Iyo kuburitswa kweshanduro nyowani yeSamba 4.13, shanduro mairi mhinduro yekusagadzikana inowedzerwa iyo yakaonekwa mazuva mashoma apfuura ZeroLogon (CVE-2020-1472), pamusoro peichi chokwadi kuti mune iyi vhezheni itsva izvo Python zvido zvatochinja kuita vhezheni 3.6 uyezve nedzimwe shanduko.
Kune avo vasingazive Samba, ndokumbirawo muzive kuti ichi chirongwa chinoramba chichienderera mberi nekuvandudzwa kwebazi reSamba 4.x nekuzadzikiswa kwakazara kwesimba rekutonga uye Active Directory sevhisi, inoenderana neWindows 2000 kuitiswa uye inokwanisa kushandira mavhezheni ese eWindows. vatengi vanotsigirwa neMicrosoft, kusanganisira Windows 10.
Samba 4, ndiye multifunctional server chigadzirwa, iyo zvakare inopa kuitiswa kwefaera server, yekudhinda sevhisi uye yekusimbisa server (winbind).
Main nyowani maficha eSamba 4.13
Mune iyi vhezheni itsva yeprotocol ZeroLogon kushomeka kwekugadziriswa kunowedzerwa (CVE-2020-1472), iyo inogona kubvumidza anorwisa kuti awane kodzero dzevatariri pane domain controller pane masystem asingashandisi iyo "server schannel = yes" setting (Kana iwe uchida kuziva zvakawanda nezvazvoUnogona kutarisa chinyorwa chatinogovana nezvacho pano pablog. Iyo yekubatanidza ndeiyi)
Imwe shanduko yakaitwa mune iyi nyowani vhezheni yeSamba ndeyekuti iyo Minimum Python zvinodiwa zvakasimudzwa kubva Python 3.5 kuenda Python 3.6. Nepo kugona kuvaka dura refaira ne Python 2 kuchiri kuchengetedzwa (usati wamhanya ./configure 'uye' gadzira ', unofanirwa kuseta nharaunda inoshanduka' PYTHON = python2 '), asi mubazi rinotevera rinobviswa uye Python 3.6 ichazodiwa pakuumbwa.
Kune rimwe divi mashandiro acho "Wide links = hongu", iyo inobvumidza mafaera server maneja kuti vagadzire zvinongedzo kune imwe nzvimbo iri kunze kwechikamu cheSMB / CIFS chazvino, chakatamiswa kubva ku smbd kuenda kune chakasiyana "vfs_widelinks" module.
Parizvino, module iyi inotakurirwa otomatiki kana paine "wide link = yes" paramende mukugadzirisa.
Tsigiro ye "wide link = hongu" inorongwa kubviswa mune ramangwana nekuda kwekunetsekana kwekuchengetedza, uye vashandisi veSamba vanokurudzirwa zvakasimba kushandisa "mount -bind" kukwirisa zvikamu zvekunze zvefaira pane "wide links = yes".
Ziva kuti vanogadzira Samba vanokurudzira kuchinja chero zvimiro zvinoshandisa izvozvi "wide link = hongu" kushandisa zvinongedzo nekukasira sezvazvinogona, se "wide link = hongu" inzvimbo yekuchengeteka yatinoda kubvisa kubva kuSamba. Kufambisa chimiro kuita module yeVFS inobvumira izvi kuti zviitwe nenzira yakachena mune ramangwana.
Tsigiro yemubati wedomeini mune yakasarudzika modhi yakadzikiswa. Vashandisi veNT4 mhando ('classic') domain controllers vanofanirwa kutamira kune Samba Active Directory dhairekitori kuitira kuti vashande pamwe neazvino maWindows vatengi.
Nzira dzekuchengetedzeka dzisina kuchengetedzeka dzinogona kushandiswa chete neSMBv1 dzakadzikiswa: "domain logins", "raw NTLMv2 kuvimbiswa", "client plaintext authentication", "NTLMv2 kuvimbiswa kwevatengi", "authentication lanman client" uye "spnego client use".
Zvakare, rutsigiro rwe "ldap ssl ads" sarudzo kubva smb.conf yabviswa. Iyo inotevera vhezheni inotarisirwa kubvisa iyo "server chiteshi" sarudzo.
Kune dzimwe shanduko dzinomira dziri kubviswa kwe:
- Ldap ssl ads dzakabviswa
- smb2 inodzivisa kukiya kuteedzerana
- smb2 dzima oplock kuputsa kuyedza zvakare
- domain logins
- mbishi NTLMv2 kusimbiswa
- mutengi kubvuma chokwadi
- NTLMv2 munyori mutengi
- lanman auth mutengi
- Uchishandisa iyo spnego mutengi
- Chiteshi kubva kuseva chinobviswa mushanduro 4.13.0
- Iyo yakadzorwa smb.conf sarudzo "ldap ssl ads" yabviswa.
- Iyo yakadzoserwa "server schannel" smb.conf sarudzo inogona kubviswa mune yekupedzisira vhezheni 4.13.0.
Finalmente kana iwe uchida kuziva zvakawanda nezvazvo nezve shanduko mushanduro iyi nyowani yeSamba, unogona kuzviziva Mune inotevera chinongedzo.