I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-Samba 4.11.0

Ukukhishwa kwe-Samba 4.11.0

Kuthunyelwe ngu- ukukhululwa I-Samba 4.11.0, owaqhubeka nokuthuthukiswa kwegatsha I-Samba 4 ngokuqaliswa okuphelele kwesilawuli sesizinda kanye nesevisi ye-Active Directory ehambisana nokusetshenziswa kwe-Windows 2000 futhi ekwazi ukuhlinzeka zonke izinguqulo zamaklayenti e-Windows asekelwa yi-Microsoft, okuhlanganisa Windows 10. I-Samba 4 iwumkhiqizo weseva ocebile futhi ihlinzeka ngokusetshenziswa kweseva yefayela, isevisi yokuphrinta, kanye neseva kamazisi (winbind).

Ukhiye shintsha ku-Samba 4.11:

  • Ngokuzenzakalelayo, imodeli yokuqaliswa kwenqubo “ye-prefork” inikwe amandla, okukuvumela ukuthi ugcine iqoqo lezinqubo zesibambi eziqaliswe ngaphambilini. Uma uqala i-Samba, inketho ye-'--model' manje ithatha inani elithi 'prefork' esikhundleni se-'standard'. Ngaphambilini, kusungulwe inqubo ehlukile yengane ekuxhumekeni kweklayenti ngayinye ye-LDAP ne-NETLOGON, okuphumele ekusetshenzisweni kwememori okubalulekile lapho kunenani elikhulu lokuxhumana okuqhubekayo. Uma usebenzisa imodeli ye-'prefork' yezinsizakalo ze-LDAP, NETLOGON kanye ne-KDC, kuqaliswa inombolo egxilile yezinqubo ezicubungula ngokuhlanganyela ukuxhumeka kwamaklayenti futhi zisabalalise phakathi kwabaphathi (ngokuzenzakalelayo, izibambi ezi-4 ziyaqaliswa);
  • I-Winbind iqinisekisa ukuthi i-PAM_AUTH ne-NTLM_AUTH imicimbi yokuqinisekisa igcinwa kulogu, futhi yengeza ukuboniswa kumarekhodi okuqinisekisa nokudluliselwa ku-SamLogon yesibaluli se-“logonId” esiqukethe isihlonzi sokungena esidalelwe izicelo ze-PAM_AUTH ne-NTLM_AUTH;
  • Isikimu sezixhumanisi ze-LDAP ezibuyisiwe (ukudluliselwa) manje sibonisa uhlelo olusuka esicelweni sokuqala, isibonelo, izixhumanisi ezitholwe nge-ldap zifakwe kuqala ngokuthi “ldap://”, futhi ngokusebenzisa i-ldaps - “ldaps://”;
  • Kwengezwe amandla okungena ubude besikhathi bemisebenzi ye-DNS eyenziwa yi-Bind 9. Okukhiphayo kunikwe amandla ngokucacisa ileveli yelogi ethi “dns:10” ku-smb.conf;
  • I-schema ye-Active Directory ezenzakalelayo ibuyekezwe ukuze ibe
    2012_R2.
    I-schema esidala singakhethwa kusetshenziswa i-agumenti ye-'--base-schema'. Ukuze uthuthukise ukufakwa okukhona, ungasebenzisa ithuluzi le-samba "i-domain schemaupgrade" umyalo.

  • Okuncikile okudingekayo kufaka phakathi umtapo wolwazi we-cryptographic we-GnuTLS 3.2, othatha indawo yemisebenzi ye-cryptographic eyakhelwe ngaphakathi ye-Samba;
  • Kwengezwe umyalo othi "samba-tool contact" ukuze useshe futhi uhlele okufakiwe ebhukwini lamakheli eligcinwe ku-LDAP;
  • Umyalo othi “samba-tool [user|group|computer|group|contact] edit” uthuthukise ukwesekwa kokusebenza ngombhalo wekhodi kazwelonke;
  • I-Samba yenzelwe ukusebenza ezinhlanganweni ezinkulu kakhulu ezinabasebenzisi abangafika ezinkulungwaneni eziyi-100 nezinto eziyizinkulungwane eziyi-120;
  • Ukusebenza okuthuthukisiwe kwe-reindexing (“samba-tool dbcheck —reindex”) kanye nemisebenzi yokujoyina isizinda (“i-samba-tool domain join”) ezizindeni ezinkulu ze-AD;
  • Iseva ye-LDAP ithuthukise ukusebenza kahle kwenkumbulo lapho ikhiqiza izimpendulo ezinkulu ze-LDAP (isibonelo, lapho isesha zonke izinto) ngokususa ukuphindwaphindwa kwamakhophi edatha kumemori;
  • Inketho ethi “-backend-store-size” yengezwe ku-“samba-tool” ukuze kunqunywe usayizi ovunyelwe wesizindalwazi esiphezulu (imephu ye-lmdb);
  • Inketho ethi “batch_mode” yengezwe ku-LDB, ekuvumela ukuthi uthuthukise ukusebenza kwenqwaba ngokuyenza ngaphakathi kokuthenga okukodwa. Ukusebenza kokusesha kuma-LDB amakhulu nakho sekuthuthukisiwe futhi ukusebenza kokuqamba kabusha kwemithi engaphansi kuye kwathuthukiswa;
  • Kwengezwe i-ceph_snapshots VFS module, esebenzisa ukusekelwa kwezifinyezo ze-CephFS ekusebenzeni nezinguqulo zangaphambilini zamafayela;
  • Indlela yokugcina i-Active Directory database kudiski ishintshiwe. Ifomethi entsha izosetshenziswa ngokuzenzakalelayo ngemva kokuthuthukiswa ukuze kukhishwe i-4.11, kodwa uma kwenzeka wehliswa kusukela ku-Samba 4.11 kuya kokukhishwayo okudala ozoyidinga. uguquko fometha ngokwakho;
  • Ngokuzenzakalelayo, ukusekelwa kwephrothokholi ye-SMB1 kuyacishwa (i-'client min protocol' kanye nezilungiselelo 'ze-server min protocol' zisethwe ku-SMB2_02), eyehlisiwe futhi ayisasetshenziswa yi-Microsoft;
  • Izinsiza eziningi zomugqa womyalo, njenge-smbclient kanye ne-smbcacls, zinenketho entsha ethi '--option' ekuvumela ukuthi ukhiphe izilungiselelo ze-smb.conf. Isibonelo, ukuze ushintshe ubuncane benguqulo yephrothokholi esekelwe, ungacacisa "--option='client min protocol=NT1′" ukuze ubuyisele i-SMB1;
  • I-LanMan kanye nezindlela zokuqinisekisa zombhalo ongenalutho zimenyezelwe njengeziphelelwe yisikhathi. Ukusekelwa kwezindlela ze-NTLM, NTLMv2 kanye ne-Kerberos kuhlala kungashintshile;
  • I-backend ye-BIND9_FLATFILE DNS yehlisiwe futhi izokhishwa ekukhishweni okuzayo. Futhi yehlise inketho "yomyalo we-rndc" kokuthi smb.conf;
  • Ikhodi yeseva ye-http eyakhelwe ngaphakathi (i-Python WSGI), eyayisetshenziswa ngaphambilini ukuze kuqinisekiswe ukusebenza kwe-SWAT web interface, isusiwe;
  • Ngokuzenzakalelayo, ukusekelwa kwePython 2 kukhutshaziwe futhi iPython 3 inikwe amandla (ukubuyisela ukusekelwa kwePython 2, udinga ukusetha okuguquguqukayo kwemvelo 'PYTHON=python2′ ngaphambi kokuqalisa ./configure' kanye 'nokwenza' ngesikhathi senqubo yokwakha i-samba.

Source: opennet.ru

Engeza amazwana