ukukhululwa , owaqhubeka nokuthuthukiswa kwegatsha ngokuqaliswa okuphelele kwesilawuli sesizinda kanye nesevisi ye-Active Directory ehambisana nokusetshenziswa kwe-Windows 2000 futhi ekwazi ukuhlinzeka zonke izinguqulo zamaklayenti e-Windows asekelwa yi-Microsoft, okuhlanganisa Windows 10. I-Samba 4 iwumkhiqizo weseva ocebile futhi ihlinzeka ngokusetshenziswa kweseva yefayela, isevisi yokuphrinta, kanye neseva kamazisi (winbind).
Ukhiye ku-Samba 4.13:
- Kwengezwe ukuvikelwa kokuba sengozini (CVE-2020-1472) ivumela umhlaseli ukuthi athole amalungelo okuphatha kusilawuli sesizinda kumasistimu angasebenzisi ukulungiselelwa kokuthi "isiteshi seseva = yebo".
- Isidingo esincane senguqulo yePython senyusiwe sisuka kuPython 3.5 saya kuPython 3.6. Amandla okwakha iseva yefayela ngePython 2 agcinwe okwamanje (ngaphambi kokuqalisa ./configure' futhi 'wenza' kufanele usethe ukuguquguquka kwemvelo 'PYTHON=python2'), kodwa egatsheni elilandelayo izosuswa futhi iPython 3.6 izodingeka ekwakheni.
- Umsebenzi othi “wide links = yebo”, ovumela abaphathi beseva yefayela ukuthi bakhe izixhumanisi ezingokomfanekiso endaweni engaphandle kwengxenye yamanje ye-SMB/CIFS, isusiwe ku-smbd yayiswa kumojula ehlukile ethi “vfs_widelinks”. Okwamanje, le mojula ilayishwa ngokuzenzakalelayo uma ipharamitha ethi "wide links = yebo" ikhona kuzilungiselelo. Ngokuzayo, kuhlelwe ukususa usekelo lwe-"wide links = yebo" ngenxa yezinkinga zokuphepha, futhi abasebenzisi be-samba bakhuthazwa kakhulu ukuthi basuke ku-"wide links = yebo" baye ekusebenziseni okuthi "mount --bind" ukuze bafake izingxenye zangaphandle ze uhlelo lwefayela.
- Ukwesekwa kwesilawuli sesizinda semodi yakudala kuhoxisiwe. Abasebenzisi bezilawuli zesizinda ezifana ne-NT4 ('classic') kufanele bashintshele ekusebenziseni izilawuli zesizinda se-Samba Active Directory ukuze bakwazi ukusebenza namaklayenti esimanje e-Windows.
- Izindlela zokuqinisekisa ezingavikelekile ezihoxisiwe ezingasetshenziswa kuphela ngephrothokholi ye-SMBv1: "amalogi esizinda", "i-NTLMv2 auth eluhlaza", "i-client plaintext auth", "client NTLMv2 auth", "client lanman auth" kanye "ne-client use spnego".
- Usekelo lwenketho ye-“ldap ssl ads” lususiwe ku-smb.conf. Inketho "yesiteshi seseva" kulindeleke ukuthi isuswe ekukhishweni okulandelayo.
Source: opennet.ru