[MS-GPOL] 3.2.5.1.4 Site Search
Andreas Schneider
asn at samba.org
Tue Feb 20 13:52:05 UTC 2024
On Monday, 19 February 2024 17:52:59 CET Andreas Schneider via samba-technical
wrote:
> Hi,
>
> "[MS-GPOL] 3.2.5.1.4 Site Search" wants to know the site of the client.
>
> Details:
>
> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpol/
> c2ce6870-c863-40b0-94c1-73cf53b6e634
>
> In order to do that, it does a netr_DsRGetSiteName() on the local machine to
> the local rpc_server. If you sniff the network traffic, on the DC you can
> see that the clients rpc_server does a CLAP query:
>
> bin/ldbsearch --use-kerberos=no -H ldap://win-dc01.earth.milkyway.site -
> UAdministrator%Secret007! -b '' --scope=base
> '(&(DnsDomain=EARTH.MILKYWAY.SITE.)(Host=SAMBA1))(NtVer=0x20000016)'
> Netlogon # record 1
> dn:
> Netlogon::
> EwBcAFwAVwBJAE4ALQBEAEMAMAAxAAAAAABFAEEAUgBUAEgAAABsfosaQV2fQrJLMfR
> xuNCLAAAAAAAAAAAAAAAAAAAAAAVlYXJ0aAhtaWxreXdheQRzaXRlAMBGCFdJTi1EQzAxwEYKOK
> jA ffMDAAMAAAD/////
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
> I think this is actually the same as:
>
>
> $ wbinfo --dsgetdcname=earth.milkyway.site
> \\WIN-DC01.earth.milkyway.site
> \\192.168.56.10
> 1
> 1a8b7e6c-5d41-429f-b24b-31f471b8d08b
> earth.milkyway.site
> earth.milkyway.site
> 0xe003f3fd
> Default-First-Site-Name
> Default-First-Site-Name
>
>
> As samba-gpupdate is written in Python, the question is how to do a
> dsgetdcname() from Python? Could someone give some pointers?
>
librpc/ndr/ndr_nbt.c has ndr_pull_netlogon_samlogon_response()
However there is no unpack function available in
bin/default/librpc/gen_ndr/py_nbt.c for that. I can find the union etc. but
the unpack seems to be missing. How do I get that?
Best regards
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list