[Samba] SAMBA DEVELOPERS PLEASE READ WAS: RE: password change, domain not available

[Jason Balicki]

[summary:  quite a few people who have installed recent
MS patches and use Samba as a NT style PDC (and, it
appears, are using 2.2.8a) have an issue where they
"cannot change" their passwords from the client side.
"Cannot change" is in quotes because even though the
client reports failure, the password has in fact been
changed successfully. However, you can't expect an end
user to know that, nor expect them to accept a negative
response for a positive.]

>The problem seems to be related to Windows Hotfix KB828741. 
>Removing the hotfix through the control panel solved it for us.


While this is a workaround, it is not an acceptable one.

828741 fixes vulnerabilities that affect RPC/DCOM and can
allow a remote attacker to gain control of a machine.  It's
only a matter of time before someone writes a worm that
takes advantage of this.

Could some Samba developer PLEASE take time out of their
very busy schedule and look into this issue?  It's affecting
quite a few people (if they know it or not) and needs to
be addressed quickly.

I've compared the security options from a working and non
working XP pro machine and have not found any differences,
but past that I don't know where to look.  I suppose I can
try exporting the entire registry and running a diff --
but I'm sure I'll still have thousands of lines to wade
through after that.

AFAICT, this appears to affect Samba 2.2.8a.  Someone
mentioned that 2.2.3a is unaffected and I haven't seen
anyone complaining about 3.0.x yet.  I'm sure there are
many people in the same position that I'm in:  2.2.8a
has been working just fine and there has been no reason
to upgrade.  If I have to I will, but it seems like this
would be a simple client-side registry change or something
similar.

I think I speak for a lot of us when I say:  thank you
for any help at all you can give us.

--J(K)