[Samba] KB5029244...

Andrew Bartlett abartlet at samba.org
Thu Aug 10 21:28:57 UTC 2023

On Thu, 2023-08-10 at 20:56 +0200, Fabio Muzzi via samba wrote:
> On 10/08/2023 17.52, Philippe LeCavalier via samba wrote:
> > The solution is to update Samba to (security update to 4.17) so
> > that 166
> > (and possible 244) work from the client side. If you rely on a
> > client side
> > solution you will likely continuously revisit this issue.
> I know I have to update Samba, but it's a hard job on a lot of small
> installations, and it requires quite a lot of time.
> Windows has been backwards (Samba NT and Samba AD) compatible for
> almost 25 years (win98 to win10) and now it seems it's all over.
> Every patch breaks something.

To be clear, Microsoft has shown no indication that they intend to
unbreak this.  The change (which could have been less strict and so not boken Samba) was made for security reasons.  

The have discussed with us the change and the expected behaviour we
need to meet, but no suggestion has been made that they were going to
update the client on their side.  Even if they did, it wouldn't be
fast, the last time (when they changed a kerberos 'end of time' to 9999
and hit an overflow in Heimdal) it took a number of months and was done
via the quality branch, not the urgent things.

If there are still issues after you patch Samba, please let us know. 

Andrew Bartlett
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list