[PATCH 2/2] s4:dsdb/rootdse: Support netlogon request
Andrew Bartlett
abartlet at samba.org
Sun Oct 27 14:19:46 MDT 2013
First,
Thank you so much for coming back with a patch.
For the IP address issue, we have to patch ldapsrv_backend_Init() in
source4/ldap_server/ldap_backend.c to pass
conn->connection->remote_address in to ldb as an opaque, using
ldb_set_opaque() like we do with the "supportedSASLMechanisms" later in
that function.
Then you can get that again with ldb_get_opaque() in the rootdse code,
and it should all 'just work' :-)
On Sun, 2013-10-27 at 19:44 +0100, Benjamin Franzke wrote:
> This patch adds support for a netlogon ldap style request
> over the tcp socket. This is available since win2k3+ [1].
>
> The automatic client join & configuration daemon "realmd" makes
> use of this ability.
> Realmd can now be used to join a computer to a samba 4 domain.
> (See also:
> https://lists.samba.org/archive/samba-technical/2013-October/095606.html)
>
> Tested with:
> ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
>
> And compared the result in wireshark with cldap request issued by
> examples/misc/cldap.pl.
Finally, can you add a test to our testsuite? The existing tests are in
source4/torture/ldap/cldap.c, but these use UDP. Tests for TCP LDAP are
in the other files in source4/torture/ldap, and hopefully you could
combine the two to test this over TCP.
I really, really appreciate you doing this, and for investigating the
history of the issue!
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list