ProHoster > Blog > litaba tsa inthanete > Samba 4.17.0 tokollo

Samba 4.17.0 tokollo

Ho hlahisoa tokollo ea Samba 4.17.0, e tsoelang pele nts'etsopele ea lekala la Samba 4 ka ts'ebetsong e felletseng ea molaoli oa domain le ts'ebeletso ea Active Directory e tsamaellanang le ts'ebetsong ea Windows 2008 mme e khona ho sebeletsa liphetolelo tsohle. Basebelisi ba Windows ba tšehetsoeng ke Microsoft, ho akarelletsa le Windows 11. Samba 4 ke lihlahisoa tse ngata tsa seva , e fanang ka ts'ebetsong ea seva sa faele, tšebeletso ea khatiso, le seva sa boitsebiso (winbind).

Liphetoho tsa bohlokoa ho Samba 4.17:

  • Mosebetsi o entsoe ho felisa ho fokotseha ha ts'ebetso ea li-server tsa SMB tse phathahaneng tse hlahileng ka lebaka la ho eketsa ts'ireletso khahlanong le bofokoli ba ho qhekella ha symlink. Har'a lintlafatso tse entsoeng, ho buuoa ka ho fokotsa mehala ea sistimi ha ho hlahlojoa lebitso la directory mme o sa sebelise liketsahalo tsa ho tsoha ha o sebetsana le lits'ebetso tse hlolisanoang tse lebisang tieho.
  • Bokhoni ba ho aha Samba ntle le ts'ehetso ea protocol ea SMB1 ho smbd bo fanoe. Ho tima SMB1, khetho ea "-ntle-smb1-server" e kengoa ts'ebetsong ea script (e ama smbd feela; tšehetso ea SMB1 e bolokiloe lilaeboraring tsa bareki).
  • Ha u sebelisa MIT Kerberos 1.20, bokhoni ba ho loantša tlhaselo ea Bronze Bit (CVE-2020-17049) e kenngoa ts'ebetsong ka ho fetisetsa boitsebiso bo eketsehileng pakeng tsa likarolo tsa KDC le KDB. Ho KDC e thehiloeng ho Heimdal Kerberos, bothata bo ile ba lokisoa ka 2021.
  • Ha e hahiloe ka MIT Kerberos 1.20, molaoli oa sebaka sa Samba se thehiloeng ho Samba joale o tšehetsa likeketso tsa Kerberos S4U2Self le S4U2Proxy, hape o eketsa bokhoni ba Resource Based Constrained Delegation (RBCD). Ho laola RBCD, litaelo tse nyane tsa 'add-principal' le 'del-principal' li kentsoe taelong ea "samba-tool delegation". KDC e thehiloeng ho Heimdal Kerberos ha e so tšehetse mokhoa oa RBCD.
  • Ts'ebeletso ea DNS e hahelletsoeng e fana ka bokhoni ba ho fetola boema-kepe ba marang-rang bo amohelang likopo (mohlala, ho tsamaisa seva se seng sa DNS ho sistimi e ts'oanang e khutlisetsang likopo tse itseng ho Samba).
  • Karolong ea CTDB, e ikarabellang bakeng sa ts'ebetso ea litlhophiso tsa lihlopha, litlhoko tsa syntax ea faele ea ctdb.tunables li fokotsehile. Ha u haha ​​​​Samba ka likhetho tsa "--with-cluster-support" le "--systemd-install-services", ho kenngoa ha tšebeletso ea systemd bakeng sa CTDB ho tiisetsoa. Sengoloa sa ctdbd_wrapper se khaotsoe - ts'ebetso ea ctdbd e se e qalisoa ka kotloloho ho tsoa ho ts'ebeletso ea systemd kapa ho tsoa ho init script.
  • Setlhophiso sa 'nt hash store = never' se kentsoe ts'ebetsong, se thibelang ho boloka "feela" (ntle le letsoai) hashes ea Active Directory user password. Phetolelong e latelang, litlhophiso tsa kamehla tsa 'nt hash store' li tla hlophisoa ho "auto", moo "never" mode e tla sebelisoa haeba 'ntlm auth = disabled' setting e le teng.
  • Ho hlahisitsoe tlamo bakeng sa ho fihlella laeborari ea smbconf ho tsoa ho khoutu ea Python.
  • Lenaneo la smbstatus le sebelisa bokhoni ba ho hlahisa tlhahisoleseding ka mokhoa oa JSON (o nolofalitsoeng ka khetho ea "-json").
  • Taolo ea sebaka sa marang-rang e ts'ehetsa sehlopha sa ts'ireletso sa "Basebelisi ba Sirelelitsoeng", se hlahileng ho Windows Server 2012 R2 mme ha se lumelle ts'ebeliso ea mefuta e fokolang ea encryption (bakeng sa basebelisi ba sehlopha, ts'ehetso ea netefatso ea NTLM, Kerberos TGTs e thehiloeng ho RC4, e hatelletsoeng ebile e sa qobelloe. delegation e holofetse).
  • Tšehetso bakeng sa lebenkele la li-password tse thehiloeng ho LanMan le mokhoa oa ho netefatsa li khaolitsoe (setting ea "lanman auth=e" ha e sa na phello).

    Source: opennet.ru

Eketsa ka tlhaloso