I-Samba 4.17.0 iFika ngoPhuculo loKhuseleko, ukuHlanganisa okungaphantsi kwe-SMB1, kunye nokunye

Mva nje ukukhutshwa kwenguqulelo entsha yeSamba 4.17.0 kwabhengezwa, eqhubeka nophuhliso lwesebe le-Samba 4 kunye nokuphunyezwa ngokupheleleyo komlawuli wesizinda kunye nenkonzo ye-Active Directory ehambelana nokuphunyezwa kwe-Windows 2008 kwaye inokukhonza zonke iinguqulelo ze-Windows Clients ezixhaswa yi-Microsoft, kuquka windows 11

Olu kukhutshwa kwesamba olutsha ibandakanya iinguqu ezahlukeneyo kunye nokulungiswa idityaniswe kwiinguqulelo zangaphambili zolungiso zesebe le-4.16.x kunye neempawu zayo ezintsha eziphawuleka kakhulu kukuphuculwa kokuphucula, utshintsho oluthile kwinkqubo yokuhlanganiswa nokunye.

Iimpawu ezintsha zeSamba 4.17.0

Kule nguqulo intsha yeSamba 4.17.0, umsebenzi wenziwe ukususa ukuhlehla kwentsebenzo yeeseva ezilayishiweyo ze-SMB eye yavela ngenxa yokongezwa kokhuseleko lobuthathaka ezilawula amakhonkco omfuziselo. Olunye ulungiso olwenziwayo luquka ukunciphisa iifowuni zesistim xa kujongwa igama likavimba weefayili kwaye ungasebenzisi iziganeko zokuqalisa xa kusetyenzwa imisebenzi ekhuphisanayo eyenza ulibaziseko.

Olunye utshintsho olubonakalayo kukuba ukukwazi ukuqokelela iSamba ngaphandle kwenkxaso yeprotocol ye-SMB1 kwi smbd. Ukukhubaza i-SMB1, i-"-ngaphandle-smb1-server" ukhetho luphunyeziwe kwiskripthi sokwakha uqwalaselo (ichaphazela kuphela i-smbd, inkxaso ye-SMB1 igcinwe kwiilayibrari zabaxhasi).

Ngaphandle koko, isetyenziswe 'nt hash store=never', ethintela ugcino lweehash igama lokugqithisa labasebenzisi bakaVimba oSebenzayo. Kukhupho lwexesha elizayo, i 'nt hash store' isethingi iya kuhlala iye kwi-'auto', eya kusebenzisa imo ethi 'soze' ukuba i-'ntlm auth=disabled' isicwangciso sikhona.

Kwicandelo le-CTDB elijongene nokusebenza koqwalaselo lwe-cluster, iimfuno ze-syntax yefayile ye-ctdb.tunables ziye zancitshiswa. Xa iSamba idityaniswe neenketho "-nge-cluster-support" kunye neenketho "-systemd-install-services", inkonzo ye-systemd ye-CTDB ihlonyelwe. ctdbd_wrapper script uyekiwe: Inkqubo ye-ctdbd ngoku iqalwe ngokuthe ngqo kwinkonzo yenkqubo okanye kwiskripthi sokuqalisa.

Olunye utshintsho ezidityaniswe kolu guqulelo lutsha lweSamba:

• Ikhonkco linikezelwe ukufikelela kwilayibrari ye-smbconf API ukusuka kwikhowudi yePython.
• Ukusebenzisa i-MIT Kerberos 1.20, uhlaselo lwe-"Bronze Bit" (CVE-2020-17049) luphunyezwe ngokudlula ulwazi olongezelelweyo phakathi kwe-KDC kunye ne-KDB. I-KDC engagqibekanga esekwe kwi-Heimdal Kerberos ilungisiwe ngo-2021.
•  I-'add-principal' kunye 'ne-del-principal' subcommands yongezwe kumyalelo we-samba-tool delegation to manage RBCDВ.
• I-Heimdal Kerberos-based KDC ayikaxhasi imo ye-RBCD.
• Inkonzo ye-DNS eyakhelwe-ngaphakathi inika amandla okutshintsha i-port yenethiwekhi efumana izicelo (umzekelo, ukuqhuba enye iseva ye-DNS kwinkqubo efanayo ehambisa izicelo ezithile kwi-Samba).
• Inkqubo ye-smbstatus ngoku inamandla okubonisa ulwazi kwifomathi ye-JSON (enikwe amandla ngokhetho "-json").
• Umlawuli wendawo uphumeza inkxaso yeqela lokhuseleko labasebenzisi abaKhuselweyo, elaziswa kwi-Windows Server 2012 R2, engavumeli ukusetyenziswa kweentlobo ze-encryption ezibuthathaka (kubasebenzisi beqela, inkxaso yoqinisekiso lwe-NTLM, i-Kerberos TGT esekelwe kwi-RC4 , ukugunyaziswa okulinganiselwe kunye nokungenamkhawulo bakhubazekileyo).
• Isusiwe inkxaso yokugcina igama eliyimfihlo kunye nendlela yokuqinisekisa esekwe kwi-LanMan (ukusetha "lanman=ewe uqinisekiso" akusasebenzi ngoku).

Okokugqibela, ukuba unomdla wokwazi ngakumbi ngayo, ungajongana neenkcukacha kwi ukulandela ikhonkco.

Khuphela kwaye ufumane iSamba 4.17.0

Ewe, kwabo banomdla wokukwazi ukufaka le nguqulo intsha yeSamba okanye bafuna ukuhlaziya ingxelo yabo yangaphambili kule intsha, kufuneka bazi ukuba i-samba ibandakanyiwe kwii-Ubuntu zokugcina, kufuneka bazi ukuba iipakethe azihlaziywa xa uguqulelo olutsha lukhutshwa, ngoko sikhetha kulo mzekelo ukucebisa ukuqulunqwa koguqulelo olutsha, kwikhowudi yomthombo wayo.

Ikhowudi yemvelaphi inokufunyanwa kuyo eli khonkco lilandelayo.