The Samba-Bugzilla – Attachment 10228 Details for
Bug 10784
Using NTLM_AUTH does not authenticate against 2012 R2 domain server.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Winbindd in debug level 10 mode while request is made
winbindd-windows-client.log (text/x-log), 107.72 KB, created by
David Hubner
on 2014-08-26 11:06:19 UTC
(
hide
)
Description:
Winbindd in debug level 10 mode while request is made
Filename:
MIME Type:
Creator:
David Hubner
Created:
2014-08-26 11:06:19 UTC
Size:
107.72 KB
patch
obsolete
>INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 >Maximum core file size limits now 1024000000(soft) 1024000000(hard) >winbindd version 4.1.9 started. >Copyright Andrew Tridgell and the Samba Team 1992-2013 >lp_load_ex: refreshing parameters >Initialising global parameters >rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 >params.c:pm_process() - Processing configuration file "/var/samba/MAINT.INTERNAL/smb.conf" >Processing section "[global]" >doing parameter security = ads >doing parameter client use spnego = yes >doing parameter disable netbios = yes >doing parameter winbind use default domain = yes >doing parameter winbindd:socket dir = /var/samba/MAINT.INTERNAL >doing parameter lock directory = /var/samba/MAINT.INTERNAL >doing parameter private dir = /var/samba/MAINT.INTERNAL >doing parameter pid directory = /var/samba/MAINT.INTERNAL >doing parameter netbios name = diag >doing parameter state directory = /var/samba/MAINT.INTERNAL >doing parameter cache directory = /var/samba/MAINT.INTERNAL >doing parameter realm = MAINT.INTERNAL >doing parameter workgroup = MAINT >pm_process() returned Yes >lp_servicenumber: couldn't find homes >Maximum core file size limits now 1024000000(soft) 1024000000(hard) >Registering messaging pointer for type 2 - private_data=(nil) >Registering messaging pointer for type 9 - private_data=(nil) >Registered MSG_REQ_POOL_USAGE >Registering messaging pointer for type 11 - private_data=(nil) >Registering messaging pointer for type 12 - private_data=(nil) >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 5 - private_data=(nil) >lp_load_ex: refreshing parameters >Freeing parametrics: >Initialising global parameters >rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 >params.c:pm_process() - Processing configuration file "/var/samba/MAINT.INTERNAL/smb.conf" >Processing section "[global]" >doing parameter security = ads >doing parameter client use spnego = yes >doing parameter disable netbios = yes >doing parameter winbind use default domain = yes >doing parameter winbindd:socket dir = /var/samba/MAINT.INTERNAL >doing parameter lock directory = /var/samba/MAINT.INTERNAL >doing parameter private dir = /var/samba/MAINT.INTERNAL >doing parameter pid directory = /var/samba/MAINT.INTERNAL >doing parameter netbios name = diag >doing parameter state directory = /var/samba/MAINT.INTERNAL >doing parameter cache directory = /var/samba/MAINT.INTERNAL >doing parameter realm = MAINT.INTERNAL >doing parameter workgroup = MAINT >pm_process() returned Yes >lp_servicenumber: couldn't find homes >added interface ethA ip=172.16.0.3 bcast=172.16.0.255 netmask=255.255.255.0 >Netbios name list:- >my_netbios_names[0]="DIAG" >added interface ethA ip=172.16.0.3 bcast=172.16.0.255 netmask=255.255.255.0 >fcntl_lock 9 6 0 1 1 >fcntl_lock: Lock call successful >TimeInit: Serverzone is -3600 >initialize_winbindd_cache: clearing cache and re-creating with version number 2 >check lock order 2 for /var/samba/MAINT.INTERNAL/serverid.tdb >lock order: 1:<none> 2:/var/samba/MAINT.INTERNAL/serverid.tdb 3:<none> >Locking key B717000000000000FFFF >Allocated locked data 0x0x7f57222a4d20 >Unlocking key B717000000000000FFFF >release lock order 2 for /var/samba/MAINT.INTERNAL/serverid.tdb >lock order: 1:<none> 2:<none> 3:<none> >Registering messaging pointer for type 33 - private_data=(nil) >Registering messaging pointer for type 13 - private_data=(nil) >Registering messaging pointer for type 1028 - private_data=(nil) >Registering messaging pointer for type 1027 - private_data=(nil) >Registering messaging pointer for type 1029 - private_data=(nil) >Registering messaging pointer for type 1036 - private_data=(nil) >Registering messaging pointer for type 1035 - private_data=(nil) >Registering messaging pointer for type 1280 - private_data=(nil) >Registering messaging pointer for type 1032 - private_data=(nil) >Registering messaging pointer for type 1033 - private_data=(nil) >Registering messaging pointer for type 1034 - private_data=(nil) >Registering messaging pointer for type 1 - private_data=(nil) >Overriding messaging pointer for type 1 - private_data=(nil) >wcache_tdc_add_domain: Adding domain BUILTIN ((null)), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 1 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >idmap config BUILTIN : range = not defined >Added domain BUILTIN (null) S-1-5-32 >wcache_tdc_add_domain: Adding domain DIAG ((null)), SID S-1-5-21-1867447428-2365053836-1320146663, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 2 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain DIAG (UNKNOWN) >idmap config DIAG : range = not defined >Added domain DIAG (null) S-1-5-21-1867447428-2365053836-1320146663 >wcache_tdc_add_domain: Adding domain MAINT (MAINT.INTERNAL), SID S-1-5-21-4081593310-1799636251-3851585506, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 3 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain DIAG (UNKNOWN) >pack_tdc_domains: Packing domain MAINT (MAINT.INTERNAL) >idmap config MAINT : range = not defined >Added domain MAINT MAINT.INTERNAL S-1-5-21-4081593310-1799636251-3851585506 >set_domain_online_request: called for domain MAINT >set_domain_online_request: domain MAINT was globally offline. >fork_domain_child called for domain 'MAINT' >Child process 6072 >Deregistering messaging pointer for type 33 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Deregistering messaging pointer for type 1036 - private_data=(nil) >Deregistering messaging pointer for type 1035 - private_data=(nil) >Registering messaging pointer for type 1028 - private_data=(nil) >Registering messaging pointer for type 1027 - private_data=(nil) >Registering messaging pointer for type 1280 - private_data=(nil) >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 1034 - private_data=(nil) >Overriding messaging pointer for type 1034 - private_data=(nil) >set_domain_online_request: called for domain MAINT >set_domain_online_request: domain MAINT was globally offline. >password last changed 2014/08/21 17:12:12 >password valid until 2014/08/28 17:12:12 >machine password still valid until: Thu, 28 Aug 2014 17:12:12 BST >child daemon request 51 >child_process_request: request fn INIT_CONNECTION >connection_ok: Connection to (null) for domain MAINT is not connected >Opening cache file at /var/samba/MAINT.INTERNAL/gencache.tdb >Opening cache file at /var/samba/MAINT.INTERNAL/gencache_notrans.tdb >saf_fetch: Returning "AD2012.maint.internal" for "MAINT" domain >check_negative_conn_cache returning result 0 for domain MAINT server AD2012.maint.internal >cm_open_connection: saf_servername is 'AD2012.maint.internal' for domain MAINT >cm_open_connection: dcname is 'AD2012.maint.internal' for domain MAINT >check_negative_conn_cache returning result 0 for domain MAINT server AD2012.maint.internal >sitename_fetch: Returning sitename for MAINT.INTERNAL: "Default-First-Site-Name" >internal_resolve_name: looking up AD2012.maint.internal#20 (sitename Default-First-Site-Name) >name AD2012.maint.internal#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Connecting to 172.16.0.2 at port 445 >cm_prepare_connection: connecting to DC AD2012.maint.internal for domain MAINT >connecting to AD2012.maint.internal from DIAG with kerberos principal [DIAG$@MAINT.INTERNAL] and realm [MAINT.INTERNAL] >Doing spnego session setup (blob length=120) >got OID=1.3.6.1.4.1.311.2.2.30 >got OID=1.2.840.48018.1.2.2 >got OID=1.2.840.113554.1.2.2 >got OID=1.2.840.113554.1.2.2.3 >got OID=1.3.6.1.4.1.311.2.2.10 >got principal=not_defined_in_RFC4178@please_ignore >kerberos_kinit_password: as DIAG$@MAINT.INTERNAL using [MEMORY:cliconnect] as ccache and config [(null)] >cli_session_setup_spnego: using target hostname not SPNEGO principal >cli_session_setup_spnego: guessed server principal=cifs/AD2012.maint.internal@MAINT.INTERNAL >Doing kerberos session setup >ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Fri, 22 Aug 2014 21:14:10 BST >ads_krb5_mk_req: Ticket (cifs/AD2012.maint.internal@MAINT.INTERNAL) in ccache (MEMORY:cliconnect) is valid until: (Fri, 22 Aug 2014 21:14:10 BST - 1408738450) >ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >Got KRB5 session key of length 32 >smb_signing_sign_pdu: sent SMB signature of >[0000] 42 53 52 53 50 59 4C 20 BSRSPYL >smb_signing_activate: user_session_key >[0000] D6 AC B9 EC 0A 4E 43 7B 38 8B 07 C3 D2 21 4C C8 .....NC{ 8....!L. >[0010] 52 80 68 E8 8D BA 9A 8E 07 BD 8D 86 E2 6A 61 71 R.h..... .....jaq >smb_signing_activate: NULL response_data >smb_signing_md5: sequence number 1 >smb_signing_check_pdu: seq 1: got good SMB signature of >[0000] 6F 2F AC 6A 91 C4 8D 13 o/.j.... >cli_init_creds: user DIAG$ domain MAINT >saf_store: domain = [MAINT], server = [AD2012.maint.internal], expire = [1408703350] >Adding cache entry with key=[SAF/DOMAIN/MAINT] and timeout=[Fri Aug 22 11:29:10 2014 BST] (900 seconds ahead) >saf_store: domain = [MAINT.INTERNAL], server = [AD2012.maint.internal], expire = [1408703350] >Adding cache entry with key=[SAF/DOMAIN/MAINT.INTERNAL] and timeout=[Fri Aug 22 11:29:10 2014 BST] (900 seconds ahead) >smb_signing_md5: sequence number 2 >smb_signing_sign_pdu: sent SMB signature of >[0000] CE 40 0F 56 C3 C8 AD 25 .@.V...% >smb_signing_md5: sequence number 3 >smb_signing_check_pdu: seq 3: got good SMB signature of >[0000] 5E 0C ED 39 B4 45 81 09 ^..9.E.. >set_global_winbindd_state_online: online requested. >set_global_winbindd_state_online: rejecting. >set_domain_online: called for domain MAINT >messaging_tdb_store: > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_WINBIND_DOMAIN_ONLINE (1035) > dest: struct server_id > pid : 0x00000000000017b7 (6071) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x00000000000017b8 (6072) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > buf : DATA_BLOB length=6 >[0000] 4D 41 49 4E 54 00 MAINT. >Did not store value for CURRENT_DCNAME/MAINT, we already got it >set_dc_type_and_flags: setting up flags for primary domain >set_dc_type_and_flags_connect: domain MAINT >message_dispatch: received_messages = 1 >smb_signing_md5: sequence number 4 >smb_signing_sign_pdu: sent SMB signature of >[0000] 06 9E 32 BC 1A 9A 38 3A ..2...8: > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_WINBIND_DOMAIN_ONLINE (1035) > dest: struct server_id > pid : 0x00000000000017b7 (6071) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x00000000000017b8 (6072) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > buf : DATA_BLOB length=6 >[0000] 4D 41 49 4E 54 00 MAINT. >smb_signing_md5: sequence number 5 >Domain MAINT is marked as online now. >[0000] 8B D3 00 D4 25 F5 E8 30 ....%..0 >Bind RPC Pipe: host AD2012.maint.internal auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 3919286a-b10c-11d0-9ba8-00c04fd92ef5 > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 6 >smb_signing_sign_pdu: sent SMB signature of >[0000] 9D 0B 9F E4 DA 46 9D B7 .....F.. >smb_signing_md5: sequence number 7 >smb_signing_check_pdu: seq 7: got good SMB signature of >[0000] 7B 6C 0B 78 69 77 DD F9 {l.xiw.. >rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00007b01 (31489) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] A9 94 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine AD2012.maint.internal and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000002 (2) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=26, this_data=26, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 8 >smb_signing_sign_pdu: sent SMB signature of >[0000] AD 0E 8F 83 17 47 92 A0 .....G.. >smb_signing_md5: sequence number 9 >smb_signing_check_pdu: seq 9: got good SMB signature of >[0000] 0C 02 1D 08 7A 43 64 D3 ....zCd. >rpc_read_send: data_to_read: 168 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00b8 (184) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000a0 (160) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=160 >[0000] 00 00 02 00 01 00 00 00 05 00 00 00 01 00 00 01 ........ ........ >[0010] 04 00 02 00 08 00 02 00 0C 00 02 00 E4 05 B3 33 ........ .......3 >[0020] 4C D4 89 4F A3 A9 A4 A1 EE 51 7E 2B 06 00 00 00 L..O.... .Q~+.... >[0030] 00 00 00 00 06 00 00 00 4D 00 41 00 49 00 4E 00 ........ M.A.I.N. >[0040] 54 00 00 00 0F 00 00 00 00 00 00 00 0F 00 00 00 T....... ........ >[0050] 6D 00 61 00 69 00 6E 00 74 00 2E 00 69 00 6E 00 m.a.i.n. t...i.n. >[0060] 74 00 65 00 72 00 6E 00 61 00 6C 00 00 00 00 00 t.e.r.n. a.l..... >[0070] 0F 00 00 00 00 00 00 00 0F 00 00 00 6D 00 61 00 ........ ....m.a. >[0080] 69 00 6E 00 74 00 2E 00 69 00 6E 00 74 00 65 00 i.n.t... i.n.t.e. >[0090] 72 00 6E 00 61 00 6C 00 00 00 00 00 00 00 00 00 r.n.a.l. ........ >Got pdu len 184, data_len 160, ss_len 0 >rpc_api_pipe: got frag len of 184 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 160 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000001 (16777217) > 1: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'MAINT' > dns_domain : * > dns_domain : 'maint.internal' > forest : * > forest : 'maint.internal' > domain_guid : 33b305e4-d44c-4f89-a3a9-a4a1ee517e2b > result : WERR_OK >smb_signing_md5: sequence number 10 >smb_signing_sign_pdu: sent SMB signature of >[0000] 44 40 15 71 D1 72 FC BE D@.q.r.. >smb_signing_md5: sequence number 11 >smb_signing_check_pdu: seq 11: got good SMB signature of >[0000] 5E F8 A3 58 54 1D 11 D1 ^..XT... >smb_signing_md5: sequence number 12 >smb_signing_sign_pdu: sent SMB signature of >[0000] E6 A0 0E 3A D7 90 F8 AB ...:.... >smb_signing_md5: sequence number 13 >smb_signing_check_pdu: seq 13: got good SMB signature of >[0000] 82 CF CE 66 4F 84 8B FF ...fO... >Bind RPC Pipe: host AD2012.maint.internal auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 14 >smb_signing_sign_pdu: sent SMB signature of >[0000] B7 0B C5 97 4A A3 13 8B ....J... >smb_signing_md5: sequence number 15 >smb_signing_check_pdu: seq 15: got good SMB signature of >[0000] C6 4C A5 97 C6 71 CF C8 .L...q.. >rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00007b02 (31490) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 00 01 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine AD2012.maint.internal and bound anonymously. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\AD2012.MAINT.INTERNAL' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000064 (100) > context_id : 0x0000 (0) > opnum : 0x002c (44) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=124, this_data=124, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 16 >smb_signing_sign_pdu: sent SMB signature of >[0000] 58 68 8F 99 F1 97 5D BA Xh....]. >smb_signing_md5: sequence number 17 >smb_signing_check_pdu: seq 17: got good SMB signature of >[0000] 56 19 EB 92 32 21 76 64 V...2!vd >rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 3E E2 B4 96 65 4B C8 49 A0 5A 45 E6 ....>... eK.I.ZE. >[0010] 59 BB BD B8 00 00 00 00 Y....... >Got pdu len 48, data_len 24, ss_len 0 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 24 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 96b4e23e-4b65-49c8-a05a-45e659bbbdb8 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 96b4e23e-4b65-49c8-a05a-45e659bbbdb8 > level : LSA_POLICY_INFO_DNS (12) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x002e (46) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 18 >smb_signing_sign_pdu: sent SMB signature of >[0000] DE 08 BF 66 3E 76 CD 3C ...f>v.< >smb_signing_md5: sequence number 19 >smb_signing_check_pdu: seq 19: got good SMB signature of >[0000] 88 33 DB EE 27 F6 B2 8B .3..'... >rpc_read_send: data_to_read: 196 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d4 (212) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000bc (188) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=188 >[0000] 00 00 02 00 0C 00 00 00 0A 00 0C 00 04 00 02 00 ........ ........ >[0010] 1C 00 1E 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ........ ........ >[0020] E4 05 B3 33 4C D4 89 4F A3 A9 A4 A1 EE 51 7E 2B ...3L..O .....Q~+ >[0030] 10 00 02 00 06 00 00 00 00 00 00 00 05 00 00 00 ........ ........ >[0040] 4D 00 41 00 49 00 4E 00 54 00 00 00 0F 00 00 00 M.A.I.N. T....... >[0050] 00 00 00 00 0E 00 00 00 6D 00 61 00 69 00 6E 00 ........ m.a.i.n. >[0060] 74 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 t...i.n. t.e.r.n. >[0070] 61 00 6C 00 0F 00 00 00 00 00 00 00 0E 00 00 00 a.l..... ........ >[0080] 6D 00 61 00 69 00 6E 00 74 00 2E 00 69 00 6E 00 m.a.i.n. t...i.n. >[0090] 74 00 65 00 72 00 6E 00 61 00 6C 00 04 00 00 00 t.e.r.n. a.l..... >[00A0] 01 04 00 00 00 00 00 05 15 00 00 00 DE 2B 48 F3 ........ .....+H. >[00B0] 1B 45 44 6B E2 87 92 E5 00 00 00 00 .EDk.... .... >Got pdu len 212, data_len 188, ss_len 0 >rpc_api_pipe: got frag len of 212 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 188 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x000a (10) > size : 0x000c (12) > string : * > string : 'MAINT' > dns_domain: struct lsa_StringLarge > length : 0x001c (28) > size : 0x001e (30) > string : * > string : 'maint.internal' > dns_forest: struct lsa_StringLarge > length : 0x001c (28) > size : 0x001e (30) > string : * > string : 'maint.internal' > domain_guid : 33b305e4-d44c-4f89-a3a9-a4a1ee517e2b > sid : * > sid : S-1-5-21-4081593310-1799636251-3851585506 > result : NT_STATUS_OK >set_dc_type_and_flags_connect: domain MAINT is in native mode. >set_dc_type_and_flags_connect: domain MAINT is running active directory. >smb_signing_md5: sequence number 20 >smb_signing_sign_pdu: sent SMB signature of >[0000] 6D A3 9E AA 8D 4F 35 33 m....O53 >smb_signing_md5: sequence number 21 >smb_signing_check_pdu: seq 21: got good SMB signature of >[0000] D4 76 50 25 2A 04 3C AE .vP%*.<. >Finished processing child request 51 >Writing 3496 bytes to parent >child daemon request 20 >child_process_request: request fn LIST_TRUSTDOM >[ 6071]: list trusted domains >get_cache: Setting ADS methods for domain MAINT >trusted_domains: [Cached] - doing backend query for info for domain MAINT >ads: trusted_domains >smb_signing_md5: sequence number 22 >smb_signing_sign_pdu: sent SMB signature of >[0000] C5 16 A0 D2 BC 1F C2 28 .......( >smb_signing_md5: sequence number 23 >smb_signing_check_pdu: seq 23: got good SMB signature of >[0000] C1 54 FD 9F 52 F4 C0 3A .T..R..: >Bind RPC Pipe: host AD2012.maint.internal auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 24 >smb_signing_sign_pdu: sent SMB signature of >[0000] 1B 51 4F 2E 4E 48 E7 87 .QO.NH.. >smb_signing_md5: sequence number 25 >smb_signing_check_pdu: seq 25: got good SMB signature of >[0000] F4 97 C2 70 25 09 C4 C6 ...p%... >rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00007b03 (31491) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 02 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe \netlogon to machine AD2012.maint.internal and bound anonymously. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > in: struct netr_ServerReqChallenge > server_name : * > server_name : '\\AD2012.MAINT.INTERNAL' > computer_name : * > computer_name : 'DIAG' > credentials : * > credentials: struct netr_Credential > data : 48ca07753730d94e > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000005e (94) > context_id : 0x0000 (0) > opnum : 0x0004 (4) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=118, this_data=118, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 26 >smb_signing_sign_pdu: sent SMB signature of >[0000] FB B9 DD B7 19 5D 8F BD .....].. >smb_signing_md5: sequence number 27 >smb_signing_check_pdu: seq 27: got good SMB signature of >[0000] BC DE 41 EA 9C 18 11 68 ..A....h >rpc_read_send: data_to_read: 20 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=12 >[0000] 71 8B C7 8D 1A 39 D3 55 00 00 00 00 q....9.U .... >Got pdu len 36, data_len 12, ss_len 0 >rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 12 bytes. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > out: struct netr_ServerReqChallenge > return_credentials : * > return_credentials: struct netr_Credential > data : 718bc78d1a39d355 > result : NT_STATUS_OK > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > in: struct netr_ServerAuthenticate2 > server_name : * > server_name : '\\AD2012.MAINT.INTERNAL' > account_name : * > account_name : 'DIAG$' > secure_channel_type : SEC_CHAN_WKSTA (2) > computer_name : * > computer_name : 'DIAG' > credentials : * > credentials: struct netr_Credential > data : 30a2f863482544ea > negotiate_flags : * > negotiate_flags : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000080 (128) > context_id : 0x0000 (0) > opnum : 0x000f (15) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=152, this_data=152, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 28 >smb_signing_sign_pdu: sent SMB signature of >[0000] 9B B1 15 A5 22 8A FF 62 ...."..b >smb_signing_md5: sequence number 29 >smb_signing_check_pdu: seq 29: got good SMB signature of >[0000] 3D B2 0A FA 25 58 50 EC =...%XP. >rpc_read_send: data_to_read: 24 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0028 (40) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000010 (16) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=16 >[0000] 09 C6 81 9B 43 7D 64 89 FF FF 0F 61 00 00 00 00 ....C}d. ...a.... >Got pdu len 40, data_len 16, ss_len 0 >rpc_api_pipe: got frag len of 40 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 16 bytes. > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > out: struct netr_ServerAuthenticate2 > return_credentials : * > return_credentials: struct netr_Credential > data : 09c6819b437d6489 > negotiate_flags : * > negotiate_flags : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > result : NT_STATUS_OK >rpccli_netlogon_setup_creds: server AD2012.maint.internal credential chain established. >smb_signing_md5: sequence number 30 >smb_signing_sign_pdu: sent SMB signature of >[0000] B8 2B 74 9A 07 07 CF 8B .+t..... >smb_signing_md5: sequence number 31 >smb_signing_check_pdu: seq 31: got good SMB signature of >[0000] CA 8A 82 30 59 D6 54 BC ...0Y.T. >Bind RPC Pipe: host AD2012.maint.internal auth_type 68, auth_level 6 > r: struct NL_AUTH_MESSAGE > MessageType : NL_NEGOTIATE_REQUEST (0x0) > Flags : 0x00000003 (3) > 1: NL_FLAG_OEM_NETBIOS_DOMAIN_NAME > 1: NL_FLAG_OEM_NETBIOS_COMPUTER_NAME > 0: NL_FLAG_UTF8_DNS_DOMAIN_NAME > 0: NL_FLAG_UTF8_DNS_HOST_NAME > 0: NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME > oem_netbios_domain : 'MAINT' > oem_netbios_computer : 'DIAG' > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=19 >[0000] 00 00 00 00 03 00 00 00 4D 41 49 4E 54 00 44 49 ........ MAINT.DI >[0010] 41 47 00 AG. > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0063 (99) > auth_length : 0x0013 (19) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=27 >[0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ >[0010] 4D 41 49 4E 54 00 44 49 41 47 00 MAINT.DI AG. >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=99, this_data=99, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 32 >smb_signing_sign_pdu: sent SMB signature of >[0000] AE 10 79 E0 BD 7D C4 A1 ..y..}.. >smb_signing_md5: sequence number 33 >smb_signing_check_pdu: seq 33: got good SMB signature of >[0000] BB A4 97 2E AF C5 AA 42 .......B >rpc_read_send: data_to_read: 72 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x000c (12) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00007b04 (31492) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 91 4C .L > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=20 >[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ >[0010] 00 00 00 00 .... >rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 88 bytes. >check_bind_response: accepted! > seed 63f8a230:ea442548 > seed+time b7efba24:ea442548 > CLIENT 35d7795c:a70ccacf > seed+time+1 b7efba25:ea442548 > SERVER 43d9b35d:86d3f132 > netr_LogonGetCapabilities: struct netr_LogonGetCapabilities > in: struct netr_LogonGetCapabilities > server_name : * > server_name : '\\AD2012.MAINT.INTERNAL' > computer_name : * > computer_name : 'DIAG' > credential : * > credential: struct netr_Authenticator > cred: struct netr_Credential > data : 5c79d735cfca0ca7 > timestamp : Fri Aug 22 11:14:12 2014 BST > return_authenticator : * > return_authenticator: struct netr_Authenticator > cred: struct netr_Credential > data : 0000000000000000 > timestamp : (time_t)0 > query_level : 0x00000001 (1) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000074 (116) > context_id : 0x0000 (0) > opnum : 0x0015 (21) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >add_schannel_auth_footer: SCHANNEL seq_num=0 > &r: struct NL_AUTH_SHA2_SIGNATURE > SignatureAlgorithm : NL_SIGN_HMAC_SHA256 (0x13) > SealAlgorithm : NL_SEAL_AES128 (0x1A) > Pad : 0xffff (65535) > Flags : 0x0000 (0) > SequenceNumber : cdf53781036b8f22 > Checksum : dad761a6da6da5d30054ca543a38c38200000000000000000000000000000000 > Confounder : 0000000000000000 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=208, this_data=208, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 34 >smb_signing_sign_pdu: sent SMB signature of >[0000] FB 59 6D 04 06 DF 10 93 .Ym..... >smb_signing_md5: sequence number 35 >smb_signing_check_pdu: seq 35: got good SMB signature of >[0000] 4C 83 C6 DB DA 43 35 9F L....C5. >rpc_read_send: data_to_read: 104 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0078 (120) > auth_length : 0x0038 (56) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=96 >[0000] D6 79 F9 1D 28 BF EC A1 E0 46 F0 40 6E 31 59 60 .y..(... .F.@n1Y` >[0010] C8 EA B2 BF B8 6F F8 B5 50 06 1B 9D 7E 3D 74 A4 .....o.. P...~=t. >[0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0030] 62 9E 05 6D 66 40 BD E0 D5 25 18 EF DF C3 1F 43 b..mf@.. .%.....C >[0040] 42 9A 34 5E 78 2B B3 34 54 00 00 00 0F 00 00 00 B.4^x+.4 T....... >[0050] 00 00 00 00 0E 00 00 00 6D 00 61 00 69 00 6E 00 ........ m.a.i.n. >Requested Privacy. >../librpc/rpc/dcerpc_util.c:140: auth_pad_length 8 >SCHANNEL auth >Got pdu len 120, data_len 24, ss_len 8 >rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 24 bytes. > netr_LogonGetCapabilities: struct netr_LogonGetCapabilities > out: struct netr_LogonGetCapabilities > return_authenticator : * > return_authenticator: struct netr_Authenticator > cred: struct netr_Credential > data : 5db3d94332f1d386 > timestamp : (time_t)0 > capabilities : * > capabilities : union netr_Capabilities(case 1) > server_capabilities : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > result : NT_STATUS_OK >cli_rpc_pipe_open_schannel_with_key: opened pipe \netlogon to machine AD2012.maint.internal for domain MAINT and bound using schannel. >smb_signing_md5: sequence number 36 >smb_signing_sign_pdu: sent SMB signature of >[0000] A5 99 40 DF 3F 25 CC 7D ..@.?%.} >smb_signing_md5: sequence number 37 >smb_signing_check_pdu: seq 37: got good SMB signature of >[0000] 48 59 C0 A7 02 3C F2 22 HY...<." > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'AD2012.maint.internal' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0028 (40) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >add_schannel_auth_footer: SCHANNEL seq_num=2 > &r: struct NL_AUTH_SHA2_SIGNATURE > SignatureAlgorithm : NL_SIGN_HMAC_SHA256 (0x13) > SealAlgorithm : NL_SEAL_AES128 (0x1A) > Pad : 0xffff (65535) > Flags : 0x0000 (0) > SequenceNumber : 3b424aeaeae68111 > Checksum : c1568bf1b5a59f1371fcb7601b2ee17600000000000000000000000000000000 > Confounder : 0000000000000000 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=152, this_data=152, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 38 >smb_signing_sign_pdu: sent SMB signature of >[0000] ED 66 9E DE 02 FD 28 DB .f....(. >smb_signing_md5: sequence number 39 >smb_signing_check_pdu: seq 39: got good SMB signature of >[0000] 0B 98 D5 97 52 B0 8B 7C ....R..| >rpc_read_send: data_to_read: 232 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00f8 (248) > auth_length : 0x0038 (56) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000009c (156) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=224 >[0000] 2E 5E 1A 52 7C BA EC 24 E8 F2 68 89 7E 7A 65 C4 .^.R|..$ ..h.~ze. >[0010] 69 28 5F 45 F7 05 8E 2B 25 C8 AB 1F 86 80 0D 19 i(_E...+ %....... >[0020] E1 5A 65 D8 A8 21 52 9C C9 7A B9 04 4F 8C 18 2B .Ze..!R. .z..O..+ >[0030] 3D EC 7F 4D E2 17 25 B3 74 C4 70 C2 3F 0A CD 2F =..M..%. t.p.?../ >[0040] A5 E1 48 54 4F 97 3D 7E 75 93 8E CF 32 67 F9 3E ..HTO.=~ u...2g.> >[0050] 96 63 D5 1A 3F 9B F8 C1 13 3F DE 39 7F 6D 65 65 .c..?... .?.9.mee >[0060] 3B 6A BC 9D 3F 0A BE 86 2E 26 F3 E9 1F 15 69 5C ;j..?... .&....i\ >[0070] 42 41 F0 8A 3C BB 11 95 B3 D4 54 9D A9 42 36 7C BA..<... ..T..B6| >[0080] 0E 16 B4 E4 F6 71 03 53 A7 82 B1 F3 B1 A7 07 9F .....q.S ........ >[0090] 8F 3B 92 6B F4 2D 1F 36 28 78 19 E4 E7 B2 20 3B .;.k.-.6 (x.... ; >[00A0] 44 06 04 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[00B0] 4A F1 CF 98 23 87 6C AC B9 AA E6 F7 04 B2 D6 EA J...#.l. ........ >[00C0] 6F 90 FF 93 85 B7 8B 97 74 00 65 00 72 00 6E 00 o....... t.e.r.n. >[00D0] 61 00 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 a.l..... ........ >Requested Privacy. >../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4 >SCHANNEL auth >Got pdu len 248, data_len 156, ss_len 4 >rpc_api_pipe: got frag len of 248 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 156 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000001 (1) > array : * > array: ARRAY(1) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'MAINT' > dns_name : * > dns_name : 'maint.internal' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-4081593310-1799636251-3851585506 > guid : 33b305e4-d44c-4f89-a3a9-a4a1ee517e2b > result : WERR_OK >trusted_domains(ads): Searching trusted domain list of MAINT and storing trust flags for domain maint.internal >wcache_tdc_add_domain: Adding domain MAINT (maint.internal), SID S-1-5-21-4081593310-1799636251-3851585506, flags = 0x1d, attributes = 0x0, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for MAINT >pack_tdc_domains: Packing 3 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain DIAG (UNKNOWN) >pack_tdc_domains: Packing domain MAINT (maint.internal) >Finished processing child request 20 >Writing 3560 bytes to parent >rescan_forest_root_trusts: Following trust path for domain tree root MAINT (maint.internal) >child daemon request 20 >child_process_request: request fn LIST_TRUSTDOM >[ 6071]: list trusted domains >trusted_domains: [Cached] - doing backend query for info for domain MAINT >ads: trusted_domains > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'AD2012.maint.internal' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0028 (40) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >add_schannel_auth_footer: SCHANNEL seq_num=4 > &r: struct NL_AUTH_SHA2_SIGNATURE > SignatureAlgorithm : NL_SIGN_HMAC_SHA256 (0x13) > SealAlgorithm : NL_SEAL_AES128 (0x1A) > Pad : 0xffff (65535) > Flags : 0x0000 (0) > SequenceNumber : 466e0459fa3b8421 > Checksum : 94e311d5d87c74b5ba5e311ffed98e1200000000000000000000000000000000 > Confounder : 0000000000000000 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=152, this_data=152, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 40 >smb_signing_sign_pdu: sent SMB signature of >[0000] F8 BE A8 40 69 8A 2B 6C ...@i.+l >smb_signing_md5: sequence number 41 >smb_signing_check_pdu: seq 41: got good SMB signature of >[0000] CE 6B 5D 5D FB 97 54 5C .k]]..T\ >rpc_read_send: data_to_read: 232 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00f8 (248) > auth_length : 0x0038 (56) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000009c (156) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=224 >[0000] 79 75 A4 9E DC AC D7 AA 77 F6 FC 9F 3A 3C 43 F3 yu...... w...:<C. >[0010] E4 47 C9 1C 34 97 AA 40 D6 B8 F5 86 55 F7 81 93 .G..4..@ ....U... >[0020] B7 5F A3 3A 93 E0 50 BE 6B 65 28 F0 2D B3 00 24 ._.:..P. ke(.-..$ >[0030] CB 94 C4 C7 47 E4 D5 21 A8 20 57 05 1D 16 8F CE ....G..! . W..... >[0040] 98 74 DF 60 E6 E9 EA 0A 36 35 19 37 2F D0 5E A9 .t.`.... 65.7/.^. >[0050] CF ED 93 07 18 FD 00 69 D3 58 3E 80 C1 BC 1E D5 .......i .X>..... >[0060] 73 FF E7 7F FF 2A 90 5E 77 9A B8 0A CC 76 03 CA s....*.^ w....v.. >[0070] B9 DC E5 27 1D F5 D0 2B 41 C1 9F C9 5A D3 4C 01 ...'...+ A...Z.L. >[0080] EF 15 C5 4D 5F 07 85 3F 5B 92 6E 6A 5F 24 CC 2F ...M_..? [.nj_$./ >[0090] 8E A0 98 A5 E2 4D 8B 35 34 5D A4 0D 1E 31 76 51 .....M.5 4]...1vQ >[00A0] 44 06 04 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[00B0] 5D 76 DB 6F 83 B1 F5 FE B1 53 14 53 8E 22 80 00 ]v.o.... .S.S.".. >[00C0] CD 9F C7 25 53 98 59 2D 74 00 65 00 72 00 6E 00 ...%S.Y- t.e.r.n. >[00D0] 61 00 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 a.l..... ........ >Requested Privacy. >../librpc/rpc/dcerpc_util.c:140: auth_pad_length 4 >SCHANNEL auth >Got pdu len 248, data_len 156, ss_len 4 >rpc_api_pipe: got frag len of 248 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 156 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000001 (1) > array : * > array: ARRAY(1) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'MAINT' > dns_name : * > dns_name : 'maint.internal' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > parent_index : 0x00000000 (0) > trust_type : NETR_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: NETR_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: NETR_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > sid : * > sid : S-1-5-21-4081593310-1799636251-3851585506 > guid : 33b305e4-d44c-4f89-a3a9-a4a1ee517e2b > result : WERR_OK >trusted_domains(ads): Searching trusted domain list of MAINT and storing trust flags for domain maint.internal >wcache_tdc_add_domain: Adding domain MAINT (maint.internal), SID S-1-5-21-4081593310-1799636251-3851585506, flags = 0x1d, attributes = 0x0, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for MAINT >pack_tdc_domains: Packing 3 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain DIAG (UNKNOWN) >pack_tdc_domains: Packing domain MAINT (maint.internal) >Finished processing child request 20 >Writing 3560 bytes to parent >accepted socket 18 >process_request: request fn INTERFACE_VERSION >[ 4244]: request interface version >winbind_client_response_written[4244:INTERFACE_VERSION]: delivered response to client >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 4244]: request location of privileged pipe >winbind_client_response_written[4244:WINBINDD_PRIV_PIPE_DIR]: delivered response to client >accepted socket 20 >closing socket 18, client exited >process_request: Handling async request 4244:PAM_AUTH_CRAP >[ 4244]: pam auth crap domain: [MAINT] user: smoothwall >child daemon request 14 >child_process_request: request fn AUTH_CRAP >[ 6071]: pam auth crap domain: MAINT user: smoothwall > netr_LogonSamLogonEx: struct netr_LogonSamLogonEx > in: struct netr_LogonSamLogonEx > server_name : * > server_name : '\\AD2012.maint.internal' > computer_name : * > computer_name : 'DIAG' > logon_level : NetlogonNetworkInformation (2) > logon : * > logon : union netr_LogonLevel(case 2) > network : * > network: struct netr_NetworkInfo > identity_info: struct netr_IdentityInfo > domain_name: struct lsa_String > length : 0x000a (10) > size : 0x000a (10) > string : * > string : 'MAINT' > parameter_control : 0x00000820 (2080) > 0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED > 0: MSV1_0_UPDATE_LOGON_STATISTICS > 0: MSV1_0_RETURN_USER_PARAMETERS > 0: MSV1_0_DONT_TRY_GUEST_ACCOUNT > 1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT > 0: MSV1_0_RETURN_PASSWORD_EXPIRY > 0: MSV1_0_USE_CLIENT_CHALLENGE > 0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY > 0: MSV1_0_RETURN_PROFILE_PATH > 0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY > 1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT > 0: MSV1_0_DISABLE_PERSONAL_FALLBACK > 0: MSV1_0_ALLOW_FORCE_GUEST > 0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED > 0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY > 0: MSV1_0_ALLOW_MSVCHAPV2 > 0: MSV1_0_S4U2SELF > 0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U > 0: MSV1_0_SUBAUTHENTICATION_DLL_EX > logon_id_low : 0x0000dead (57005) > logon_id_high : 0x0000beef (48879) > account_name: struct lsa_String > length : 0x0014 (20) > size : 0x0014 (20) > string : * > string : 'smoothwall' > workstation: struct lsa_String > length : 0x0018 (24) > size : 0x0018 (24) > string : * > string : '\\WIN7DSH-PC' > challenge : c9093412361d5899 > nt: struct netr_ChallengeResponse > length : 0x00da (218) > size : 0x00da (218) > data : * > data : 6aebc6aa9d6680eb0f6ba1707598d1300101000000000000cfecd8d1f1bdcf01eae232ff77bcb41a0000000002000a004d00410049004e00540001000800440049004100470004000000030012006c006f00630061006c0068006f00730074000800300030000000000000000100000000100000de194c0d4e503b78e282fc452a73d089d60d2b5b9198f2aa745393143c09bda106000400040000000a0010000000000000000000000000000000000009001e0048005400540050002f003100370032002e00310036002e0030002e0033000000000000000000 > lm: struct netr_ChallengeResponse > length : 0x0018 (24) > size : 0x0018 (24) > data : * > data : 000000000000000000000000000000000000000000000000 > validation_level : 0x0006 (6) > flags : * > flags : 0x00000000 (0) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000210 (528) > context_id : 0x0000 (0) > opnum : 0x0027 (39) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >add_schannel_auth_footer: SCHANNEL seq_num=6 > &r: struct NL_AUTH_SHA2_SIGNATURE > SignatureAlgorithm : NL_SIGN_HMAC_SHA256 (0x13) > SealAlgorithm : NL_SEAL_AES128 (0x1A) > Pad : 0xffff (65535) > Flags : 0x0000 (0) > SequenceNumber : b462011cab7cec94 > Checksum : ecb6843f664f8ea211cf87cbb37c6dc200000000000000000000000000000000 > Confounder : 0000000000000000 >rpc_api_pipe: host AD2012.maint.internal >num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=616, this_data=616, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 >smb_signing_md5: sequence number 42 >smb_signing_sign_pdu: sent SMB signature of >[0000] B3 DE EB 94 AB 41 08 59 .....A.Y >smb_signing_md5: sequence number 43 >smb_signing_check_pdu: seq 43: got good SMB signature of >[0000] 9D 9C C5 2A 3E 50 45 9E ...*>PE. >rpc_read_send: data_to_read: 104 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0078 (120) > auth_length : 0x0038 (56) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 >[0000] 00 . > stub_and_verifier : DATA_BLOB length=96 >[0000] 34 F8 29 1C 6B 2E 4C 9B 12 E7 B5 0D 84 47 ED B4 4.).k.L. .....G.. >[0010] 9C 99 FC 5F 24 CE C3 BC 37 E8 01 37 64 52 F2 7C ..._$... 7..7dR.| >[0020] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0030] C6 30 32 A7 0F BA AD D4 91 50 AC 05 FC 3D 97 52 .02..... .P...=.R >[0040] 21 65 B9 83 B1 FB AB D9 36 35 19 37 2F D0 5E A9 !e...... 65.7/.^. >[0050] CF ED 93 07 18 FD 00 69 D3 58 3E 80 C1 BC 1E D5 .......i .X>..... >Requested Privacy. >../librpc/rpc/dcerpc_util.c:140: auth_pad_length 12 >SCHANNEL auth >Got pdu len 120, data_len 20, ss_len 12 >rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK >rpc_api_pipe: host AD2012.maint.internal returned 20 bytes. > netr_LogonSamLogonEx: struct netr_LogonSamLogonEx > out: struct netr_LogonSamLogonEx > validation : * > validation : union netr_Validation(case 6) > sam6 : NULL > authoritative : * > authoritative : 0x01 (1) > flags : * > flags : 0x00000000 (0) > result : NT_STATUS_WRONG_PASSWORD >NTLM CRAP authentication for user [MAINT]\[smoothwall] returned NT_STATUS_WRONG_PASSWORD (PAM: 4) >Finished processing child request 14 >Writing 3496 bytes to parent >wb_request_done[4244:PAM_AUTH_CRAP]: NT_STATUS_WRONG_PASSWORD >winbind_client_response_written[4244:PAM_AUTH_CRAP]: delivered response to client >check_domain_online_handler: called for domain MAINT (online = True) >Registering messaging pointer for type 1030 - private_data=(nil) >Registering messaging pointer for type 1031 - private_data=(nil) >Deregistering messaging pointer for type 33 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Deregistering messaging pointer for type 1036 - private_data=(nil) >Deregistering messaging pointer for type 1035 - private_data=(nil) >Opening cache file at /var/samba/MAINT.INTERNAL/gencache.tdb >Opening cache file at /var/samba/MAINT.INTERNAL/gencache_notrans.tdb >sitename_fetch: Returning sitename for maint.internal: "Default-First-Site-Name" >ads_dc_name: domain=MAINT >sitename_fetch: Returning sitename for maint.internal: "Default-First-Site-Name" >ads_find_dc: (cldap) looking for realm 'maint.internal' >get_sorted_dc_list: attempting lookup for name maint.internal (sitename Default-First-Site-Name) >saf_fetch: Returning "AD2012.maint.internal" for "maint.internal" domain >get_dc_list: preferred server list: "AD2012.maint.internal, *" >internal_resolve_name: looking up maint.internal#1c (sitename Default-First-Site-Name) >name maint.internal#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for MAINT.INTERNAL: "Default-First-Site-Name" >internal_resolve_name: looking up AD2012.maint.internal#20 (sitename Default-First-Site-Name) >name AD2012.maint.internal#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 172.16.0.2:389 >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >ads_try_connect: sending CLDAP request to 172.16.0.2 (realm: maint.internal) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000073fd (29693) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 33b305e4-d44c-4f89-a3a9-a4a1ee517e2b > forest : 'maint.internal' > dns_domain : 'maint.internal' > pdc_dns_name : 'AD2012.maint.internal' > domain_name : 'MAINT' > pdc_name : 'AD2012' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [MAINT], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/MAINT, we already got it >sitename_store: realm = [maint.internal], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/MAINT.INTERNAL, we already got it >Successfully contacted LDAP server 172.16.0.2 >sitename_fetch: Returning sitename for maint.internal: "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/samba/MAINT.INTERNAL/smb_krb5/krb5.conf.MAINT, realm = maint.internal, domain = MAINT >saf_fetch: Returning "AD2012.maint.internal" for "maint.internal" domain >get_dc_list: preferred server list: "AD2012.maint.internal, *" >internal_resolve_name: looking up maint.internal#1c (sitename Default-First-Site-Name) >name maint.internal#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for MAINT.INTERNAL: "Default-First-Site-Name" >internal_resolve_name: looking up AD2012.maint.internal#20 (sitename Default-First-Site-Name) >name AD2012.maint.internal#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 172.16.0.2:389 >saf_fetch: Returning "AD2012.maint.internal" for "maint.internal" domain >get_dc_list: preferred server list: "AD2012.maint.internal, *" >internal_resolve_name: looking up maint.internal#1c (sitename (null)) >name maint.internal#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for MAINT.INTERNAL: "Default-First-Site-Name" >internal_resolve_name: looking up AD2012.maint.internal#20 (sitename Default-First-Site-Name) >name AD2012.maint.internal#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 172.16.0.2:389 > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000073fd (29693) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 33b305e4-d44c-4f89-a3a9-a4a1ee517e2b > forest : 'maint.internal' > dns_domain : 'maint.internal' > pdc_dns_name : 'AD2012.maint.internal' > domain_name : 'MAINT' > pdc_name : 'AD2012' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >get_kdc_ip_string: Returning kdc = 172.16.0.2 > >create_local_private_krb5_conf_for_domain: wrote file /var/samba/MAINT.INTERNAL/smb_krb5/krb5.conf.MAINT with realm MAINT.INTERNAL KDC list = kdc = 172.16.0.2 > >ads_dc_name: using server='AD2012.MAINT.INTERNAL' IP=172.16.0.2 >sitename_fetch: Returning sitename for maint.internal: "Default-First-Site-Name" >get_sorted_dc_list: attempting lookup for name maint.internal (sitename Default-First-Site-Name) >saf_fetch: Returning "AD2012.maint.internal" for "maint.internal" domain >get_dc_list: preferred server list: "AD2012.maint.internal, *" >internal_resolve_name: looking up maint.internal#1c (sitename Default-First-Site-Name) >name maint.internal#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for MAINT.INTERNAL: "Default-First-Site-Name" >internal_resolve_name: looking up AD2012.maint.internal#20 (sitename Default-First-Site-Name) >name AD2012.maint.internal#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 172.16.0.2:389 >check_negative_conn_cache returning result 0 for domain MAINT server 172.16.0.2 >get_sorted_dc_list: attempting lookup for name maint.internal (sitename NULL) >saf_fetch: Returning "AD2012.maint.internal" for "maint.internal" domain >get_dc_list: preferred server list: "AD2012.maint.internal, *" >internal_resolve_name: looking up maint.internal#1c (sitename (null)) >name maint.internal#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for MAINT.INTERNAL: "Default-First-Site-Name" >internal_resolve_name: looking up AD2012.maint.internal#20 (sitename Default-First-Site-Name) >name AD2012.maint.internal#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >check_negative_conn_cache returning result 0 for domain maint.internal server 172.16.0.2 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 172.16.0.2:389 >check_negative_conn_cache returning result 0 for domain MAINT server 172.16.0.2 >messaging_tdb_store: > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_WINBIND_TRY_TO_GO_ONLINE (1030) > dest: struct server_id > pid : 0x00000000000017b7 (6071) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x00000000000017bd (6077) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > buf : DATA_BLOB length=6 >[0000] 4D 41 49 4E 54 00 MAINT. >messaging_tdb_signal_handler: sig[10] count[1] msgs[1] >message_dispatch: received_messages = 1 >messaging_tdb_fetch: > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_WINBIND_TRY_TO_GO_ONLINE (1030) > dest: struct server_id > pid : 0x00000000000017b7 (6071) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x00000000000017bd (6077) > task_id : 0x00000000 (0) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > buf : DATA_BLOB length=6 >[0000] 4D 41 49 4E 54 00 MAINT. >msg_try_to_go_online: received for domain MAINT. >msg_try_to_go_online: domain MAINT already online. >Already reaped child 6077 died >Got sig[2] terminate (is_parent=1) >Opening cache file at /var/samba/MAINT.INTERNAL/gencache.tdb >Opening cache file at /var/samba/MAINT.INTERNAL/gencache_notrans.tdb >Got sig[2] terminate (is_parent=0) >check lock order 2 for /var/samba/MAINT.INTERNAL/serverid.tdb >lock order: 1:<none> 2:/var/samba/MAINT.INTERNAL/serverid.tdb 3:<none> >Locking key B717000000000000FFFF >Allocated locked data 0x0x7f57222aafc0 >Unlocking key B717000000000000FFFF >release lock order 2 for /var/samba/MAINT.INTERNAL/serverid.tdb >lock order: 1:<none> 2:<none> 3:<none>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10228">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10784
:
10227
| 10228