Ukhiye
- Ngokuzenzakalelayo, imodeli yokuqaliswa kwenqubo “ye-prefork” inikwe amandla, okukuvumela ukuthi ugcine iqoqo lezinqubo zesibambi eziqaliswe ngaphambilini. Uma uqala i-Samba, inketho ye-'--model' manje ithatha inani elithi 'prefork' esikhundleni se-'standard'. Ngaphambilini, kusungulwe inqubo ehlukile yengane ekuxhumekeni kweklayenti ngayinye ye-LDAP ne-NETLOGON, okuphumele ekusetshenzisweni kwememori okubalulekile lapho kunenani elikhulu lokuxhumana okuqhubekayo. Uma usebenzisa imodeli ye-'prefork' yezinsizakalo ze-LDAP, NETLOGON kanye ne-KDC, kuqaliswa inombolo egxilile yezinqubo ezicubungula ngokuhlanganyela ukuxhumeka kwamaklayenti futhi zisabalalise phakathi kwabaphathi (ngokuzenzakalelayo, izibambi ezi-4 ziyaqaliswa);
- I-Winbind iqinisekisa ukuthi i-PAM_AUTH ne-NTLM_AUTH imicimbi yokuqinisekisa igcinwa kulogu, futhi yengeza ukuboniswa kumarekhodi okuqinisekisa nokudluliselwa ku-SamLogon yesibaluli se-“logonId” esiqukethe isihlonzi sokungena esidalelwe izicelo ze-PAM_AUTH ne-NTLM_AUTH;
- Isikimu sezixhumanisi ze-LDAP ezibuyisiwe (ukudluliselwa) manje sibonisa uhlelo olusuka esicelweni sokuqala, isibonelo, izixhumanisi ezitholwe nge-ldap zifakwe kuqala ngokuthi “ldap://”, futhi ngokusebenzisa i-ldaps - “ldaps://”;
- Kwengezwe amandla okungena ubude besikhathi bemisebenzi ye-DNS eyenziwa yi-Bind 9. Okukhiphayo kunikwe amandla ngokucacisa ileveli yelogi ethi “dns:10” ku-smb.conf;
- I-schema ye-Active Directory ezenzakalelayo ibuyekezwe ukuze ibe
2012_R2 .
I-schema esidala singakhethwa kusetshenziswa i-agumenti ye-'--base-schema'. Ukuze uthuthukise ukufakwa okukhona, ungasebenzisa ithuluzi le-samba "i-domain schemaupgrade" umyalo. - Okuncikile okudingekayo kufaka phakathi umtapo wolwazi we-cryptographic we-GnuTLS 3.2, othatha indawo yemisebenzi ye-cryptographic eyakhelwe ngaphakathi ye-Samba;
- Kwengezwe umyalo othi "samba-tool contact" ukuze useshe futhi uhlele okufakiwe ebhukwini lamakheli eligcinwe ku-LDAP;
- Umyalo othi “samba-tool [user|group|computer|group|contact] edit” uthuthukise ukwesekwa kokusebenza ngombhalo wekhodi kazwelonke;
- I-Samba yenzelwe ukusebenza ezinhlanganweni ezinkulu kakhulu ezinabasebenzisi abangafika ezinkulungwaneni eziyi-100 nezinto eziyizinkulungwane eziyi-120;
- Ukusebenza okuthuthukisiwe kwe-reindexing (“samba-tool dbcheck —reindex”) kanye nemisebenzi yokujoyina isizinda (“i-samba-tool domain join”) ezizindeni ezinkulu ze-AD;
- Iseva ye-LDAP ithuthukise ukusebenza kahle kwenkumbulo lapho ikhiqiza izimpendulo ezinkulu ze-LDAP (isibonelo, lapho isesha zonke izinto) ngokususa ukuphindwaphindwa kwamakhophi edatha kumemori;
- Inketho ethi “-backend-store-size” yengezwe ku-“samba-tool” ukuze kunqunywe usayizi ovunyelwe wesizindalwazi esiphezulu (imephu ye-lmdb);
- Inketho ethi “batch_mode” yengezwe ku-LDB, ekuvumela ukuthi uthuthukise ukusebenza kwenqwaba ngokuyenza ngaphakathi kokuthenga okukodwa. Ukusebenza kokusesha kuma-LDB amakhulu nakho sekuthuthukisiwe futhi ukusebenza kokuqamba kabusha kwemithi engaphansi kuye kwathuthukiswa;
- Kwengezwe i-ceph_snapshots VFS module, esebenzisa ukusekelwa kwezifinyezo ze-CephFS ekusebenzeni nezinguqulo zangaphambilini zamafayela;
- Indlela yokugcina i-Active Directory database kudiski ishintshiwe. Ifomethi entsha izosetshenziswa ngokuzenzakalelayo ngemva kokuthuthukiswa ukuze kukhishwe i-4.11, kodwa uma kwenzeka wehliswa kusukela ku-Samba 4.11 kuya kokukhishwayo okudala ozoyidinga.
uguquko fometha ngokwakho; - Ngokuzenzakalelayo, ukusekelwa kwephrothokholi ye-SMB1 kuyacishwa (i-'client min protocol' kanye nezilungiselelo 'ze-server min protocol' zisethwe ku-SMB2_02), eyehlisiwe futhi ayisasetshenziswa yi-Microsoft;
- Izinsiza eziningi zomugqa womyalo, njenge-smbclient kanye ne-smbcacls, zinenketho entsha ethi '--option' ekuvumela ukuthi ukhiphe izilungiselelo ze-smb.conf. Isibonelo, ukuze ushintshe ubuncane benguqulo yephrothokholi esekelwe, ungacacisa "--option='client min protocol=NT1′" ukuze ubuyisele i-SMB1;
- I-LanMan kanye nezindlela zokuqinisekisa zombhalo ongenalutho zimenyezelwe njengeziphelelwe yisikhathi. Ukusekelwa kwezindlela ze-NTLM, NTLMv2 kanye ne-Kerberos kuhlala kungashintshile;
- I-backend ye-BIND9_FLATFILE DNS yehlisiwe futhi izokhishwa ekukhishweni okuzayo. Futhi yehlise inketho "yomyalo we-rndc" kokuthi smb.conf;
- Ikhodi yeseva ye-http eyakhelwe ngaphakathi (i-Python WSGI), eyayisetshenziswa ngaphambilini ukuze kuqinisekiswe ukusebenza kwe-SWAT web interface, isusiwe;
- Ngokuzenzakalelayo, ukusekelwa kwePython 2 kukhutshaziwe futhi iPython 3 inikwe amandla (ukubuyisela ukusekelwa kwePython 2, udinga ukusetha okuguquguqukayo kwemvelo 'PYTHON=python2′ ngaphambi kokuqalisa ./configure' kanye 'nokwenza' ngesikhathi senqubo yokwakha i-samba.
Source: opennet.ru