Inguqulelo entsha yeSamba 4.15.0 sele ikhutshiwe, iza nenkxaso ye-SMB3, uphuculo nokunye okuninzi

Mva nje ukukhutshwa kwenguqulelo entsha yeSamba 4.15.0 kwabhengezwa, eqhubeka nokuphuhliswa kwesebe le-Samba 4 ngofezekiso olupheleleyo lomlawuli wedomeyini kunye ne-Active Directory service.

Kule nguqulo intsha yeSamba ukugqitywa komsebenzi we-VFS kubonakalisiwe, Kananjalo kwaye yenziwe yangagqibekanga kwaye ukongeza ukuzinzisa inkxaso yolwandiso lwe-SMB3, umgca womyalelo waphuculwa, phakathi kwezinye izinto.

Iimpawu ezintsha zeSamba 4.15

Kule nguqulo intsha icacisiwe ukuba Umsebenzi we-VFS maxesha onyaka ugqityiwe kwaye ngenxa yezizathu zembali, ikhowudi kunye nokuphunyezwa kweseva yefayile ebotshelelwe ekusetyenzisweni kwendlela yefayile, esetyenzisiweyo, phakathi kwezinye izinto, yenkqubo ye-SMB2, eyaguqulelwa ukusebenzisa iinkcazo.

Ukuphuculwa kwehla kweza kuguqulela ikhowudi ebonelela ngokufikelela kwinkqubo yeserver yokusebenzisa iinkcazo zefayile endaweni yeendlela zefayile umzekelo fstat () isetyenziswa endaweni ye-stat () kunye ne-SMB_VFS_FSTAT () isetyenziswa endaweni ye-SMB_VFS_STAT ().

Ukuphunyezwa kwetekhnoloji ye-BIND's Dynamically Loaded Zones (DLZ), evumela abathengi ukuba bathumele izicelo zokudlulisa indawo ye-DNS kwiseva ye-BIND kwaye bafumane impendulo evela kwi-Samba, yongeze amandla okuchaza uluhlu lokufikelela ukumisela ukuba zeziphi na iinkonzo ezivunyelweyo ezinye azikho.

Enye into entsha ebonakalayo yile yenziwe ngokungagqibekanga kunye nenkxaso izinzile kulwandiso lwe-SMB3 (Multi-channel SMB3), evumela abathengi ukuba baseke unxibelelwano oluninzi ukuze bahambise ukuhanjiswa kwedatha kwiseshoni enye ye-SMB. Umzekelo, xa ungena kwifayile enye, imisebenzi ye-I / O inokusasazeka kunxibelelwano oluvulekileyo ngaxeshanye. Le ndlela iphucula ukusebenza kwaye inyuse ukunganyamezelani. Ukukhubaza i-multichannel ye-SMB3 kwi-smb.conf, tshintsha ukhetho lwe- "multichannel server server", ngoku enikwe amandla ngokungagungqi kwiqonga leLinux kunye neFreeBSD.

Kuyenzeka ukuba usebenzise i-samba-isixhobo somyalelo kulungelelwaniso lwe Samba olwakhiwe ngaphandle kwenkxaso yomlawuli wedomeyini esebenzayo (kunye nenketho "-ngaphandle kwe-ad-dc" echaziweyo). Kodwa kule meko, ayisiyiyo yonke imisebenzi efumanekayo, umzekelo, ubuchule bomyalelo 'wedomeyini yesamba isixhobo' silinganiselwe.

Kwelinye icala, kuqatshelwe ukuba ujongano lomgca wokuyalela luphuculwe kwaye ukhetho lomgca wokuyalela luphakanyisiwe Ukusetyenziswa kwezinto ezahlukeneyo ze-samba. Iinketho ezifanayo ziye zadityaniswa, ezahlukileyo kwizinto ezahlukeneyo, umzekelo, ukuphathwa kokukhetha okunxulumene nokubethela, ukusebenza ngemisayino yedijithali kunye nokusetyenziswa kweekerberos kudityanisiwe. Smb.conf ichaza useto ukuseta ukhetho olungagqibekanga kukhetho.

Kwakhona, yongeze inkxaso ye-Offline Domain Joyina indlela (ODJ), ekuvumela ukuba ujoyine ikhompyuter kwidomain ngaphandle kokunxibelelana ngqo nomlawuli wedomeyini. Kwiinkqubo ezisebenzayo ze-Unix-ezinje ngeSamba, 'net offlinejojoin' command inikezelwa ukujoyina, kwaye kwiWindows ungasebenzisa inkqubo esemgangathweni djoin.exe.

Olunye utshintsho ezibalaseleyo:

  • Ukubonisa iimpazamo kuzo zonke izinto ezisetyenziswayo, i-STDERR isetyenziselwa (ukuphuma kwi-STDOUT, ukhetho lwe - –debug-stdout) lubonelelwe).
    Ukhetho olongeziweyo "–umthengi-ukhuseleko = ucimile | uphawu | NONE
  • Iplagi ye-DLZ ye-DNS ayisasaxhasi amasebe ekhonkco 9.8 kunye no-9.9.
  • Ngokuzenzekelayo, uluhlu lweedomeyini ezithembakeleyo lukhubazekile xa uqala i-winbindd, evakalayo kwiintsuku ze-NT4, kodwa ayisihambelani kuLawulo olusebenzayo.
  • I-DCE / RPC iiseva ze-DNS ngoku zinokusetyenziswa sisixhobo se-samba kunye nezixhobo zeWindows ukwenza iirekhodi ze-DNS kwiseva yangaphandle.
  • Xa umthetho "samba-tool domain backup offline" uyenziwa, uqwalaselo oluchanekileyo lweetshixo kwindawo yogcino lwe-LMDB liqinisekisiwe ukukhusela ngokuchasene nokulungiswa kwedatha ngexesha lokugcina.
  • Inkxaso yolwimi lwesilingo lwe-SMB protocol iphelisiwe: SMB2_22, SMB2_24, kunye ne-SMB3_10, ezazisetyenziswa kuphela kwiinguqulelo zesilingo seWindows.
  • Uvavanyo lwakha ngovavanyo lokuphunyezwa kwesikhokelo esisebenzayo ngokusekwe kwi-MIT Kerberos, iimfuno ziphakanyisiwe zenguqulo yale phakheji. Ukwakha ngoku kufuna ubuncinci iMIT Kerberos 1.19 (ithunyelwe ngeFedora 34).
  • Inkxaso ye-NIS isusiwe.
  • Ukulungiswa komngcipheko we-CVE-2021-3671 onokuthi uvumele umsebenzisi ongagunyaziswanga ukuba atshixe isilawuli sedomeyini esisekwe kwi-Heimdal ukuba ipakethi ye-TGS-REQ ithunyelwe ngaphandle kwegama lomncedisi.

Gqibela ukuba unomdla wokwazi okungakumbi ngayoUngajonga iifayile ze iinkcukacha kwikhonkco elilandelayo.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.