Bug 11392 - Joining a Huawai storage fails: empty CLDAP ping answer
Joining a Huawai storage fails: empty CLDAP ping answer
Product: Samba 4.1 and newer
Classification: Unclassified
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2015-07-08 10:14 UTC by Arvid Requate
Modified: 2015-07-10 01:46 UTC (History)
1 user (show)

See Also:

0001-s4-dsdb-netlogon-allow-missing-ntver-in-cldap-ping.patch (1.14 KB, patch)
2015-07-08 10:14 UTC, Arvid Requate
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate 2015-07-08 10:14:39 UTC
Created attachment 11241 [details]

Seen in the wild: A Huawai storage array performs the initial CLDAP ping without NtVer in the filter. Samba doesn't send a searchResEntry in this case, only the searchResResult (success).

[MS-ADTS] sect. "Domain Controller Response to an LDAP Ping" specifies that in this case the DC should answer normally with a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure.

The attached patch fixes the problem, verified with examples/misc/cldap.pl as well as with that Huawai device.
Comment 1 Andrew Bartlett 2015-07-08 21:35:16 UTC
In addition to this patch, the testsuite needs to be modified to cover the same case, so we don't regress here.

Once that is done, I'll be very glad to ask for a second review and get this into master.