RootDSE netlogon attribute NtVer values?

Michael B Allen ioplex at gmail.com
Mon Oct 15 23:24:25 GMT 2007


On 10/14/07, Dave Daugherty <dave.daugherty at centrify.com> wrote:
>
> Michael B Allen
> Sent: Friday, October 12, 2007 6:30 PM
> Subject: Re: RootDSE netlogon attribute NtVer values?
>
> On 10/12/07, Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > On Fri, 2007-10-12 at 18:27 -0400, Michael B Allen wrote:
> > > Hi,
> > >
> > > Hope you don't mind a protocol question but ...
> > >
> > > Regarding the cldap query for the netlogon attribute of the RootDSE,
> > > I'm trying to find a value for the NtVer filter parameter that works
> > > with both Windows 2003 and Windows 2000. I've been using
> \06\00\00\02
> > > like:
> > >
> > > (&(DnsDomain=W.NET)(NtVer=\06\00\00\02))
> > >
> > > simply because that is what I observed from XP but apparently
> Windows
> > > 2000 SP4 doesn't return a match for this at all. Or perhaps the
> > > problem is that I used regular ldap and not cldap?
> >
> > CLDAP queries that include the netlogon attribute are not normal LDAP
> > filters in any sense.  They are just queries with a few name-value
> pairs
> > included (the | and & are ignored), that expect sort-of-ldap like
> > responses.
>
> \06\00\00\00 works for both Win2k and Win2k3, unless the following
> registry value is set on the servers
>
> HKLM/System/CurrentControlSet/Services/NetLogon/Parameters/NT4Emulator
>
> Then you must use \06\00\00\01 - maybe some others would work too...

Hi Dave,

Excellent. I'll give that a try.

Thanks,
Mike


More information about the samba-technical mailing list