[PATCH 2/2] s4:dsdb/rootdse: Support netlogon request

Andrew Bartlett abartlet at samba.org
Sun Oct 27 14:19:46 MDT 2013


Thank you so much for coming back with a patch.  

For the IP address issue, we have to patch ldapsrv_backend_Init() in
source4/ldap_server/ldap_backend.c to pass
conn->connection->remote_address in to ldb as an opaque, using
ldb_set_opaque() like we do with the "supportedSASLMechanisms" later in
that function.

Then you can get that again with ldb_get_opaque() in the rootdse code,
and it should all 'just work' :-)

On Sun, 2013-10-27 at 19:44 +0100, Benjamin Franzke wrote:
> This patch adds support for a netlogon ldap style request
> over the tcp socket.  This is available since win2k3+ [1].
> The automatic client join & configuration daemon "realmd" makes
> use of this ability.
> Realmd can now be used to join a computer to a samba 4 domain.
> (See also:
> https://lists.samba.org/archive/samba-technical/2013-October/095606.html)
> Tested with:
> ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
> And compared the result in wireshark with cldap request issued by
> examples/misc/cldap.pl.

Finally, can you add a test to our testsuite?  The existing tests are in
source4/torture/ldap/cldap.c, but these use UDP.  Tests for TCP LDAP are
in the other files in source4/torture/ldap, and hopefully you could
combine the two to test this over TCP.

I really, really appreciate you doing this, and for investigating the
history of the issue! 


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list