Ukukhutshwa kwe-Samba 4.15.0 kuboniswa, okuqhubeka nokuphuhliswa kwesebe le-Samba 4 kunye nokuphunyezwa ngokupheleleyo komlawuli wesizinda kunye nenkonzo ye-Active Directory ehambelana nokuphunyezwa kwe-Windows 2000 kwaye iyakwazi ukukhonza zonke iinguqulelo ze Abaxhasi beWindows abaxhaswa nguMicrosoft, kuquka Windows 10. ISamba 4 yimveliso yeseva esebenzayo, ekwabonelela ngokuphunyezwa kweseva yefayile, inkonzo yoshicilelo, kunye neseva yesazisi (winbind).
Utshintsho oluphambili kwiSamba 4.15:
- Umsebenzi wokuphucula umgangatho weVFS ugqityiwe. Ngenxa yezizathu zembali, ikhowudi kunye nokuphunyezwa komncedisi wefayile yayiboshwe ekuqhutyweni kweendlela zefayile, eyayisetyenziselwa iprotocol ye-SMB2, eyadluliselwa ekusebenziseni izichazi. Uhlaziyo lwala maxesha lubandakanye ukuguqula ikhowudi ebonelela ngokufikelela kwisixokelelwano sefayile yomncedisi ukusebenzisa izichazi zefayile endaweni yeendlela zefayile (umzekelo, ukufowunela fstat() endaweni ye stat() kunye SMB_VFS_FSTAT() endaweni ye SMB_VFS_STAT()).
- Ukuphunyezwa kwe-BIND DLZ (imimandla elayishwe ngamandla) iteknoloji, evumela abathengi ukuba bathumele izicelo zokudlulisa indawo ye-DNS kwiseva ye-BIND kwaye bafumane impendulo evela kwi-Samba, yongeze amandla okuchaza uluhlu lokufikelela oluvumela ukuba unqume ukuba ngabaphi abathengi. zivumelekile izicelo ezinjalo nezingezizo. I-plugin ye-DLZ DNS ayisaxhasi amasebe e-Bind 9.8 kunye ne-9.9.
- Inkxaso ye-SMB3 ye-multi-channel extension (i-SMB3 ye-Multi-Channel protocol) inikwe amandla ngokungagqibekanga kwaye izinzile, ivumela abathengi ukuba baseke uxhulumaniso oluninzi ukulungelelanisa ukuhanjiswa kwedatha ngaphakathi kweseshoni enye ye-SMB. Umzekelo, xa ufikelela kwifayile enye, imisebenzi ye-I/O inokuhanjiswa kuzo zonke iindibano ezivulekileyo ezininzi ngaxeshanye. Le mowudi ikuvumela ukuba ukwandise ukuphuma kunye nokwandisa ukuchasana nokusilela. Ukukhubaza i-SMB3 ye-Multi-Channel, kufuneka utshintshe "inkxaso yesitishi esininzi kwi-server" kwi-smb.conf, ngoku yenziwe yasebenza ngokungagqibekanga kwi-Linux kunye ne-FreeBSD kumaqonga.
- Ngoku kuyenzeka ukusebenzisa umyalelo we-samba-isixhobo kuqwalaselo lwe-Samba olwakhiwe ngaphandle kwenkxaso yomlawuli wesizinda se-Active Directory (xa u-“--without-ad-dc” ukhetho lukhankanyiwe). Kodwa kulo mzekelo, ayilulo lonke usebenzo olukhoyo, umzekelo, amandla omyalelo we-'samba-tool domain' anomda.
- Ujongano lomgca womyalelo oluphuculweyo: Uluhlu olutsha lweenketho zomgca womyalelo lucetyiwe ukuba lusetyenziswe kwizinto ezahlukeneyo zesamba. Izinketho ezifanayo ezihlukeneyo kwiinkonzo ezahlukeneyo ziye zadityaniswa, umzekelo, ukucutshungulwa kweenketho ezinxulumene ne-encryption, ukusebenza kunye neesignesha zedijithali, kunye nokusebenzisa i-kerberos kuye kwahlanganiswa. smb.conf ichaza izicwangciso zokucwangcisa amaxabiso angagqibekanga okhetho. Ukukhupha iimposiso, zonke izinto eziluncedo zisebenzisa i-STDERR (imveliso ukuya kwi-STDOUT, ukhetho "-debug-stdout" lunikiwe).
Kongezwe "--client-protection=off|sign|encrypt" ukhetho.
Ukhetho olunikwe ngokutsha: --kerberos -> --use-kerberos=required|desired|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --use -ccache -> --sebenzisa- winbind-ccache
Iinketho ezisusiweyo: “-e|—encrypt” kunye “-S|—signing”.
Umsebenzi wenziwe ukucoca iinketho eziphindwe kabini kwi-ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename kunye ne-ldbsearch, ndrdump, net, sharesec, smbcquotas, nmbd, smbd kunye ne-winbindd eziluncedo.
- Ngokungagqibekanga, ukuskena uluhlu lweeNdawo eziThenjiweyo xa ubaleka i-winbindd ivaliwe, nto leyo yenza ingqiqo ngeentsuku ze-NT4, kodwa ayihambelani ne-Active Directory.
- Inkxaso eyongeziweyo ye-ODJ (i-Offline Domain Joyina) indlela, ekuvumela ukuba ujoyine ikhompyutha kwi-domain ngaphandle kokuqhagamshelana ngokuthe ngqo nomlawuli wesizinda. Kwiinkqubo ezisebenza njenge-Unix ezisekwe kwi-Samba, umyalelo 'wokujoyina ngaphandle kweintanethi' uyanikezelwa ukuze ujoyine, kwaye kwi-Windows ungasebenzisa inkqubo eqhelekileyo ye-djoin.exe.
- Umyalelo we-'samba-tool dns zoneoptions' unika iinketho zokuseta isithuba sohlaziyo kunye nokulawula ukucocwa kweerekhodi zeDNS eziphelelwe lixesha. Ukuba zonke iirekhodi zegama le-DNS zicinyiwe, i-node ifakwe kwi-tombstone state.
- Iseva ye-DNS i-DCE/RPC ngoku ingasetyenziswa yi-samba-isixhobo kunye nezixhobo ze-Windows ukukhohlisa iirekhodi ze-DNS kumncedisi wangaphandle.
- Xa uphumeza "i-samba-tool domain backup offline" umyalelo, ukutshixa ngokuchanekileyo kwi-database ye-LMDB kuqinisekiswa ukukhusela ngokuchasene nokuguqulwa kwedatha ngexesha lokugcinwa.
- Inkxaso yovavanyo lweelwimi zengingqi ye-SMB protocol - SMB2_22, SMB2_24 kunye ne-SMB3_10, ezazisetyenziswa kuphela kuvavanyo lolwakhiwo lweWindows, iyekisiwe.
- Kulwakhiwo kunye nokuphunyezwa kovavanyo lwe-Active Directory esekelwe kwi-MIT Kerberos, iimfuno zoguqulelo lwale phakheji ziye zaphakanyiswa. Yakha ngoku ifuna ubuncinane i-MIT Kerberos version 1.19 (ithunyelwe nge-Fedora 34).
- Inkxaso ye-NIS isusiwe.
- I-Fixed vulnerability CVE-2021-3671, evumela umsebenzisi ongagunyaziswanga ukuba ahlasele umlawuli wesizinda se-Heimdal KDC ukuba i-packet ye-TGS-REQ ithunyelwe engabandakanyi igama lomncedisi.
umthombo: opennet.ru