ProHoster > Блог > wararka internetka > Samba 4.17.0 sii deynta

Samba 4.17.0 sii deynta

Siidaynta Samba 4.17.0 ayaa la soo bandhigay, taas oo sii waday horumarinta laanta Samba 4 iyada oo si buuxda loo hirgeliyey koontaroolaha domainka iyo adeegga Hagaha Firfircoon ee ku habboon hirgelinta Windows 2008 oo awood u leh inuu u adeego dhammaan noocyada Macaamiisha Windows ee ay taageerto Microsoft, oo ay ku jiraan Windows 11. Samba 4 is a multifunctional server product , kaas oo sidoo kale bixiya hirgelinta server-ka faylka, adeegga daabacaadda, iyo server aqoonsiga (winbind).

Isbeddellada muhiimka ah ee Samba 4.17:

  • Shaqada ayaa la qabtay si loo baabi'iyo dib-u-dhac ku yimid waxqabadka server-yada SMB ee mashquulka ah kuwaas oo u muuqday natiijada ka ilaalinta dayacanka khalkhalgelinta symlink. Hagaajinta la sameeyay waxaa ka mid ah in la dhimo wicitaanada nidaamka marka la hubinayo magaca hagaha oo aan la isticmaalin dhacdooyinka soo kicinta marka la farsameynayo hawlgallada tartamaya ee keenaya dib u dhac.
  • Awooda lagu dhisayo Samba iyada oo aan la taageerin borotokoolka SMB1 ee smbd ayaa la bixiyay. Si loo baabi'iyo SMB1, ikhtiyaarka "--without-smb1-server" ayaa lagu hirgeliyay qoraalka qaabeynta (waxay saamaysaa smbd kaliya; taageerada SMB1 waxaa lagu hayaa maktabadaha macmiilka).
  • Markaad isticmaalayso MIT Kerberos 1.20, awoodda looga hortagayo weerarka Bronze Bit (CVE-2020-17049) waxaa la hirgeliyaa iyada oo la wareejinayo macluumaad dheeraad ah oo u dhexeeya qaybaha KDC iyo KDB. Qaabka caadiga ah ee Heimdal Kerberos-ku-salaysan ee KDC, arintu waxa la hagaajiyay 2021.
  • Markii lagu dhisay MIT Kerberos 1.20, koontaroolaha domain-ku-saleysan ee Samba wuxuu hadda taageeraa kordhinta Kerberos S4U2Self iyo S4U2Proxy, wuxuuna sidoo kale ku darayaa awoodda Wafdiga Ku-saleysan Kheyraadka (RBCD). Si loo maareeyo RBCD, amar-hoosaadyada 'add-principal' iyo 'del-principal' ayaa lagu daray taliska "ergada samba-tool". Heimdal Kerberos-ku-salaysan KDC wali ma taageero qaabka RBCD.
  • Adeegga DNS-ku-dhisan wuxuu bixiyaa awoodda lagu beddelo dekedda shabakadda ee hesha codsiyada (tusaale ahaan, in lagu socodsiiyo server-ka DNS kale ee isla nidaamka kaas oo u weeciya codsiyada qaarkood Samba).
  • Qaybta CTDB, oo mas'uul ka ah hawlgalka habaynta kooxda, shuruudaha syntax ee faylka ctdb.tunables waa la dhimay. Marka la dhisayo Samba ikhtiyaarrada "--with-cluster-support" iyo "--systemd-install-services", rakibidda adeegga habaysan ee CTDB waa la hubiyaa. Farta ctdbd_wrapper waa la joojiyay - habka ctdbd hadda waxaa si toos ah looga bilaabay adeegga systemd ama qoraalka init.
  • Dejinta 'nt hash store = weligeed' lama hirgelin, kaas oo mamnuucaya kaydinta "qaawan" (milix la'aan) ee erayga sirta ah ee isticmaalaha Hagaha Active. Nooca soo socda, goobta 'nt hash store' ee caadiga ah ayaa loo dejin doonaa "auto", kaas oo qaabka "marna" lagu dabaqi doono haddii goobta 'ntlm auth = naafada' ay jirto.
  • Ku xidhid ayaa loo soo jeediyay gelitaanka maktabadda smbconf API ee koodka Python.
  • Barnaamijka smbstatus waxa uu fuliyaa awoodda soo saarista macluumaadka qaabka JSON (oo la karti-doorashada "-json").
  • Xakamaynta domain-ku waxay taageertaa kooxda amniga "Isticmalayaasha la ilaaliyo", oo ka soo muuqday Windows Server 2012 R2 mana ogola isticmaalka noocyada sirta daciifka ah (isticmaalka kooxda, taageerada aqoonsiga NTLM, Kerberos TGTs oo ku salaysan RC4, xaddidan oo aan xaddidnayn ergadu waa naafo).
  • Taageerada kaydka sirta ah ee LanMan iyo habka xaqiijinta waa la joojiyay ( "lanman auth=haa" dejinta hadda wax saamayn ah ma leh).

    Source: opennet.ru

Add a comment