Has anyone seen a Windows Server return zero results to a CLDAP query for NetLogon servers?
Richard Sharpe
realrichardsharpe at gmail.com
Fri Oct 4 13:40:22 UTC 2019
On Thu, Oct 3, 2019 at 4:43 PM Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
>
> Hi folks,
>
> I have run into a situation where it seems the Windows DC is
> responding to CLDAP request, but returning zero responses.
>
> Samba send:
>
> searchRequest
> baseObject:
> scope: baseObject (0)
> derefAliases: neverDerefAliases (0)
> sizeLimit: 0
> timeLimit: 0
> typesOnly: False
> Filter: (&(&(NtVer=0x00000006)(DnsDomain=SOME.DOM))(AAC=00:00:00:00))
> filter: and (0)
> and: (&(&(NtVer=0x00000006)(DnsDomain=SOME.DOM))(AAC=00:00:00:00))
> and: 3 items
> Filter: (NtVer=0x00000006)
> and item: equalityMatch (3)
> equalityMatch
> Filter: (DnsDomain=GPJ.LOC)
> and item: equalityMatch (3)
> equalityMatch
> Filter: (AAC=00:00:00:00)
> and item: equalityMatch (3)
> equalityMatch
> attributes: 1 item
> AttributeDescription: NetLogon
>
> and the server responds:
>
> LDAPMessage searchResDone(3822) success [0 results]
> messageID: 3822
> protocolOp: searchResDone (5)
> searchResDone
> resultCode: success (0)
> matchedDN:
> errorMessage:
> [Response To: 5897]
> [Time: 0.001296000 seconds]
>
> After that Samba seems to declare that DC as a negative connection
> entry and cannot find any DCs.
>
> Has anyone seen this? Does anyone know how to configure Windows to do that?
Hmmm, according to the following a DC returns such a result if the
filter is invalid:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/249949c1-484c-48ad-b548-a31dd0ab2c93
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
More information about the samba-technical
mailing list