[MS-GPOL] 3.2.5.1.4 Site Search
Andreas Schneider
asn at samba.org
Tue Feb 20 07:22:45 UTC 2024
On Monday, 19 February 2024 18:47:08 CET Rowland Penny via samba-technical
wrote:
> On Mon, 19 Feb 2024 17:52:59 +0100
> Andreas Schneider via samba-technical <samba-technical at lists.samba.org>
>
> wrote:
> > Hi,
> >
> > "[MS-GPOL] 3.2.5.1.4 Site Search" wants to know the site of the
> > client.
> >
> > Details:
> >
> > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpol/
> > c2ce6870-c863-40b0-94c1-73cf53b6e634
> >
> > In order to do that, it does a netr_DsRGetSiteName() on the local
> > machine to the local rpc_server. If you sniff the network traffic, on
> > the DC you can see that the clients rpc_server does a CLAP query:
> >
> > bin/ldbsearch --use-kerberos=no -H
> > ldap://win-dc01.earth.milkyway.site - UAdministrator%Secret007! -b ''
> > --scope=base
> > '(&(DnsDomain=EARTH.MILKYWAY.SITE.)(Host=SAMBA1))(NtVer=0x20000016)'
> > Netlogon # record 1 dn:
> > Netlogon::
> > EwBcAFwAVwBJAE4ALQBEAEMAMAAxAAAAAABFAEEAUgBUAEgAAABsfosaQV2fQrJLMfR
> > xuNCLAAAAAAAAAAAAAAAAAAAAAAVlYXJ0aAhtaWxreXdheQRzaXRlAMBGCFdJTi1EQzAxwEYKO
> > KjA ffMDAAMAAAD/////
>
> Have you tried adding '--show-binary' to your ldbsearch to see if you
> get the result in a readable form ?
I need the result in python and there ndr_unpack on the data doesn't work:
{'val': <nbt.NETLOGON_SAM_LOGON_RESPONSE talloc based object at
0x561bae0c4c60>}
python doesn't really understand the result.
> Rowland
>
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> >
> > I think this is actually the same as:
> >
> >
> > $ wbinfo --dsgetdcname=earth.milkyway.site
> > \\WIN-DC01.earth.milkyway.site
> > \\192.168.56.10
> > 1
> > 1a8b7e6c-5d41-429f-b24b-31f471b8d08b
> > earth.milkyway.site
> > earth.milkyway.site
> > 0xe003f3fd
> > Default-First-Site-Name
> > Default-First-Site-Name
> >
> >
> > As samba-gpupdate is written in Python, the question is how to do a
> > dsgetdcname() from Python? Could someone give some pointers?
> >
> >
> >
> >
> > Thanks
> >
> > Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list