[MS-GPOL] 3.2.5.1.4 Site Search
Andreas Schneider
asn at samba.org
Thu Feb 22 14:24:55 UTC 2024
On Tuesday, 20 February 2024 17:50:09 CET Andreas Schneider via samba-
technical wrote:
> On Tuesday, 20 February 2024 14:52:05 CET Andreas Schneider wrote:
> > On Monday, 19 February 2024 17:52:59 CET Andreas Schneider via
> > samba-technical
> >
> > wrote:
> > > Hi,
> > >
> > > "[MS-GPOL] 3.2.5.1.4 Site Search" wants to know the site of the client.
> > >
> > > Details:
> > >
> > > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpol/
> > > c2ce6870-c863-40b0-94c1-73cf53b6e634
> > >
> > > In order to do that, it does a netr_DsRGetSiteName() on the local
> > > machine
> > > to the local rpc_server. If you sniff the network traffic, on the DC you
> > > can see that the clients rpc_server does a CLAP query:
> > >
> > > bin/ldbsearch --use-kerberos=no -H ldap://win-dc01.earth.milkyway.site -
> > > UAdministrator%Secret007! -b '' --scope=base
> > > '(&(DnsDomain=EARTH.MILKYWAY.SITE.)(Host=SAMBA1))(NtVer=0x20000016)'
> > > Netlogon # record 1
> > > dn:
> > > Netlogon::
> > > EwBcAFwAVwBJAE4ALQBEAEMAMAAxAAAAAABFAEEAUgBUAEgAAABsfosaQV2fQrJLMfR
> > > xuNCLAAAAAAAAAAAAAAAAAAAAAAVlYXJ0aAhtaWxreXdheQRzaXRlAMBGCFdJTi1EQzAxwEY
> > > KO
> > > K
> > > jA ffMDAAMAAAD/////
> > >
> > > # returned 1 records
> > > # 1 entries
> > > # 0 referrals
> > >
> > > I think this is actually the same as:
> > >
> > >
> > > $ wbinfo --dsgetdcname=earth.milkyway.site
> > > \\WIN-DC01.earth.milkyway.site
> > > \\192.168.56.10
> > > 1
> > > 1a8b7e6c-5d41-429f-b24b-31f471b8d08b
> > > earth.milkyway.site
> > > earth.milkyway.site
> > > 0xe003f3fd
> > > Default-First-Site-Name
> > > Default-First-Site-Name
> > >
> > >
> > > As samba-gpupdate is written in Python, the question is how to do a
> > > dsgetdcname() from Python? Could someone give some pointers?
> >
> > librpc/ndr/ndr_nbt.c has ndr_pull_netlogon_samlogon_response()
> >
> > However there is no unpack function available in
> >
> > bin/default/librpc/gen_ndr/py_nbt.c for that. I can find the union etc.
> > but
> > the unpack seems to be missing. How do I get that?
>
> With the help of Günther I got it working in python. However I have a
> etlogon_samlogon_response_union now, how do I get a
> NETLOGON_SAM_LOGON_RESPONSE_Type out of that now?
>
> samlogon_response.ntver gives me the union level, how do I convert the
> samlogon_response.data to NETLOGON_SAM_LOGON_RESPONSE?
I figured it out in the meantime. It isn't really clear how this works from
looking at the code, but ntver is the union level and that needs to be set
correctly.
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list