Samba 4.17.0 Inosvika Nekuchengetedzwa Kwekuvandudza, SMB1-shoma Kuunganidzwa, uye Zvimwe

Munguva pfupi yapfuura kuburitswa kweshanduro nyowani yeSamba 4.17.0 yakaziviswa, iyo inoenderera mberi nekuvandudzwa kwebazi reSamba 4 nekushandiswa kuzere kwedomeine controller uye Active Directory sevhisi inoenderana neWindows 2008 kuita uye inogona kushandira ese mavhezheni eWindows Clients anotsigirwa neMicrosoft, kusanganisira windows 11

Kuburitswa kwe samba uku inosanganisira kuchinja uye kugadzirisa kwakasiyana yakabatanidzwa kubva mushanduro dzakapfuura dze 4.16.x bazi uye maitiro ayo matsva anocherekedza kuvandudzwa kwe optimization, dzimwe shanduko muhurongwa hwekuunganidza nezvimwe.

Main nyowani maficha eSamba 4.17.0

Mune iyi vhezheni itsva yeSamba 4.17.0, basa rakaitwa kuti ribvise kuderera kwekuita yemaseva eSMB akaremerwa izvo zvakaonekwa semhedzisiro yekuwedzera kuchengetedzwa kwenjodzi iyo inoshandura zvinongedzo zvekufananidzira. Mamwe ekugadzirisa akaitwa anosanganisira kudzikisira nharembozha kana uchitarisa zita redhairekitori uye kusashandisa zviitiko zvinokonzeresa paunenge uchigadzira makwikwi ekuita izvo zvinokonzeresa kunonoka.

Imwe shanduko inomira pachena ndeyekuti kugona kuunganidza Samba pasina SMB1 protocol rutsigiro muri smbd. Kudzima SMB1, iyo "-pasina-smb1-server" sarudzo inoshandiswa mukugadziriswa kuvaka script (inongobata smbd, SMB1 rutsigiro runochengetedzwa mumaraibhurari evatengi).

Kunze kwaizvozvo, yakaitwa 'nt hash store=never' setting, iyo inorambidza kuchengeta hashe password yeActive Directory vashandisi. Mukuburitswa kweramangwana, iyo 'nt hash store' marongero anozogara ari 'auto', ayo achashandisa 'never' modhi kana 'ntlm auth=disabled' marongero aripo.

Muchikamu cheCTDB chinokonzera kushanda kwezvirongwa zve cluster, zvinodiwa zve syntax ye ctdb.tunables file zvakaderedzwa. Samba painounganidzwa ne "-ne-cluster-rutsigiro" uye "-systemd-install-services" sarudzo, iyo systemd sevhisi yeCTDB inoiswa. ctdbd_wrapper script yakaregedzwa: Iyo ctdbd maitiro atotangwa zvakananga kubva kune systemd sevhisi kana kubva kune yekutanga script.

Yeimwe shanduko izvo zvakabatanidzwa mune iyi vhezheni itsva yeSamba:

• Chibatanidza chinopihwa kuti uwane iyo smbconf raibhurari API kubva kuPython kodhi.
• Ichishandisa MIT Kerberos 1.20, iyo "Bronze Bit" kurwisa (CVE-2020-17049) yakaitwa nekupfuura rumwe ruzivo pakati peKDC neKDB zvikamu. Iyo yakasarudzika KDC yakavakirwa paHeimdal Kerberos yakagadziriswa muna 2021.
•  Iwo 'add-principal' uye 'del-principal' subcommands awedzerwa kune samba-chishandiso delegation yekuraira kubata RBCDВ.
• Iyo yakasarudzika Heimdal Kerberos-yakavakirwa KDC haisati yatsigira RBCD modhi.
• Iyo yakavakirwa-mukati DNS sevhisi inopa kugona kushandura network chiteshi inogamuchira zvikumbiro (semuenzaniso, kumhanyisa imwe DNS server pane imwecheteyo system inodzosera zvimwe zvikumbiro kuSamba).
• Iyo smbstatus chirongwa ikozvino ine kugona kuratidza ruzivo muJSON fomati (inogoneswa ne "-json" sarudzo).
• Iyo domain controller inoshandisa tsigiro yeVakadzivirirwa Vashandisi chengetedzo boka, yakaunzwa muWindows Server 2012 R2, iyo isingatenderi kushandiswa kwemhando dzisina kusimba dzekunyorera (kune vashandisi veboka, rutsigiro rweNTLM kusimbiswa, Kerberos TGT yakavakirwa paRC4 , shoma uye isina muganho wekutumira kuremara).
• Yakabviswa tsigiro yekuchengetedza password uye LanMan-based authentication nzira (kuseta "lanman = yes authentication" iko zvino hakuna basa).

Chekupedzisira, kana iwe uchida kukwanisa kuziva zvakawanda nezvazvo, unogona kubvunza iwo ruzivo mu inotevera chinongedzo.

Dhawunirodha uye tora Samba 4.17.0

Zvakanaka, kune avo vanofarira kugona kuisa iyi nyowani vhezheni yeSamba kana kuda kuvandudza vhezheni yavo yapfuura kune iyi nyowani, vanofanira kuziva kuti samba inosanganisirwa muBuntu repositories, vanofanira kuziva kuti mapakeji haana kuvandudzwa kana shanduro itsva yabudiswa, saka isu tinosarudza munyaya iyi kukurudzira kuunganidzwa kweshanduro itsva, kubva kune yayo code code .

Iyo kodhi kodhi inogona kuwanikwa kubva chinotevera chinongedzo.