CLDAP-style NetLogon query over TCP

Benjamin Franzke benjaminfranzke at
Fri Oct 18 06:55:16 MDT 2013

Hi list,

I would like to know whether netlogon queries over TCP are currently
possible with samba 4?
According to the wireshark wiki[1] that is supported as of win 2k3 server.

The automatic client join&configuration daemon realmd makes use of that
(it checks whether the server reports win2k3+) and currently returns:
    ! Received invalid or unsupported Netlogon data from server

I tried to reproduce realmd's beaviour with ldapsearch:
ldapsearch -h dc -x -b '' -s base
"(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon

This returns zero results when "dc" is a samba 4 server. (Thats why the
error invalid)
But with a windows 2k8 server I got a netlogon result:
netlogon:: [....]

I found no tcp initialization in the cldap server code[2], or any hooks in
ldap_server that call into cldap_request. Am i overseeing something?
(I'm asking since metze said on irc: 13:55 < metze> bnf: samba4 should also
support it over tcp)

Is it planned to add this to samba or should realmd be fixed to always use
udp for cldap-style netlogon queries? (though i guess, since AD does this,
samba more or less has to support it..)

Thanks, Ben


More information about the samba-technical mailing list