Da fitowar sabon salo na Samba 4.13, sigar da an kara maganin matsalar rauni wanda aka gano kwanakin baya ZeroLogon (CVE-2020-1472), ban da gaskiyar cewa a cikin wannan sabon sigar bukatun Python sun riga sun canza zuwa sigar 3.6 da ma sauran canje-canje.
Ga waɗanda ba su san Samba ba, ya kamata ku sani cewa wannan aikin ne wanda ke ci gaba da haɓaka samba 4.x reshe tare da cikakken aiwatar da mai kula da yanki da sabis na Littafin Adireshi, mai dacewa da aiwatarwar Windows 2000 kuma mai iya hidimar dukkan sigar na abokan cinikin Windows waɗanda Microsoft ke tallafawa, gami da Windows 10.
Samba 4, shine - wani samfurin sabar mai aiki da yawa, wanda kuma ke samar da aiwatar da sabar fayil, sabis na bugawa da sabar tabbatarwa (winbind).
Babban sabon fasalin Samba 4.13
A cikin wannan sabon sigar yarjejeniya An ƙara gyara yanayin rauni na ZeroLogon (CVE-2020-1472), wanda zai iya ba maharin damar samun haƙƙin gudanarwa a kan mai kula da yanki akan tsarin da ba ya amfani da saitin "uwar garken schannel = eh" (Idan kanaso ka kara sani game dashiKuna iya bincika littafin da muka raba game dashi anan kan shafin yanar gizo. Haɗin haɗin shine wannan)
Wani canji da aka yi a cikin wannan sabon juzu'in Samba shine Mafi ƙarancin buƙatun Python an ɗaga daga Python 3.5 zuwa Python 3.6. Duk da yake ikon gina sabar fayil tare da Python 2 har yanzu ana kiyaye shi (kafin gudana ./configure 'da' make ', kuna buƙatar saita canjin yanayi' PYTHON = python2 '), amma a reshe na gaba za'a cire shi kuma Za a buƙaci Python 3.6 don tattarawa.
A gefe guda ayyuka "Wide links = eh", wanda ke bawa masu sarrafa sabar fayil damar ƙirƙirar hanyoyin haɗin alama zuwa wani yanki a waje da bangare na SMB / CIFS na yanzu, an koma daga smbd zuwa wani rukunin "vfs_widelinks" daban.
A halin yanzu, ana ɗora wannan rukunin ta atomatik idan akwai ma'aunin "m links = eh" a cikin sanyi.
Tallafawa don "hanyoyin haɗi masu yawa = eh" an shirya cirewa a nan gaba saboda matsalolin tsaro, ana ba masu amfani da samba ƙarfi da su yi amfani da "mount –bind" don ɗora sassan waje na tsarin fayiloli maimakon "wide links = yes".
Lura cewa masu haɓaka Samba sun ba da shawarar canza duk wasu abubuwan shigarwa waɗanda a halin yanzu suke amfani da "wide links = yes" don amfani da hawa mahada da wuri-wuri, tunda "hanyoyin masu fa'ida = eh" sune asalin saitunan tsaro waɗanda muke son cirewa daga Samba. Matsar da fasalin cikin tsarin VFS yana ba da damar yin hakan ta hanyar tsabta a gaba.
Taimako ga mai kula da yankin a cikin yanayi na yau da kullun ya yanke hukunci. Masu amfani da nau'in NT4 ('na gargajiya') masu kula da yankin dole ne su yi ƙaura zuwa masu kula da yankin Samba Active Directory don aiki tare da abokan cinikin Windows na zamani.
Hanyoyin tabbatar da rashin tsaro wadanda kawai za a iya amfani da su tare da SMBv1 sun lalace: "rajistar yanki", "ingantaccen NTLMv2 tantancewa", "ingantaccen bayanin kwastomomi", "Tantancewar kwastomomin NTLMv2", "abokin amfani da lasisi na lamin" da "amfani da abokin ciniki".
Hakanan, an cire tallafi don zaɓin "ldap ssl ads" daga smb.conf. Sigar ta gaba ana tsammanin cire zaɓi "tashar sabar".
Daga cikin sauran canje-canjen da suka yi fice sune kawar da:
- An cire tallan Ldap ssl
- smb2 yana kashe tabbatarwar jerin kulle
- smb2 musaki oplock break retry
- yankin shiga
- raw NTLMv2 ingantacce
- Tabbatar da bayanin abokin ciniki
- NTLMv2 auth abokin ciniki
- lanman auth abokin ciniki
- Amfani da abokin ciniki na spnego
- Za'a cire tashar daga sabar a cikin sigar 4.13.0
- An cire raunin zabin smb.conf "ldap ssl ads"
- Zaɓuɓɓukan "ɓarkewar sabar" sabar smb.conf maiyuwa an cire ta a cikin sigar ƙarshe 4.13.0
Finalmente idan kanaso ka kara sani game dashi game da canje-canje a cikin wannan sabon samfurin Samba, zaku iya sanin su A cikin mahaɗin mai zuwa.