisa kerberos kwakabatanidzwa. smb.conf inotsanangura marongero ekugadzirisa zvimiro zvesarudzo. Kuburitsa zvikanganiso, zvese zvinoshandiswa zvinoshandisa STDERR (yekubuda kuSTDOUT, iyo "-debug-stdout" sarudzo inopihwa).

    Yakawedzerwa "--client-protection=off|sign|encrypt" sarudzo.

    Sarudzo dzakapihwa mazita: --kerberos -> --use-kerberos=required|desired|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --kushandisa -ccache -> --shandisa- winbind-ccache

    Sarudzo dzakabviswa: “-e|—encrypt” uye “-S|—kusaina”.

    Basa rakaitwa kuchenesa zvakapetwa sarudzo muldbadd, ldbdel, ldbedit, ldbmodify, ldbrename uye ldbsearch, ndrdump, net, sharesec, smbcquotas, nmbd, smbd uye winbindd utilities.

  • Nekusagadzika, kuongorora rondedzero yeTrusted Domains kunovharwa kana uchimhanya winbindd, izvo zvine musoro mumazuva eNT4, asi hazvina basa kune Active Directory.
  • Rutsigiro rwakawedzerwa rweODJ (Offline Domain Join) mechanism, iyo inokutendera kuti ubatanidze komputa ku dhomeini pasina kubata zvakananga ne domain controller. Muma operating system akafanana neUnix akavakirwa paSamba, murairo we 'net offlinejoin' unowanikwa pakubatana, uye mu Windows Unogona kushandisa purogiramu yakajairika ye djoin.exe.
  • Iwo 'samba-tool dns zoneoptions' murairo unopa sarudzo dzekugadzirisa nguva yekuvandudza uye kutonga kucheneswa kwemarekodhi ekare eDNS. Kana zvese zvinyorwa zvezita reDNS zvadzimwa, node inoiswa muguva.
  • Maseva eDCE/RPC DNS anogona kushandiswa ne samba-tool utility ne utilities. Windows kushandura marekodhi eDNS pane external server.
  • Paunenge uchiita iyo "samba-tool domain backup offline" kuraira, kukiya kwakaringana pane iyo LMDB dhatabhesi kunovimbiswa kudzivirira kubva kunoenderana kuchinjika kwedata panguva yekuchengetedza.
  • Rutsigiro rwemadimikira eSMB protocol ekuyedza SMB2_22, SMB2_24, uye SMB3_10, ayo aingoshandiswa mukuvaka bvunzo chete, rwakamiswa. Windows.
  • Mukuvaka nekuyedza kuita kweActive Directory yakavakirwa paMIT Kerberos, izvo zvinodikanwa zveshanduro yepakeji iyi zvakasimudzwa. Kuvaka ikozvino kunoda kanenge MIT Kerberos shanduro 1.19 (yakatumirwa neFedora 34).
  • Tsigiro yeNIS yakabviswa.
  • Fixed vulnerability CVE-2021-3671, iyo inobvumira mushandisi asina kutenderwa kukanganisa Heimdal KDC-based domain controller kana TGS-REQ packet yatumirwa isingasanganisire zita reseva.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster