CLDAP-style NetLogon query over TCP
Andrew Bartlett
abartlet at samba.org
Fri Oct 18 16:56:23 MDT 2013
On Fri, 2013-10-18 at 14:55 +0200, Benjamin Franzke wrote:
> Hi list,
>
> I would like to know whether netlogon queries over TCP are currently
> possible with samba 4?
> According to the wireshark wiki[1] that is supported as of win 2k3 server.
>
> The automatic client join&configuration daemon realmd makes use of that
> feature
> (it checks whether the server reports win2k3+) and currently returns:
> ! Received invalid or unsupported Netlogon data from server
>
> I tried to reproduce realmd's beaviour with ldapsearch:
> ldapsearch -h dc -x -b '' -s base
> "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
>
> This returns zero results when "dc" is a samba 4 server. (Thats why the
> error invalid)
> But with a windows 2k8 server I got a netlogon result:
> dn:
> netlogon:: [....]
>
> I found no tcp initialization in the cldap server code[2], or any hooks in
> ldap_server that call into cldap_request. Am i overseeing something?
> (I'm asking since metze said on irc: 13:55 < metze> bnf: samba4 should also
> support it over tcp)
>
> Is it planned to add this to samba or should realmd be fixed to always use
> udp for cldap-style netlogon queries? (though i guess, since AD does this,
> samba more or less has to support it..)
Patches to hook this into the rootdse.c ldb_module would be welcome.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list