ukukhululwa , owaqhubeka nokuthuthukiswa kwegatsha ngokusetshenziswa okugcwele kwesilawuli sesizinda kanye nensizakalo ye-Active Directory ehambisana nokusetshenziswa Windows 2000 futhi iyakwazi ukuphatha zonke izinhlobo ezisekelwa yiMicrosoft Windows-amaklayenti, kufaka phakathi Windows 10I-Samba 4 iwumkhiqizo weseva osebenza ngezindlela eziningi ophinde unikeze iseva yefayela, isevisi yokuphrinta, kanye neseva yokuqinisekisa (i-winbind).
Ukhiye ku-Samba 4.13:
- Kwengezwe ukuvikelwa kokuba sengozini (CVE-2020-1472) ivumela umhlaseli ukuthi athole amalungelo okuphatha kusilawuli sesizinda kumasistimu angasebenzisi ukulungiselelwa kokuthi "isiteshi seseva = yebo".
- Isidingo esincane senguqulo yePython senyusiwe sisuka kuPython 3.5 saya kuPython 3.6. Amandla okwakha iseva yefayela ngePython 2 agcinwe okwamanje (ngaphambi kokuqalisa ./configure' futhi 'wenza' kufanele usethe ukuguquguquka kwemvelo 'PYTHON=python2'), kodwa egatsheni elilandelayo izosuswa futhi iPython 3.6 izodingeka ekwakheni.
- Umsebenzi othi “wide links = yebo”, ovumela abaphathi beseva yefayela ukuthi bakhe izixhumanisi ezingokomfanekiso endaweni engaphandle kwengxenye yamanje ye-SMB/CIFS, isusiwe ku-smbd yayiswa kumojula ehlukile ethi “vfs_widelinks”. Okwamanje, le mojula ilayishwa ngokuzenzakalelayo uma ipharamitha ethi "wide links = yebo" ikhona kuzilungiselelo. Ngokuzayo, kuhlelwe ukususa usekelo lwe-"wide links = yebo" ngenxa yezinkinga zokuphepha, futhi abasebenzisi be-samba bakhuthazwa kakhulu ukuthi basuke ku-"wide links = yebo" baye ekusebenziseni okuthi "mount --bind" ukuze bafake izingxenye zangaphandle ze uhlelo lwefayela.
- Объявлена устаревшей поддержка классического режима контроллера домена. Пользователям NT4-подобных контроллеров доменов (‘classic’) следует перейти на использования контроллеров домена Samba Active Directory для возможности работы с современными Windows-amaklayenti.
- Izindlela zokuqinisekisa ezingavikelekile ezihoxisiwe ezingasetshenziswa kuphela ngephrothokholi ye-SMBv1: "amalogi esizinda", "i-NTLMv2 auth eluhlaza", "i-client plaintext auth", "client NTLMv2 auth", "client lanman auth" kanye "ne-client use spnego".
- Usekelo lwenketho ye-“ldap ssl ads” lususiwe ku-smb.conf. Inketho "yesiteshi seseva" kulindeleke ukuthi isuswe ekukhishweni okulandelayo.
Source: opennet.ru
