[Samba] SAMBA DEVELOPERS PLEASE READ WAS: RE: password change, domain not available

Gerald (Jerry) Carter jerry at samba.org
Sun May 2 22:40:27 GMT 2004

Hash: SHA1

On Thu, 22 Apr 2004, Jason Balicki wrote:

> [summary:  quite a few people who have installed recent
> MS patches and use Samba as a NT style PDC (and, it
> appears, are using 2.2.8a) have an issue where they
> "cannot change" their passwords from the client side.
> "Cannot change" is in quotes because even though the
> client reports failure, the password has in fact been
> changed successfully. However, you can't expect an end
> user to know that, nor expect them to accept a negative
> response for a positive.]
> >The problem seems to be related to Windows Hotfix KB828741. 
> >Removing the hotfix through the control panel solved it for us.
> While this is a workaround, it is not an acceptable one.
> 828741 fixes vulnerabilities that affect RPC/DCOM and can
> allow a remote attacker to gain control of a machine.  It's
> only a matter of time before someone writes a worm that
> takes advantage of this.
> Could some Samba developer PLEASE take time out of their
> very busy schedule and look into this issue?  It's affecting
> quite a few people (if they know it or not) and needs to
> be addressed quickly.

We're working towards a fix regarding 3.0.x.  We'll have to 
decide what to do about 2.2.8a once we resolve the issue in 3.0.  
Thanks for being patient.

cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting 
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/


More information about the samba mailing list