-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 Apr 2004, Jason Balicki wrote:
> [summary: quite a few people who have installed recent > MS patches and use Samba as a NT style PDC (and, it > appears, are using 2.2.8a) have an issue where they > "cannot change" their passwords from the client side. > "Cannot change" is in quotes because even though the > client reports failure, the password has in fact been > changed successfully. However, you can't expect an end > user to know that, nor expect them to accept a negative > response for a positive.] > > >The problem seems to be related to Windows Hotfix KB828741. > >Removing the hotfix through the control panel solved it for us. > > > While this is a workaround, it is not an acceptable one. > > 828741 fixes vulnerabilities that affect RPC/DCOM and can > allow a remote attacker to gain control of a machine. It's > only a matter of time before someone writes a worm that > takes advantage of this. > > Could some Samba developer PLEASE take time out of their > very busy schedule and look into this issue? It's affecting > quite a few people (if they know it or not) and needs to > be addressed quickly. We're working towards a fix regarding 3.0.x. We'll have to decide what to do about 2.2.8a once we resolve the issue in 3.0. Thanks for being patient. cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFAlXjbIR7qMdg1EfYRAm4vAKCuBt9lfIx+Pv449Rn5A0XBfReQCACfQ9Rx gJpLBDIqBD1ujlRuOK1WhDI= =Ycf9 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba