HP CIFS Server 3.0j Release Notes version A.02.03.
© Copyright 2008 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents Announcement.......................................................................................................................................5 Summary of changes in HP CIFS Server A.02.03.04.........................................................................5 Product Revision Number ................................................................................................................5 Fixes in HP CIFS Server A.02.03.04 ..................................................
List of Tables 1 2 3 4 Required Patches on HP-UX 11i v1 for winbind.............................................................................7 Required Patches on HP-UX 11i v1 for Kerberos v5 Client............................................................8 Required Patch on HP-UX 11i v2 for Kerberos v5 Client...............................................................
Announcement This document contains information about defect fixes provided in HP CIFS Server A.02.03.04, as well as other helpful information. HP CIFS Server A.02.03.04 is supported on HP-UX release 11i v1, v2 and 11i v3. The following list is a summary of the changes in this release. Summary of changes in HP CIFS Server A.02.03.04 • HP CIFS Server A.02.03.04 is based on Samba 3.0.22 with selected fixes from 3.0.25. It is a fix release that provides the CVE-2008-1105 security fix from Samba 3.0.
Fixes in HP CIFS Server A.02.03.04 HP CIFS Server A.02.03.04 provides the following defect fixes: • Security Defect CVE-2008-1105: Potential heap overflow in client code QXCR1000814745 There was a potential heap overflow caused by specifically crafting SMB response. • A sharing violation error occurred when using CFSM QXCR1000813571 This fix eliminates a critical problem where a sharing violation error occurred when running smbclient with CIFS File System Module (CFSM).
Installation and Patch Requirements for HP CIFS Server A.02.03.04 Operating System Requirements HP CIFS Server A.02.03.04 can install on the following operating systems: • • • HP-UX 11i v1 on HP 9000 computer systems.
Without these patches installed, you cannot change a user password using the HP-UX command passwd when the winbind entry is configured in /etc/nsswitch.conf. Kerberos Product and Patch Requirements Kerberos v5 Client with version 1.3.5 or later is required to support HP CIFS Server integration with a Windows 2003 ADS Domain Controller (DC). Kerberos Client version 1.0 was originally bundled on HP-UX 11i v1 and v2. Kerberos Client version 1.3.5.03 is bundled on HP-UX 11i v3.
Known Problems and Workarounds The following is a list of known problems and, where possible, the appropriate workarounds for the HP CIFS Server A.02.03.04: Problem Share mode security does not work with POSIX ACLs. Workaound Microsoft servers do not support share mode security and Windows NT ACLs. No workaround currently exists.
Workaround The current version of smbstatus disallows a normal user to initialize tdb files. A normal user must preform smbstatus after CIFS Server is started by root, or tdb files have been initialized. Problem Changing the password stored in the smbpasswd file from a Windows XP machine without the sign and seal patch will fail and corrupt the password for the user. Workaround The password must then be reset by the administrator if this occurs.
Workaround Set profile acls = yes for the profile share used for the user profile files. Do not set profile acls = yes on normal shares as this will result in incorrect ownership of the files created on those shares. Problem 64 bit Windows XP clients cannot connect to the CIFS Server when it is configured with smb.conf parameter "security=server".
Problem 64 bit Windows XP clients are unable to add a new ACE. Adding an ACE through Windows Explorer File->Properties->Security interface to a file or directory from a Windows XP Professional 64-bit edition results in an error that reads: This program cannot open the required dialog box because the specified computer cannot be determined to belong to a domain. Try again. Workaround There is no known workaround at this time.
Workaround One workaround is to close the Windows Explorer after the delete process is started. Beginning with A.02.03.01, another workaround is to set the "change notify timeout" smb.conf parameter to zero. When set to zero, change notification messages will not be sent and the long delays will not occur. Clients will then need to initiate updates (pressing F5) to view changes that may have occurred on the file share. Beginning with A.02.03.
