[MS-GPOL] 3.2.5.1.4 Site Search
Rowland Penny
rpenny at samba.org
Tue Feb 20 08:00:57 UTC 2024
On Tue, 20 Feb 2024 08:22:45 +0100
Andreas Schneider <asn at samba.org> wrote:
> On Monday, 19 February 2024 18:47:08 CET Rowland Penny via
> samba-technical wrote:
> > On Mon, 19 Feb 2024 17:52:59 +0100
> > Andreas Schneider via samba-technical
> > <samba-technical at lists.samba.org>
> >
> > wrote:
> > > Hi,
> > >
> > > "[MS-GPOL] 3.2.5.1.4 Site Search" wants to know the site of the
> > > client.
> > >
> > > Details:
> > >
> > > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpol/
> > > c2ce6870-c863-40b0-94c1-73cf53b6e634
> > >
> > > In order to do that, it does a netr_DsRGetSiteName() on the local
> > > machine to the local rpc_server. If you sniff the network
> > > traffic, on the DC you can see that the clients rpc_server does a
> > > CLAP query:
> > >
> > > bin/ldbsearch --use-kerberos=no -H
> > > ldap://win-dc01.earth.milkyway.site - UAdministrator%Secret007!
> > > -b '' --scope=base
> > > '(&(DnsDomain=EARTH.MILKYWAY.SITE.)(Host=SAMBA1))(NtVer=0x20000016)'
> > > Netlogon # record 1 dn:
> > > Netlogon::
> > > EwBcAFwAVwBJAE4ALQBEAEMAMAAxAAAAAABFAEEAUgBUAEgAAABsfosaQV2fQrJLMfR
> > > xuNCLAAAAAAAAAAAAAAAAAAAAAAVlYXJ0aAhtaWxreXdheQRzaXRlAMBGCFdJTi1EQzAxwEYKO
> > > KjA ffMDAAMAAAD/////
> >
> > Have you tried adding '--show-binary' to your ldbsearch to see if
> > you get the result in a readable form ?
>
> I need the result in python and there ndr_unpack on the data doesn't
> work:
I meant it to check if the base64 encoded result was actually the same
as the wbinfo result, you could be going down a blind alley.
Rowland
More information about the samba-technical
mailing list