[MS-GPOL] 3.2.5.1.4 Site Search
Rowland Penny
rpenny at samba.org
Mon Feb 19 17:47:08 UTC 2024
On Mon, 19 Feb 2024 17:52:59 +0100
Andreas Schneider via samba-technical <samba-technical at lists.samba.org>
wrote:
> Hi,
>
> "[MS-GPOL] 3.2.5.1.4 Site Search" wants to know the site of the
> client.
>
> Details:
>
> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpol/
> c2ce6870-c863-40b0-94c1-73cf53b6e634
>
> In order to do that, it does a netr_DsRGetSiteName() on the local
> machine to the local rpc_server. If you sniff the network traffic, on
> the DC you can see that the clients rpc_server does a CLAP query:
>
> bin/ldbsearch --use-kerberos=no -H
> ldap://win-dc01.earth.milkyway.site - UAdministrator%Secret007! -b ''
> --scope=base
> '(&(DnsDomain=EARTH.MILKYWAY.SITE.)(Host=SAMBA1))(NtVer=0x20000016)'
> Netlogon # record 1 dn:
> Netlogon::
> EwBcAFwAVwBJAE4ALQBEAEMAMAAxAAAAAABFAEEAUgBUAEgAAABsfosaQV2fQrJLMfR
> xuNCLAAAAAAAAAAAAAAAAAAAAAAVlYXJ0aAhtaWxreXdheQRzaXRlAMBGCFdJTi1EQzAxwEYKOKjA
> ffMDAAMAAAD/////
Have you tried adding '--show-binary' to your ldbsearch to see if you
get the result in a readable form ?
Rowland
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
> I think this is actually the same as:
>
>
> $ wbinfo --dsgetdcname=earth.milkyway.site
> \\WIN-DC01.earth.milkyway.site
> \\192.168.56.10
> 1
> 1a8b7e6c-5d41-429f-b24b-31f471b8d08b
> earth.milkyway.site
> earth.milkyway.site
> 0xe003f3fd
> Default-First-Site-Name
> Default-First-Site-Name
>
>
> As samba-gpupdate is written in Python, the question is how to do a
> dsgetdcname() from Python? Could someone give some pointers?
>
>
>
>
> Thanks
>
>
> Andreas
>
>
More information about the samba-technical
mailing list