Markus Moeller
2013-Dec-24 14:57 UTC
[Samba] LDAP server listening on UDP for resource location
Hi,
If I understand the MS documentation right a Windows desktop uses DNS (or
WINS) to determine a DC and then connects to the ldap udp port 389 to get
further details about the DC. I do not want to run a full DC but only a
"simple" Heimdal or MIT kdc for Browser Negotiate authentication.
Does
Samba include such a standalone ldap service which just returns the only
supported service is the KDC ?
This is what an AD server would return.
No. Time Source Destination Protocol
Length Info
27962 140.948665000 192.168.1.12 192.168.1.41 CLDAP
217 searchResEntry(3) " <ROOT>" searchResDone(3) success [1
result]
Frame 27962: 217 bytes on wire (1736 bits), 217 bytes captured (1736 bits)
on interface 0
Ethernet II, Src: Vmware_72:06:06 (00:0c:29:72:06:06), Dst: Vmware_06:a9:58
(00:0c:29:06:a9:58)
Internet Protocol Version 4, Src: 192.168.1.12 (192.168.1.12), Dst:
192.168.1.41 (192.168.1.41)
User Datagram Protocol, Src Port: ldap (389), Dst Port: 65146 (65146)
Connectionless Lightweight Directory Access Protocol
LDAPMessage searchResEntry(3) "<ROOT>" [1 result]
messageID: 3
protocolOp: searchResEntry (4)
searchResEntry
objectName:
attributes: 1 item
PartialAttributeList item netlogon
type: netlogon
vals: 1 item
Operation code: LOGON_SAM_LOGON_RESPONSE_EX (23)
Flags: 0x000003fd (Good Time Serv, Writable,
Closest, Time Serv, KDC, DS, LDAP, GC, PDC)
0... .... .... .... .... .... .... .... =
FDC: The NC is not the defau lt forest NC (Windows 2008)
.0.. .... .... .... .... .... .... .... =
DNC: The NC is not the defau lt NC (Windows 2008)
..0. .... .... .... .... .... .... .... =
DNS: Server name is not in D NS format (Windows 2008)
.... .... .... .... ...0 .... .... .... =
WDC: Domain controller is no t a Windows 2008 writable NC
.... .... .... .... .... 0... .... .... =
RODC: Domain controller is n ot a Windows 2008 RODC
.... .... .... .... .... .0.. .... .... =
NDNC: Domain is NOT non-doma in nc serviced by ldap server
.... .... .... .... .... ..1. .... .... =
Good Time Serv: This dc has a GOOD TIME SERVICE (i.e. hardware clock)
.... .... .... .... .... ...1 .... .... =
Writable: This dc is WRITABL E
.... .... .... .... .... .... 1... .... =
Closest: This server is in t he same site as the client
.... .... .... .... .... .... .1.. .... =
Time Serv: This dc is runnin g TIME SERVICES (ntp)
.... .... .... .... .... .... ..1. .... =
KDC: This is a KDC (kerberos )
.... .... .... .... .... .... ...1 .... =
DS: This dc supports DS
.... .... .... .... .... .... .... 1... =
LDAP: This is an LDAP server
.... .... .... .... .... .... .... .1.. =
GC: This is a GLOBAL CATALOG UE of forest
.... .... .... .... .... .... .... ...1 =
PDC: This is a PDC
Domain GUID:
d8839f28-e0ed-4200-8686-18bae802a81c
Forest: win2003r2.home
Domain: win2003r2.home
Hostname: w2k3r2.win2003r2.home
NetBIOS Domain: WIN2003R2
NetBIOS Hostname: W2K3R2
Username:
Server Site: Default-First-Site-Name
Client Site: Default-First-Site-Name
Version Flags: 0x00000005 (V1, V5EX)
LM Token: 0xffff
NT Token: 0xffff
[Response To: 27961]
[Time: 0.001009000 seconds]
LDAPMessage searchResDone(3) success [1 result]
messageID: 3
protocolOp: searchResDone (5)
searchResDone
resultCode: success (0)
matchedDN:
errorMessage:
[Response To: 27961]
[Time: 0.001009000 seconds]
Thank you
Markus
Maybe Matching Threads
Wisdom of the Ancients
