RootDSE netlogon attribute NtVer values?

Andrew Bartlett abartlet at
Fri Oct 12 22:30:29 GMT 2007

On Fri, 2007-10-12 at 18:27 -0400, Michael B Allen wrote:
> Hi,
> Hope you don't mind a protocol question but ...
> Regarding the cldap query for the netlogon attribute of the RootDSE,
> I'm trying to find a value for the NtVer filter parameter that works
> with both Windows 2003 and Windows 2000. I've been using \06\00\00\02
> like:
> (&(DnsDomain=W.NET)(NtVer=\06\00\00\02))
> simply because that is what I observed from XP but apparently Windows
> 2000 SP4 doesn't return a match for this at all. Or perhaps the
> problem is that I used regular ldap and not cldap?

CLDAP queries that include the netlogon attribute are not normal LDAP
filters in any sense.  They are just queries with a few name-value pairs
included (the | and & are ignored), that expect sort-of-ldap like

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list