|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
change passwords via LDAP
From: Gabriel Kuri (gkuri
CSUPOMONA.EDU)
Date: Thu May 01 2003 - 00:26:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Windows 2000 Server has the ability to change user's passwords
in Active Directory via the LDAP interface. However, we've found this
functionality was broken in a patch Microsoft released
that is associated with security bulletin MS01-036,
and then later superseded by MS02-016.
We have implemented one time password synchronization between
our UNIX environment and Windows environment by changing
the Windows password via the LDAP interface. This
functionality, however, has been broken for several
months, and not until this week have we been able
to track it down to the patch associated with security
bulletin MS01-036. The output when attempting
the password change on a domain controller that
is running at Service Pack 3 is
"00000005: SecErr: DSID-03190C3D, problem 4003 (INSUFF_ACCESS_RIGHTS), data
0"
We setup a test domain controller part of the same forest, running Service
Pack 2 - unpatched,
and are able to change passwords. The perl script which handles the
password change performs the necessary delete and add operation per MS KB
article 269190.
Is anyone else successfully changing user's passwords via the LDAP interface
and running
Service Pack 3, or have other people run into this problem as well?
Note the ability to "reset" a user's password is still functional, only
password
changes via LDAP seem to be broken.
Thank You,
-----
Gabriel Kuri | Operating Systems & Network Analyst
Instructional and Information Technology Division
http://www.csupomona.edu/~iit | +1 909 979 6363
California State Polytechnic University, Pomona
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?
Contact mailto:AdvisoriesNTBugtraq.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]