I-Samba 4.17.0 Ifika Nokuthuthukisiwe Kokuvikela, Ukuhlanganiswa Okungaphansi kwe-SMB1, nokunye

Darkcrizt

Imizuzu ye-4

I-Samba isethi ejwayelekile yezinhlelo zokusebenza ze-Windows ze-Linux ne-Unix.

I-Samba iwumkhiqizo weseva osebenza ngezindlela eziningi, ophinde uhlinzeke ngokusetshenziswa kweseva yefayela, isevisi yokuphrinta, kanye neseva kamazisi (winbind).

Muva nje kukhishwe inguqulo entsha yeSamba 4.17.0, eqhubeka nokuthuthukiswa kwegatsha le-Samba 4 ngokusetshenziswa okugcwele kwesilawuli sesizinda kanye nesevisi ye-Active Directory ehambisana nokuqaliswa kwe-Windows 2008 futhi inganikeza zonke izinguqulo ze-Windows Clients ezisekelwa yi-Microsoft, kuhlanganise windows 11

Lokhu kukhishwa kwe-samba okusha ihlanganisa izinguquko nezilungiso ezihlukahlukene kuhlanganiswe ezinguqulweni zangaphambili zokulungisa zegatsha le-4.16.x nezici zayo ezintsha eziphawuleka kakhulu ukuthuthukiswa kokulungiselelwa, izinguquko ezithile kunqubo yokuhlanganisa nokunye.

Izici ezintsha eziyinhloko zeSamba 4.17.0

Kule nguqulo entsha yeSamba 4.17.0, kwenziwe umsebenzi ukususa ukuhlehla kokusebenza yamaseva e-SMB alayishiwe okuvele njengomphumela wokwengeza ukuvikelwa kokuba sengozini ezilawula izixhumanisi ezingokomfanekiso. Okunye ukulungiselelwa okwenziwe kubandakanya ukunciphisa amakholi esistimu lapho kuhlolwa igama lenkomba futhi kungasebenzisi imicimbi yokuqalisa lapho kucutshungulwa imisebenzi eqhudelanayo ebangela ukubambezeleka.

Olunye ushintsho olugqamayo ukuthi ikhono lokuhlanganisa i-Samba ngaphandle kokusekelwa kwephrothokholi ye-SMB1 kwe smbd. Ukuze ukhubaze i-SMB1, inketho ethi "-without-smb1-server" isetshenziswa kusikripthi sokwakha sokumisa (ithinta kuphela i-smbd, ukusekelwa kwe-SMB1 kugcinwa kumalabhulali amaklayenti).

Ngaphandle kwalokho, sebenzisa isilungiselelo esithi 'nt hash store=never', esivimbela ukugcina ama-hash iphasiwedi yabasebenzisi be-Active Directory. Ekukhishweni okuzayo, isilungiselelo se-'nt hash store' sizozenzakalelayo siye ku-'auto', esizosebenzisa imodi ethi 'never' uma isilungiselelo se-'ntlm auth=disabled' sikhona.

Engxenyeni ye-CTDB ebhekele ukusebenza kokucushwa kweqoqo, izimfuneko ze-syntax yefayela elithi ctdb.tunables zehlisiwe. Uma i-Samba ihlanganiswa nezinketho ze-“–with-cluster-support” kanye “–systemd-install-services”, isevisi ye-systemd ye-CTDB iyafakwa. Isikripthi se-ctdbd_wrapper sinqanyuliwe: Inqubo ye-ctdbd manje isiqalwa ngokuqondile kusevisi ye-systemd noma kuskripthi sokuqalisa.

Kwezinye izinguquko ezihlanganiswe kule nguqulo entsha ye-Samba:

  • Isixhumanisi sinikezwa ukufinyelela i-API yelabhulali ye-smbconf kusuka kukhodi ye-Python.
  • Kusetshenziswa i-MIT Kerberos 1.20, ukuhlasela kwe-"Bronze Bit" (CVE-2020-17049) kwaqaliswa ngokudlulisa ulwazi olwengeziwe phakathi kwezingxenye ze-KDC ne-KDB. I-KDC esekelwe ku-Heimdal Kerberos ezenzakalelayo isilungisiwe ngo-2021.
  •  Imiyalo engaphansi ethi 'engeza-uthishanhloko' kanye 'ne-del-principal' yengezwe emyalweni wokuthumela we-samba-tool ukuphatha i-RBCDВ.
  • I-KDC esekelwe ku-Heimdal Kerberos ezenzakalelayo ayikasekeli imodi ye-RBCD.
  • Isevisi ye-DNS eyakhelwe ngaphakathi inikeza amandla okushintsha imbobo yenethiwekhi ethola izicelo (isibonelo, ukusebenzisa enye iseva ye-DNS kusistimu efanayo eqondisa kabusha izicelo ezithile ku-Samba).
  • Uhlelo lwe-smbstatus manje lunamandla okubonisa ulwazi ngefomethi ye-JSON (enikwe amandla ngenketho ethi “–json”).
  • Isilawuli sesizinda sisebenzisa ukusekelwa kweqembu lokuvikela labasebenzisi Abavikelwe, elethulwe ku-Windows Server 2012 R2, elingakuvumeli ukusetshenziswa kwezinhlobo zokubethela ezibuthakathaka (kubasebenzisi beqembu, ukusekelwa kokuqinisekisa kwe-NTLM, i-Kerberos TGT okusekelwe ku-RC4 , ukuthunyelwa okulinganiselwe nokungenamkhawulo khubaziwe).
  • Ukwesekwa okukhishiwe kokugcinwa kwephasiwedi kanye nendlela yokuqinisekisa esekelwe ku-LanMan (ukusetha okuthi "lanman=yebo ubuqiniso" akusasebenzi).

Okokugcina, uma ungathanda ukwazi okwengeziwe ngakho, ungathintana nemininingwane ku isixhumanisi esilandelayo.

Landa futhi uthole i-Samba 4.17.0

Yebo, kulabo abanentshisekelo yokukwazi ukufaka le nguqulo entsha yeSamba noma abafuna ukubuyekeza inguqulo yabo yangaphambilini kule entsha, kufanele bazi ukuthi i-samba ifakiwe kumakhosombe e-Ubuntu, kufanele bazi ukuthi amaphakheji awabuyekezwa lapho kukhululwa inguqulo entsha, ngakho-ke sikhetha kulokhu ukuncoma ukuhlanganiswa kwenguqulo entsha, kusukela kukhodi yayo yomthombo .

Ikhodi yomthombo ingatholakala ku isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.