password change block for 3.0.14

Luke Howard lukeh at
Fri Apr 8 04:05:19 GMT 2005

Also, before Windows issues a password change RPC, it makes a SAM
RPC to retrieve the password policy; this determines which RPC is
subsequently used to change the user's password.

-- Luke

>From: "Gerald (Jerry) Carter" <jerry at>
>Subject: Re: password change block for 3.0.14
>To: "Gerald (Jerry) Carter" <jerry at>
>Cc: Multiple recipients of list SAMBA-TECHNICAL <samba-technical at>
>Date: Thu, 07 Apr 2005 23:00:32 -0500
>Hash: SHA1
>Gerald (Jerry) Carter wrote:
>| Gerald (Jerry) Carter wrote:
>| | I've hit a stumbling block for 3.0.14 (fixes for Win2003 sp1).
>| | A user logged onto a Win2k sp1 client cannot change her password
>| | on a Samba DC.
>| |
>| | The client uses an older RPC against a Samba PDC (samr 0x26 -
>| | ChangePasswordUser() ).  Where as as when joined to an NT 4 Domain,
>| | the client uses a different call ( samr 0x37 -
>| | SamrUnicodeChangePWUser2() ).
>| |
>| | My best guess is that the change is caused by the NTLMSSP auth
>| | negotiate tagged onto the RPC bind ACK from the Samba box.
>| This should have said absence of NTLMSSP auth (privacy) when
>| talking to the Samba box.  However, apparently Samba 3 doesn't
>| have server support for the NTLMSSP AUTH on rpc binds.
>| I found the rpc fault ealier up in the trace.
>scratch that.  Last mail tonight I think.  The issue is the presence
>of multiple context id's causing us to misparse the pdu.
>cheers, jerry
>Version: GnuPG v1.2.5 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list