Has anyone seen a Windows Server return zero results to a CLDAP query for NetLogon servers?
Stefan Metzmacher
metze at samba.org
Fri Oct 4 14:24:11 UTC 2019
Am 04.10.19 um 15:40 schrieb Richard Sharpe via samba-technical:
> On Thu, Oct 3, 2019 at 4:43 PM Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
>>
>> Hi folks,
>>
>> I have run into a situation where it seems the Windows DC is
>> responding to CLDAP request, but returning zero responses.
>>
>> Samba send:
>>
>> searchRequest
>> baseObject:
>> scope: baseObject (0)
>> derefAliases: neverDerefAliases (0)
>> sizeLimit: 0
>> timeLimit: 0
>> typesOnly: False
>> Filter: (&(&(NtVer=0x00000006)(DnsDomain=SOME.DOM))(AAC=00:00:00:00))
>> filter: and (0)
>> and: (&(&(NtVer=0x00000006)(DnsDomain=SOME.DOM))(AAC=00:00:00:00))
>> and: 3 items
>> Filter: (NtVer=0x00000006)
>> and item: equalityMatch (3)
>> equalityMatch
>> Filter: (DnsDomain=GPJ.LOC)
>> and item: equalityMatch (3)
>> equalityMatch
>> Filter: (AAC=00:00:00:00)
>> and item: equalityMatch (3)
>> equalityMatch
>> attributes: 1 item
>> AttributeDescription: NetLogon
>>
>> and the server responds:
>>
>> LDAPMessage searchResDone(3822) success [0 results]
>> messageID: 3822
>> protocolOp: searchResDone (5)
>> searchResDone
>> resultCode: success (0)
>> matchedDN:
>> errorMessage:
>> [Response To: 5897]
>> [Time: 0.001296000 seconds]
>>
>> After that Samba seems to declare that DC as a negative connection
>> entry and cannot find any DCs.
>>
>> Has anyone seen this? Does anyone know how to configure Windows to do that?
>
> Hmmm, according to the following a DC returns such a result if the
> filter is invalid:
>
> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/249949c1-484c-48ad-b548-a31dd0ab2c93
I've seen strange things when sysvolReady was 0.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20191004/2e49464f/signature.sig>
More information about the samba-technical
mailing list