I'm trying to access the security log on a remote AD server using rpcclient, and I'm getting "NT_STATUS_PORT_MESSAGE_TOO_LONG". I'm currently using Samba 3.6.0, however I have also tried with 3.5.11 and a git pull, with the same result.
The command I'm using: rpcclient -A /etc/rpcclient_login.auth xx.xx.xx.xx -k -c 'eventlog_readlog security'
The same problem can be found here: http://engardelinux.org/modules/index/list_archives.cgi?list=samba-users&page=0031.html&month=2011-08
Is this a bug or something that has yet to be implemented? I know eventlog_readlog used to work with older versions of samba (and older versions of windows server).
Thanks for the help,
Works fine here. Not sure it does the right thing, but I don't get the error message you cite. If you can reproduce it, can you upload a network trace of this?