Has anyone seen a Windows Server return zero results to a CLDAP query for NetLogon servers?

Stefan Metzmacher metze at samba.org
Fri Oct 4 14:24:11 UTC 2019


Am 04.10.19 um 15:40 schrieb Richard Sharpe via samba-technical:
> On Thu, Oct 3, 2019 at 4:43 PM Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
>>
>> Hi folks,
>>
>> I have run into a situation where it seems the Windows DC is
>> responding to CLDAP request, but returning zero responses.
>>
>> Samba send:
>>
>> searchRequest
>>     baseObject:
>>     scope: baseObject (0)
>>     derefAliases: neverDerefAliases (0)
>>     sizeLimit: 0
>>     timeLimit: 0
>>     typesOnly: False
>>     Filter: (&(&(NtVer=0x00000006)(DnsDomain=SOME.DOM))(AAC=00:00:00:00))
>>         filter: and (0)
>>             and: (&(&(NtVer=0x00000006)(DnsDomain=SOME.DOM))(AAC=00:00:00:00))
>>                 and: 3 items
>>                     Filter: (NtVer=0x00000006)
>>                         and item: equalityMatch (3)
>>                             equalityMatch
>>                     Filter: (DnsDomain=GPJ.LOC)
>>                         and item: equalityMatch (3)
>>                             equalityMatch
>>                     Filter: (AAC=00:00:00:00)
>>                         and item: equalityMatch (3)
>>                             equalityMatch
>>     attributes: 1 item
>>         AttributeDescription: NetLogon
>>
>> and the server responds:
>>
>> LDAPMessage searchResDone(3822) success [0 results]
>>     messageID: 3822
>>     protocolOp: searchResDone (5)
>>         searchResDone
>>             resultCode: success (0)
>>             matchedDN:
>>             errorMessage:
>>     [Response To: 5897]
>>     [Time: 0.001296000 seconds]
>>
>> After that Samba seems to declare that DC as a negative connection
>> entry and cannot find any DCs.
>>
>> Has anyone seen this? Does anyone know how to configure Windows to do that?
> 
> Hmmm, according to the following a DC returns such a result if the
> filter is invalid:
> 
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/249949c1-484c-48ad-b548-a31dd0ab2c93

I've seen strange things when sysvolReady was 0.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20191004/2e49464f/signature.sig>


More information about the samba-technical mailing list