samba bug fix and enhancement update

Updated samba packages that fix several bugs and add an enhancement are now
available.

Samba is a suite of programs used by machines to share files, printers, and
other information.

These updated packages fix the following bugs:

* it was possible to use the smbd and nmbd commands to specify invalid port
numbers (higher than 65536), causing invalid ports to be created, and, in
some cases, a "port number definition: unsigned short" error. Now, when an
invalid port number is specified, the default port number is used.

* in certain situations, Windows® clients intermittently lost access to
Samba shares. Errors relating to "secrets.tdb", such as "tdb_lock failed on
list" and "alarm (10) timed out for key replay cache mutex in tdb", were
logged to the Samba log file.

* the "/etc/pam.d/samba" file was missing the following line, which caused
authentication to fail when "smb.conf" was configured with the "obey pam
restrictions = yes" option:

session required /lib/security/pam_stack.so service=system-auth

* missing sections in "/etc/pam.d/samba" caused password changes to fail,
when "smb.conf" was configured with the "pam password change = yes" option.

* due to a change in libsmbclient, it was not possible to rebuild the
"gnome-vfs2-2.8.2-8.6.EL4" package.

* communication problems with trusted domains from a Samba Domain
Controller, which caused an "Error looking up domain users" error when
running the "wbinfo -u" command, have been resolved.

* when Windows® clients performed file operations on files stored on a
Samba share, various error messages popped-up, and the "Event ID: 4322"
error was logged on the Windows® clients:

NetBT failed to process a request because it encountered OutOfResources
exception(s) in the last 1 hour.

* in the previous samba packages, it was not possible for Windows Vista™
clients, who have installed Windows Vista™ Service Pack 1, to access Samba
shares.

* when "Change Notify" was enabled on a Samba server, notifications of file
changes were lost. Red Hat Enterprise Linux 4 users need to install the
"gamin" package, and set "vfs object = notify_fam" in "smb.conf" to
activate notifications. In these updated packages, "Change Notify"
correctly sends notifications, which resolves this issue.

* Samba servers using the "net ads join" command to connect to a Windows
Server® 2003-based domain failed with "failed to gets channel session key
from server" and "NT_STATUS_ACCESS_DENIED" errors.

Note: these updated packages upgrade Samba to version 3.0.28. For a full
list of bug fixes and enhancements, refer to the Samba release notes:
http://us3.samba.org/samba/history/samba-3.0.28a.html

Users of samba are advised to upgrade to these updated packages, which
resolve these issues and add this enhancement.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

205353 - smbd allows ports higher than 65536.
291511 - update samba to 3.0.26a or later
377621 - Error acquiring lock on secrets.tdb
400581 - Incorrect /etc/pam.d/samba (causes authentication failure when obey pam restrictions = yes)
407101 - Critical Regression caused by CVE-2007-4572
422721 - Password change fails with samba pam module
428028 - samba 3.0.25b breaks rebuilds of stock RHEL4 packages
431709 - Adding a user to an ACL via Windows XP GUI gives away read access for owning group
431710 - After establish trust with AD, wbinfo -u does not work
431960 - 'Event ID: 4322' message appearing on windows systems that access samba shares (samba bug 4796)
438407 - 3.0.25b ntlmv2 auth compatibility with Vista SP1 clients
440463 - Notification of changes to files are lost
450652 - samba cannot join windows 2000 domains
450653 - Samba server can't authenticate to NT domain after 2008-05-28 update