Munguva pfupi yapfuura kuburitswa kweshanduro nyowani yeSamba 4.15.0 yakaziviswa, iyo inoenderera mberi nekuvandudzwa kwebazi reSamba 4 nekuzadzikiswa kuzere kwedomain controller uye Active Directory sevhisi.
Mune iyi vhezheni itsva yeSamba kupera kwebasa reVFS rakasimbiswa, uye zvakare yakagoneswa nekutadza uye pamusoro pekudzikamisa rutsigiro rweiyo SMB3 yekuwedzera, rairo yekuraira yakavandudzwa, pakati pezvimwe zvinhu.
Main nyowani maficha eSamba 4.15
Mune iyi vhezheni nyowani zvakasimbiswa izvo VFS dura remazuva ano basa rapera uye nekuda kwezvikonzero zvekare, kodhi ine faira server yekumisikidza yakasungirwa kune faira nzira kugadzirisa, iyo yaishandiswa, pakati pezvimwe zvinhu, yeiyo SMB2 protocol, iyo yakashandurwa kushandisa zvitsananguro.
Yemazuva ano yakauya pakududzira kodhi iyo inopa mukana weiyo server faira system kushandisa faira zvitsananguro pachinzvimbo chefaira nzira eg fstat () inoshandiswa pachinzvimbo che stat () uye SMB_VFS_FSTAT () inoshandiswa panzvimbo pe SMB_VFS_STAT ().
Kuitwa kweBIND's Dynamically Loaded Zones technology (DLZ) tekinoroji, iyo inoita kuti vatengi vatumire DNS zone yekuchinjisa zvikumbiro kune BIND server uye vagamuchire mhinduro kubva kuSamba, yawedzera kugona kutsanangura marondedzero ekuwana kuti vaone izvo Vatengi vanobvumidzwa zvikumbiro zvakadaro uye izvo dzimwe hadzisi.
Chimwe chinhu chitsva chinoratidzika ndechekuti yakagoneswa nekukasira pamwe nerutsigiro rwakasimbiswa kune iyo SMB3 yekuwedzera (Multichannel SMB3), iyo inobvumidza vatengi kumisikidza kwakawanda kubatana kuti vaenzanise kuendesa kwedatha mukati meimwe chete SMB chikamu. Semuenzaniso, kana uchiwana iyo imwecheteyo faira, I / O mashandiro anogona kutenderedzwa kune akawanda akavhurika kubatana panguva imwe chete. Iyi nzira inovandudza mashandiro uye inowedzera kukanganisa kushivirira. Kuremadza multichannel SMB3 mu smb.conf, chinja iyo "multichannel server rutsigiro" sarudzo, iyo ikozvino inogoneswa nekutadza paLinux neFreeBSD mapuratifomu.
Izvo zvinokwanisika kushandisa iyo samba-chishandiso kuraira muSamba masisitimu akavakwa pasina Active Directory domain controller rutsigiro (ine "- Pasina-ad-dc" sarudzo yakatsanangurwa). Asi mune ino kesi, haazi ese mashandiro aripo, semuenzaniso kugona kwemutemo 'samba chishandiso dura' kune mashoma.
Pane rimwe divi, zvinozivikanwa kuti rairo yekumiraini interface yakagadziridzwa uye nyowani yekuraira mutsara sarudzo sarudzo yakagadziriswa yekushandisa mune dzakasiyana samba zvinoshandiswa. Sarudzo dzakafanana dzakabatanidzwa, dzinosiyana muzvishandiso zvakasiyana, semuenzaniso, kubata kwesarudzo dzine chekuita nekunyorera, kushanda nemasaini edhijitari uye kushandiswa kwekerberos kwakabatana. Smb.conf inotsanangura marongero ekumisikidza sarudzo dzekutanga dzesarudzo.
Uyewo, yakawedzera rutsigiro rweOffline Domain Join mashandiro (ODJ), iyo inobvumidza iwe kujoinisa komputa kune duraini pasina kutaura zvakananga nedomain controller. Pane Unix-senge Samba-yakavakirwa masisitimu anoshanda, iyo 'net offlinejoin' rairo inopihwa kujoina, uye paWindows unogona kushandisa yakajairwa djoin.exe chirongwa.
Yeimwe shanduko izvo zvinomira pachena:
- Kuti uratidze zvikanganiso mune zvese zvinoshandiswa, STDERR inoshandiswa (pakuburitsa ku STDOUT, iyo "-debug-stdout" sarudzo inopihwa).
Yakawedzerwa sarudzo "- mutengi-dziviriro = wabvisa | chiratidzo | encrypt '. - Iyo DLZ DNS plugin haichabatsiri matavi ekubatanidza 9.8 uye 9.9.
- Nekutadza, domains anovimbwa mazita ekunyora parimendi akaremara kana uchitanga winbindd, yaive nemusoro mumazuva NT4, asi haina kukodzera kuAlex Directory.
- DCE / RPC DNS maseva anogona ikozvino kushandiswa nesamba chishandiso uye Windows zvishandiso kushandisa DNS zvinyorwa pane yekunze server.
- Kana iwo murairo "samba-chishandiso domain backup backup" ikaitwa, kurongedzwa kwakakodzera kwemakiyi mudhatabhesi reLMDB kunovimbiswa kudzivirira kubva mukushandurwa kwedata rakafanana panguva yegadziriro.
- Tsigiro yemitauro yekuyedza yeSMB protocol yamiswa: SMB2_22, SMB2_24, uye SMB3_10, iyo yaishandiswa chete mukuyedza shanduro dzeWindows.
- Ongororo inovaka pamwe nekuyedza Active Directory yekumisikidza zvichibva paMIT Kerberos, zvinodikanwa zvakasimudzwa kune vhezheni yepakeji iyi. Zvivakwa zvino zvinoda zvirinani MIT Kerberos 1.19 (inotumirwa neFedora 34).
- Tsigiro yeNIS yabviswa.
- Yakagadzirisa iyo CVE-2021-3671 kudzvinyirira iyo inogona kubvumidza mushandisi asina kuvimbiswa kukiya pasi Heimdal KDC-based domain controller kana TGS-REQ packet yatumirwa isina zita reseva.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa iyo ruzivo mune inotevera chinongedzo.