[MS-GPOL] 3.2.5.1.4 Site Search

Andreas Schneider asn at samba.org
Tue Feb 20 16:50:09 UTC 2024 

On Tuesday, 20 February 2024 14:52:05 CET Andreas Schneider wrote:
> On Monday, 19 February 2024 17:52:59 CET Andreas Schneider via
> samba-technical
> wrote:
> > Hi,
> > 
> > "[MS-GPOL] 3.2.5.1.4 Site Search" wants to know the site of the client.
> > 
> > Details:
> > 
> > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpol/
> > c2ce6870-c863-40b0-94c1-73cf53b6e634
> > 
> > In order to do that, it does a netr_DsRGetSiteName() on the local machine
> > to the local rpc_server. If you sniff the network traffic, on the DC you
> > can see that the clients rpc_server does a CLAP query:
> > 
> > bin/ldbsearch --use-kerberos=no -H ldap://win-dc01.earth.milkyway.site -
> > UAdministrator%Secret007! -b '' --scope=base
> > '(&(DnsDomain=EARTH.MILKYWAY.SITE.)(Host=SAMBA1))(NtVer=0x20000016)'
> > Netlogon # record 1
> > dn:
> > Netlogon::
> > EwBcAFwAVwBJAE4ALQBEAEMAMAAxAAAAAABFAEEAUgBUAEgAAABsfosaQV2fQrJLMfR
> > xuNCLAAAAAAAAAAAAAAAAAAAAAAVlYXJ0aAhtaWxreXdheQRzaXRlAMBGCFdJTi1EQzAxwEYKO
> > K
> > jA ffMDAAMAAAD/////
> > 
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> > 
> > I think this is actually the same as:
> > 
> > 
> > $ wbinfo --dsgetdcname=earth.milkyway.site
> > \\WIN-DC01.earth.milkyway.site
> > \\192.168.56.10
> > 1
> > 1a8b7e6c-5d41-429f-b24b-31f471b8d08b
> > earth.milkyway.site
> > earth.milkyway.site
> > 0xe003f3fd
> > Default-First-Site-Name
> > Default-First-Site-Name
> > 
> > 
> > As samba-gpupdate is written in Python, the question is how to do a
> > dsgetdcname() from Python? Could someone give some pointers?
> 
> librpc/ndr/ndr_nbt.c has ndr_pull_netlogon_samlogon_response()
> 
> However there is no unpack function available in
> 
> bin/default/librpc/gen_ndr/py_nbt.c for that. I can find the union etc. but
> the unpack seems to be missing. How do I get that?

With the help of Günther I got it working in python. However I have a 
etlogon_samlogon_response_union now, how do I get a 
NETLOGON_SAM_LOGON_RESPONSE_Type out of that now?

samlogon_response.ntver gives me the union level, how do I convert the 
samlogon_response.data to NETLOGON_SAM_LOGON_RESPONSE?



-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba-technical mailing list