[summary: quite a few people who have installed recent MS patches and use Samba as a NT style PDC (and, it appears, are using 2.2.8a) have an issue where they "cannot change" their passwords from the client side. "Cannot change" is in quotes because even though the client reports failure, the password has in fact been changed successfully. However, you can't expect an end user to know that, nor expect them to accept a negative response for a positive.]
>The problem seems to be related to Windows Hotfix KB828741. >Removing the hotfix through the control panel solved it for us. While this is a workaround, it is not an acceptable one. 828741 fixes vulnerabilities that affect RPC/DCOM and can allow a remote attacker to gain control of a machine. It's only a matter of time before someone writes a worm that takes advantage of this. Could some Samba developer PLEASE take time out of their very busy schedule and look into this issue? It's affecting quite a few people (if they know it or not) and needs to be addressed quickly. I've compared the security options from a working and non working XP pro machine and have not found any differences, but past that I don't know where to look. I suppose I can try exporting the entire registry and running a diff -- but I'm sure I'll still have thousands of lines to wade through after that. AFAICT, this appears to affect Samba 2.2.8a. Someone mentioned that 2.2.3a is unaffected and I haven't seen anyone complaining about 3.0.x yet. I'm sure there are many people in the same position that I'm in: 2.2.8a has been working just fine and there has been no reason to upgrade. If I have to I will, but it seems like this would be a simple client-side registry change or something similar. I think I speak for a lot of us when I say: thank you for any help at all you can give us. --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba