Bug 8568 - rpcclient cannot read security log on AD server 2008r2
Summary: rpcclient cannot read security log on AD server 2008r2
Status: NEW
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.6.0
Hardware: x64 Linux
: P5 major
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2011-11-03 01:24 UTC by red
Modified: 2011-11-29 20:11 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description red 2011-11-03 01:24:42 UTC

I'm trying to access the security log on a remote AD server using rpcclient, and I'm getting "NT_STATUS_PORT_MESSAGE_TOO_LONG". I'm currently using Samba 3.6.0, however I have also tried with 3.5.11 and a git pull, with the same result.

The command I'm using: rpcclient -A /etc/rpcclient_login.auth xx.xx.xx.xx -k -c 'eventlog_readlog security'

The same problem can be found here: http://engardelinux.org/modules/index/list_archives.cgi?list=samba-users&page=0031.html&month=2011-08

Is this a bug or something that has yet to be implemented? I know eventlog_readlog used to work with older versions of samba (and older versions of windows server).

Thanks for the help,

Comment 1 Volker Lendecke 2011-11-29 20:11:50 UTC
Works fine here. Not sure it does the right thing, but I don't get the error message you cite. If you can reproduce it, can you upload a network trace of this?