INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 scavenger: 100 dns: 100 ldb: 100 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 scavenger: 100 dns: 100 ldb: 100 Processing section "[global]" doing parameter dos charset = CP1251 doing parameter unix charset = UTF8 doing parameter workgroup = EXAMPLE doing parameter server string = %h server doing parameter netbios name = DEBCLIENT doing parameter security = domain doing parameter template shell = /bin/bash doing parameter template homedir = /home/%U doing parameter map to guest = Bad User doing parameter syslog = 0 doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter wins server = 192.168.0.60 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter map acl inherit = Yes doing parameter case sensitive = No doing parameter hide unreadable = Yes pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="DEBCLIENT" added interface eth0 ip=192.168.0.62 bcast=192.168.0.255 netmask=255.255.255.0 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'PDC' machine_name : 'DEBCLIENT' domain_name : * domain_name : 'EXAMPLE' account_ou : NULL admin_account : '' admin_domain : NULL machine_password : NULL join_flags : 0x000000c1 (193) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 1: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 1: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/cache/samba/gencache_notrans.tdb sitename_fetch: No stored sitename for internal_resolve_name: looking up PDC#20 (sitename (null)) name PDC#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29410 Connecting to 192.168.0.60 at port 445 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29a50 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29da0 samba_tevent: Destroying timer event 0x7f5facf29a50 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf29410 "tevent_req_timedout" samba_tevent: Running timer event 0x7f5facf29da0 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf2a310 Connecting to 192.168.0.60 at port 139 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29320 samba_tevent: Ending timer event 0x7f5facf29da0 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf29320 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf2a310 "tevent_req_timedout" Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 24040 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28710 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf28710 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29ab0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf29ab0 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf2a0a0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf2a0a0 "tevent_req_timedout" cli_init_creds: user domain samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf33890 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf33890 "tevent_req_timedout" GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Bind RPC Pipe: host PDC auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46350 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44e60 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47c20 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf44e60 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47740 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47740 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf470f0 samba_tevent: Destroying timer event 0x7f5facf46350 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf470f0 samba_tevent: Destroying timer event 0x7f5facf47c20 "tevent_req_timedout" rpc_read_send: data_to_read: 52 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf46de0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf434d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf46de0 samba_tevent: Destroying timer event 0x7f5facf434d0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=1 [0000] 00 . num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine PDC and bound anonymously. lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf43be0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf434d0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44980 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf434d0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf485c0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf485c0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46040 samba_tevent: Destroying timer event 0x7f5facf43be0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46040 samba_tevent: Destroying timer event 0x7f5facf44980 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47ac0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf434d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47ac0 samba_tevent: Destroying timer event 0x7f5facf434d0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 9C 55 97 FC ........ .....U.. [0010] 9E 0E 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-97fc9e0e0000 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-97fc9e0e0000 level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf460e0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf461a0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44750 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf461a0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf48680 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf48680 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48030 samba_tevent: Destroying timer event 0x7f5facf460e0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48030 samba_tevent: Destroying timer event 0x7f5facf44750 "tevent_req_timedout" rpc_read_send: data_to_read: 16 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47790 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf460e0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47790 samba_tevent: Destroying timer event 0x7f5facf460e0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_FAULT (3) pfc_flags : 0x23 (35) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 1: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0020 (32) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 3) fault: struct dcerpc_fault alloc_hint : 0x00000000 (0) context_id : 0x0000 (0) cancel_count : 0x00 (0) status : DCERPC_NCA_S_OP_RNG_ERROR (469827586) _pad : DATA_BLOB length=4 [0000] 00 00 00 00 .... ../source3/rpc_client/cli_pipe.c:480: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host PDC! rpc_api_pipe: got frag len of 32 at offset 0: NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-97fc9e0e0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46110 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf461d0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48ab0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf461d0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf48680 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf48680 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48030 samba_tevent: Destroying timer event 0x7f5facf46110 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48030 samba_tevent: Destroying timer event 0x7f5facf48ab0 "tevent_req_timedout" rpc_read_send: data_to_read: 88 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47790 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46110 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47790 samba_tevent: Destroying timer event 0x7f5facf46110 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0068 (104) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000050 (80) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=80 [0000] 00 00 02 00 05 00 00 00 0E 00 10 00 04 00 02 00 ........ ........ [0010] 08 00 02 00 08 00 00 00 00 00 00 00 07 00 00 00 ........ ........ [0020] 45 00 58 00 41 00 4D 00 50 00 4C 00 45 00 00 00 E.X.A.M. P.L.E... [0030] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........ [0040] B5 45 CD E6 1C 33 56 38 0F AB 2B 16 00 00 00 00 .E...3V8 ..+..... Got pdu len 104, data_len 80, ss_len 0 rpc_api_pipe: got frag len of 104 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 80 bytes. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'EXAMPLE' sid : * sid : S-1-5-21-3872212405-945173276-371960591 result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-97fc9e0e0000 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46100 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf461c0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48e80 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf461c0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf48a50 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf48a50 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48400 samba_tevent: Destroying timer event 0x7f5facf46100 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48400 samba_tevent: Destroying timer event 0x7f5facf48e80 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47b60 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf461c0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47b60 samba_tevent: Destroying timer event 0x7f5facf461c0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf26df0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf26df0 "tevent_req_timedout" No realm has been specified! Do you really want to join an Active Directory server? samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf278c0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf278c0 "tevent_req_timedout" Bind RPC Pipe: host PDC auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46a20 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44dc0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48240 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf44dc0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47e10 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47e10 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf477c0 samba_tevent: Destroying timer event 0x7f5facf46a20 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf477c0 samba_tevent: Destroying timer event 0x7f5facf48240 "tevent_req_timedout" rpc_read_send: data_to_read: 56 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf46e50 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44dc0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf46e50 samba_tevent: Destroying timer event 0x7f5facf44dc0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=3 [0000] 00 00 00 ... num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 72 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 72 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe netlogon to machine PDC and bound anonymously. samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44dc0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf44dc0 "tevent_req_timedout" Bind RPC Pipe: host PDC auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf498a0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48210 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4af70 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf48210 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a800 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a800 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a640 samba_tevent: Destroying timer event 0x7f5facf498a0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a640 samba_tevent: Destroying timer event 0x7f5facf4af70 "tevent_req_timedout" rpc_read_send: data_to_read: 56 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf49a10 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49c60 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf49a10 samba_tevent: Destroying timer event 0x7f5facf49c60 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=3 [0000] 00 00 00 ... num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 72 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 72 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe netlogon to machine PDC and bound anonymously. check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf47c30 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf478d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf478d0 check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf477d0 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\PDC' computer_name : * computer_name : 'DEBCLIENT' credentials : * credentials: struct netr_Credential data : e8d829976780d18c &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000044 (68) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf497c0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf496e0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4d020 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4d020 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47ef0 samba_tevent: Destroying timer event 0x7f5facf497c0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47ef0 samba_tevent: Destroying timer event 0x7f5facf496e0 "tevent_req_timedout" rpc_read_send: data_to_read: 20 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4c520 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4c520 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=12 [0000] F0 6D 05 B4 6B 01 39 99 00 00 00 00 .m..k.9. .... Got pdu len 36, data_len 12, ss_len 0 rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 12 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : f06d05b46b013999 result : NT_STATUS_OK netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\PDC' account_name : * account_name : 'DEBCLIENT$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'DEBCLIENT' credentials : * credentials: struct netr_Credential data : 4f5a4bab2bc56cf6 negotiate_flags : * negotiate_flags : 0x610fffff (1628438527) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000006c (108) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48060 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=132, this_data=132, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47f80 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48310 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf47f80 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4d490 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4d490 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf489b0 samba_tevent: Destroying timer event 0x7f5facf48060 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf489b0 samba_tevent: Destroying timer event 0x7f5facf48310 "tevent_req_timedout" rpc_read_send: data_to_read: 28 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4c990 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf489b0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4c990 samba_tevent: Destroying timer event 0x7f5facf489b0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 41 00 00 00 00 ........ .A.A.... [0010] 22 00 00 C0 "... Got pdu len 44, data_len 20, ss_len 0 rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 20 bytes. netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x410241ff (1090667007) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\PDC' computer_name : * computer_name : 'DEBCLIENT' credentials : * credentials: struct netr_Credential data : c8efeff2ce9dd908 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000044 (68) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4b420 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48040 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4e0f0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4e0f0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47f80 samba_tevent: Destroying timer event 0x7f5facf4b420 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47f80 samba_tevent: Destroying timer event 0x7f5facf48040 "tevent_req_timedout" rpc_read_send: data_to_read: 20 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4d5f0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47f80 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4d5f0 samba_tevent: Destroying timer event 0x7f5facf47f80 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=12 [0000] 15 C6 46 64 3F 71 2D 4A 00 00 00 00 ..Fd?q-J .... Got pdu len 36, data_len 12, ss_len 0 rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 12 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 15c646643f712d4a result : NT_STATUS_OK netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\PDC' account_name : * account_name : 'DEBCLIENT$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'DEBCLIENT' credentials : * credentials: struct netr_Credential data : b7474a50c2dc25e8 negotiate_flags : * negotiate_flags : 0x410241ff (1090667007) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000006c (108) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4adb0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=132, this_data=132, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4b420 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4e8b0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4e8b0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4c310 samba_tevent: Destroying timer event 0x7f5facf4adb0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4c310 samba_tevent: Destroying timer event 0x7f5facf4b420 "tevent_req_timedout" rpc_read_send: data_to_read: 28 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4ddb0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4b420 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4ddb0 samba_tevent: Destroying timer event 0x7f5facf4b420 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 41 00 00 00 00 ........ .A.A.... [0010] 22 00 00 C0 "... Got pdu len 44, data_len 20, ss_len 0 rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 20 bytes. netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x410241ff (1090667007) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf477d0 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48430 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf48430 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf2a1c0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf29700 samba_tevent: Destroying timer event 0x7f5facf2a1c0 "tevent_req_timedout" libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'EXAMPLE' dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : * domain_sid : S-1-5-21-3872212405-945173276-371960591 modified_config : 0x00 (0) error_string : 'failed to join domain 'EXAMPLE' over rpc: Access denied' domain_is_ad : 0x00 (0) result : WERR_ACCESS_DENIED Enter root's password:libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'PDC' machine_name : 'DEBCLIENT' domain_name : * domain_name : 'EXAMPLE' account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) sitename_fetch: No stored sitename for internal_resolve_name: looking up PDC#20 (sitename (null)) name PDC#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf45600 Connecting to 192.168.0.60 at port 445 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf33740 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28be0 samba_tevent: Destroying timer event 0x7f5facf33740 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf45600 "tevent_req_timedout" samba_tevent: Running timer event 0x7f5facf28be0 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf45600 Connecting to 192.168.0.60 at port 139 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf333c0 samba_tevent: Ending timer event 0x7f5facf28be0 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf333c0 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf45600 "tevent_req_timedout" Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 24040 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf43720 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf43720 "tevent_req_timedout" Doing spnego session setup (blob length=74) got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0007 (7) DomainNameMaxLen : 0x0007 (7) DomainName : * DomainName : 'EXAMPLE' WorkstationLen : 0x0009 (9) WorkstationMaxLen : 0x0009 (9) Workstation : * Workstation : 'DEBCLIENT' samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29d40 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf29d40 "tevent_req_timedout" challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000e (14) TargetNameMaxLen : 0x000e (14) TargetName : * TargetName : 'EXAMPLE' NegotiateFlags : 0x60898215 (1619624469) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : 15cd3ecc46243212 Reserved : 0000000000000000 TargetInfoLen : 0x005c (92) TargetNameInfoMaxLen : 0x005c (92) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'EXAMPLE' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PDC' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'example.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'pdc.example.com' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 44cf2495d038e94a109a6b415c1fc6935129723b6bbeaf73 NtChallengeResponseLen : 0x0088 (136) NtChallengeResponseMaxLen: 0x0088 (136) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 136) v2: struct NTLMv2_RESPONSE Response : 5ec0a3b128ff6ebfb247aaff47fa9266 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Wed Jul 8 11:34:03 2015 BST ChallengeFromClient : b11ed7de5ac83124 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'EXAMPLE' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PDC' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'example.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'pdc.example.com' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x0008 (8) UserNameMaxLen : 0x0008 (8) UserName : * UserName : 'root' WorkstationLen : 0x0012 (18) WorkstationMaxLen : 0x0012 (18) Workstation : * Workstation : 'DEBCLIENT' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] A8 09 91 4E 5A 09 67 02 C3 B7 81 FF 91 0A C6 71 ...NZ.g. .......q NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47c30 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47c30 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf487f0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf487f0 "tevent_req_timedout" cli_init_creds: user root domain samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29d40 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf29d40 "tevent_req_timedout" Bind RPC Pipe: host PDC auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf470e0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf277e0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf494e0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf494e0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48350 samba_tevent: Destroying timer event 0x7f5facf470e0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48350 samba_tevent: Destroying timer event 0x7f5facf277e0 "tevent_req_timedout" rpc_read_send: data_to_read: 52 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf47850 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf47850 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000d (13) secondary_address : '\PIPE\lsarpc' _pad1 : DATA_BLOB length=1 [0000] 00 . num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine PDC and bound anonymously. lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf482d0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46710 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a4d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a4d0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48390 samba_tevent: Destroying timer event 0x7f5facf482d0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf48390 samba_tevent: Destroying timer event 0x7f5facf46710 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf499d0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf499d0 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 9C 55 9B FC ........ .....U.. [0010] 9F 0E 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-9bfc9f0e0000 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-9bfc9f0e0000 level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf460a0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46f70 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf277e0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf46f70 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a4d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a4d0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46eb0 samba_tevent: Destroying timer event 0x7f5facf460a0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46eb0 samba_tevent: Destroying timer event 0x7f5facf277e0 "tevent_req_timedout" rpc_read_send: data_to_read: 16 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf499d0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48420 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf499d0 samba_tevent: Destroying timer event 0x7f5facf48420 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_FAULT (3) pfc_flags : 0x23 (35) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 1: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0020 (32) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 3) fault: struct dcerpc_fault alloc_hint : 0x00000000 (0) context_id : 0x0000 (0) cancel_count : 0x00 (0) status : DCERPC_NCA_S_OP_RNG_ERROR (469827586) _pad : DATA_BLOB length=4 [0000] 00 00 00 00 .... ../source3/rpc_client/cli_pipe.c:480: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host PDC! rpc_api_pipe: got frag len of 32 at offset 0: NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-9bfc9f0e0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47ae0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48190 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a4d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a4d0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46ed0 samba_tevent: Destroying timer event 0x7f5facf47ae0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46ed0 samba_tevent: Destroying timer event 0x7f5facf48190 "tevent_req_timedout" rpc_read_send: data_to_read: 88 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf499d0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf499d0 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0068 (104) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000050 (80) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=80 [0000] 00 00 02 00 05 00 00 00 0E 00 10 00 04 00 02 00 ........ ........ [0010] 08 00 02 00 08 00 00 00 00 00 00 00 07 00 00 00 ........ ........ [0020] 45 00 58 00 41 00 4D 00 50 00 4C 00 45 00 00 00 E.X.A.M. P.L.E... [0030] 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ........ ........ [0040] B5 45 CD E6 1C 33 56 38 0F AB 2B 16 00 00 00 00 .E...3V8 ..+..... Got pdu len 104, data_len 80, ss_len 0 rpc_api_pipe: got frag len of 104 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 80 bytes. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'EXAMPLE' sid : * sid : S-1-5-21-3872212405-945173276-371960591 result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-9c55-9bfc9f0e0000 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf27740 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48420 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47170 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf48420 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4ab40 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4ab40 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf28d10 samba_tevent: Destroying timer event 0x7f5facf27740 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf28d10 samba_tevent: Destroying timer event 0x7f5facf47170 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a040 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48420 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a040 samba_tevent: Destroying timer event 0x7f5facf48420 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" No realm has been specified! Do you really want to join an Active Directory server? samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28d20 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf28d20 "tevent_req_timedout" Bind RPC Pipe: host PDC auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ac if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf474c0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf276a0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47b00 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf276a0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf49b40 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf49b40 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47920 samba_tevent: Destroying timer event 0x7f5facf474c0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47920 samba_tevent: Destroying timer event 0x7f5facf47b00 "tevent_req_timedout" rpc_read_send: data_to_read: 52 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf49040 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47b00 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf49040 samba_tevent: Destroying timer event 0x7f5facf47b00 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000b (11) secondary_address : '\PIPE\samr' _pad1 : DATA_BLOB length=3 [0000] 00 00 00 ... num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe samr to machine PDC and bound anonymously. samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'PDC' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000012 (18) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0039 (57) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28ba0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47830 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28a30 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47830 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a820 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a820 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47910 samba_tevent: Destroying timer event 0x7f5facf28ba0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47910 samba_tevent: Destroying timer event 0x7f5facf28a30 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf499f0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46390 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf499f0 samba_tevent: Destroying timer event 0x7f5facf46390 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000012 (18) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 9C 55 9B FC ........ .....U.. [0010] 9F 0E 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-9c55-9bfc9f0e0000 result : NT_STATUS_OK samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-9c55-9bfc9f0e0000 access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-3872212405-945173276-371960591 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000013 (19) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000034 (52) context_id : 0x0000 (0) opnum : 0x0007 (7) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47320 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=76, this_data=76, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28b80 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf480c0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf28b80 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a8c0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a8c0 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a270 samba_tevent: Destroying timer event 0x7f5facf47320 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a270 samba_tevent: Destroying timer event 0x7f5facf480c0 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf49d00 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28b80 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf49d00 samba_tevent: Destroying timer event 0x7f5facf28b80 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000013 (19) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 9C 55 9B FC ........ .....U.. [0010] 9F 0E 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-9c55-9bfc9f0e0000 result : NT_STATUS_OK Creating account with desired access mask: -536543056 samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-9c55-9bfc9f0e0000 account_name : * account_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'debclient$' acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000014 (20) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000044 (68) context_id : 0x0000 (0) opnum : 0x0032 (50) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28c10 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46f20 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf289c0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf46f20 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a990 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a990 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a340 samba_tevent: Destroying timer event 0x7f5facf28c10 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a340 samba_tevent: Destroying timer event 0x7f5facf289c0 "tevent_req_timedout" rpc_read_send: data_to_read: 40 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf49dd0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46f20 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf49dd0 samba_tevent: Destroying timer event 0x7f5facf46f20 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000014 (20) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 10 00 00 00 00 00 00 00 9C 55 9B FC ........ .....U.. [0010] 9F 0E 00 00 FF 07 0F 00 EB 03 00 00 00 00 00 00 ........ ........ Got pdu len 56, data_len 32, ss_len 0 rpc_api_pipe: got frag len of 56 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 32 bytes. samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-9c55-9bfc9f0e0000 access_granted : * access_granted : 0x000f07ff (985087) rid : * rid : 0x000003eb (1003) result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-9c55-9bfc9f0e0000 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000015 (21) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf493d0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47460 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf481c0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47460 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4af30 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4af30 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46db0 samba_tevent: Destroying timer event 0x7f5facf493d0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46db0 samba_tevent: Destroying timer event 0x7f5facf481c0 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a430 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47460 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a430 samba_tevent: Destroying timer event 0x7f5facf47460 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000015 (21) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-9c55-9bfc9f0e0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'debclient$' &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000016 (22) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000004c (76) context_id : 0x0000 (0) opnum : 0x0011 (17) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47950 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=100, this_data=100, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf481c0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46db0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf481c0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4af30 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4af30 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47a80 samba_tevent: Destroying timer event 0x7f5facf47950 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47a80 samba_tevent: Destroying timer event 0x7f5facf46db0 "tevent_req_timedout" rpc_read_send: data_to_read: 44 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a430 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf481c0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a430 samba_tevent: Destroying timer event 0x7f5facf481c0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000016 (22) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000024 (36) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=36 [0000] 01 00 00 00 04 00 02 00 01 00 00 00 EB 03 00 00 ........ ........ [0010] 01 00 00 00 08 00 02 00 01 00 00 00 01 00 00 00 ........ ........ [0020] 00 00 00 00 .... Got pdu len 60, data_len 36, ss_len 0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 36 bytes. samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003eb (1003) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-9c55-9bfc9f0e0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003eb (1003) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000017 (23) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0022 (34) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28a40 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47a50 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29540 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47a50 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b260 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b260 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf477d0 samba_tevent: Destroying timer event 0x7f5facf28a40 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf477d0 samba_tevent: Destroying timer event 0x7f5facf29540 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a760 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47a50 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a760 samba_tevent: Destroying timer event 0x7f5facf47a50 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000017 (23) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 11 00 00 00 00 00 00 00 9C 55 9B FC ........ .....U.. [0010] 9F 0E 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-9c55-9bfc9f0e0000 result : NT_STATUS_OK samr_SetUserInfo: struct samr_SetUserInfo in: struct samr_SetUserInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-9c55-9bfc9f0e0000 level : UserControlInformation (16) info : * info : union samr_UserInfo(case 16) info16: struct samr_UserInfo16 acct_flags : 0x00000280 (640) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000018 (24) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000001c (28) context_id : 0x0000 (0) opnum : 0x0025 (37) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46e70 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48160 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28ad0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf48160 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b260 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b260 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46fa0 samba_tevent: Destroying timer event 0x7f5facf46e70 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46fa0 samba_tevent: Destroying timer event 0x7f5facf28ad0 "tevent_req_timedout" rpc_read_send: data_to_read: 12 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a760 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48160 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a760 samba_tevent: Destroying timer event 0x7f5facf48160 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x00000018 (24) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... Got pdu len 28, data_len 4, ss_len 0 rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 4 bytes. samr_SetUserInfo: struct samr_SetUserInfo out: struct samr_SetUserInfo result : NT_STATUS_OK samr_SetUserInfo2: struct samr_SetUserInfo2 in: struct samr_SetUserInfo2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-9c55-9bfc9f0e0000 level : UserInternal5InformationNew (26) info : * info : union samr_UserInfo(case 26) info26: struct samr_UserInfo26 password: struct samr_CryptPasswordEx data: ARRAY(532) [0000] 59 7B 3D A3 92 43 7B 53 01 14 D8 2D 17 CE 32 35 Y{=..C{S ...-..25 [0010] 8E B1 C1 6A 06 C8 D3 B7 CB EE 78 E1 54 15 91 01 ...j.... ..x.T... [0020] 23 B4 69 C0 F1 CF CC A5 A9 1F 0B 5A C7 53 6A BE #.i..... ...Z.Sj. [0030] 98 46 D7 21 50 9C BD 72 AC 85 A0 15 27 18 41 24 .F.!P..r ....'.A$ [0040] 50 3B DB AA 3A 5D A2 DA 45 92 2D BD 08 35 00 9F P;..:].. E.-..5.. [0050] 16 E8 63 C8 75 70 9F 3B DB 38 D0 87 A6 75 72 04 ..c.up.; .8...ur. [0060] 74 6A CE 00 86 5F 1D 5B C7 E6 56 33 26 F4 98 64 tj..._.[ ..V3&..d [0070] EE CF 9E 11 3C F9 9A 4D E5 14 27 DD 4B 26 D3 4A ....<..M ..'.K&.J [0080] 6B 4E 4B D6 C9 D1 B7 19 D9 C5 27 47 F4 C1 EB 4C kNK..... ..'G...L [0090] A6 AC 32 3A 28 C4 D9 40 1A 78 50 D7 E4 03 37 7C ..2:(..@ .xP...7| [00A0] 78 ED A6 27 CB CE 38 25 F5 4E 6A F8 E6 77 6C D1 x..'..8% .Nj..wl. [00B0] 6B 64 C9 FD A8 7A 2C A9 FB CC 3B AE 69 61 EE BF kd...z,. ..;.ia.. [00C0] 11 AD 62 B1 67 8B 57 9E DD C1 CD FB F8 4F 9F 80 ..b.g.W. .....O.. [00D0] 92 19 E4 F2 10 9D C2 60 3E 98 3E 1C D9 89 0A 3E .......` >.>....> [00E0] 30 11 32 81 6C E6 AE 37 49 46 FB 11 1B 7D 42 A7 0.2.l..7 IF...}B. [00F0] 32 4B 8E 00 71 42 99 5F F7 13 C6 BC 2A 54 62 D7 2K..qB._ ....*Tb. [0100] 78 3B EA FC DD 70 5D AF 78 AD 81 0F 6D 50 AA AA x;...p]. x...mP.. [0110] 0E EB BC AB A7 BB BD 17 EE DA 21 CF 26 66 54 F3 ........ ..!.&fT. [0120] 2C 82 17 78 28 40 B6 55 C8 08 62 DD 23 22 15 81 ,..x(@.U ..b.#".. [0130] B6 B7 3E 1A 91 D7 99 E9 DB 41 83 F7 E2 98 A9 F9 ..>..... .A...... [0140] 54 F0 9C 3B C2 1E 52 1A 73 91 E5 F1 BE 51 8A 45 T..;..R. s....Q.E [0150] A5 F6 95 4F DF 75 F5 63 4A 69 38 58 58 A7 FC D9 ...O.u.c Ji8XX... [0160] 64 21 72 FA 8B 93 5F D4 2F F6 BD 7B 11 3A 13 6A d!r..._. /..{.:.j [0170] 70 EE C8 32 0F E6 A8 9D B7 C3 E2 83 50 C0 A5 E9 p..2.... ....P... [0180] 88 0D 25 7E 73 47 3E 26 36 EF DA E9 B6 5F 84 0E ..%~sG>& 6...._.. [0190] 3E D7 D0 B8 80 8A 82 FF 28 31 3A 3C E8 03 94 C4 >....... (1:<.... [01A0] BA 5D 9C 99 3A 06 CF 18 28 C3 6C A6 D8 93 8F 64 .]..:... (.l....d [01B0] 98 C4 EE 2E 2B 24 B1 6E 6F BE B3 ED D9 6B 96 26 ....+$.n o....k.& [01C0] 35 79 87 35 0B 0D 5A B7 EE 4E A7 D0 DB A5 11 3D 5y.5..Z. .N.....= [01D0] 95 78 3A 14 BB E0 BB BF 19 2E 30 FA 92 E0 56 40 .x:..... ..0...V@ [01E0] 55 3A 89 87 D9 1E 78 D2 D8 A2 6C 1E 32 7D DD 25 U:....x. ..l.2}.% [01F0] 27 74 45 A2 B0 63 87 A0 A4 BE 35 C1 73 83 74 57 'tE..c.. ..5.s.tW [0200] 42 3C F7 B1 78 94 4F 83 EC 15 9D 2B 4C E1 DA 2D B<..x.O. ...+L..- [0210] F9 D3 98 B9 .... password_expired : 0x00 (0) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000019 (25) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000022d (557) context_id : 0x0000 (0) opnum : 0x003a (58) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf462c0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=581, this_data=581, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28b60 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf461e0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf28b60 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46ef0 samba_tevent: Destroying timer event 0x7f5facf462c0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46ef0 samba_tevent: Destroying timer event 0x7f5facf461e0 "tevent_req_timedout" rpc_read_send: data_to_read: 12 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4aa00 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf28b60 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4aa00 samba_tevent: Destroying timer event 0x7f5facf28b60 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x00000019 (25) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=4 [0000] 00 00 00 00 .... Got pdu len 28, data_len 4, ss_len 0 rpc_api_pipe: got frag len of 28 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 4 bytes. samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-9c55-9bfc9f0e0000 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000001a (26) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49c00 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47e90 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29540 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47e90 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47af0 samba_tevent: Destroying timer event 0x7f5facf49c00 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf47af0 samba_tevent: Destroying timer event 0x7f5facf29540 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a6c0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47e90 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a6c0 samba_tevent: Destroying timer event 0x7f5facf47e90 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000001a (26) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-9c55-9bfc9f0e0000 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000001b (27) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49c00 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47e90 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29540 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47e90 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf478b0 samba_tevent: Destroying timer event 0x7f5facf49c00 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf478b0 samba_tevent: Destroying timer event 0x7f5facf29540 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a6c0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47e90 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a6c0 samba_tevent: Destroying timer event 0x7f5facf47e90 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000001b (27) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-9c55-9bfc9f0e0000 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000001c (28) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0001 (1) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49c00 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47e90 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29540 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf47e90 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b510 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46f50 samba_tevent: Destroying timer event 0x7f5facf49c00 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf46f50 samba_tevent: Destroying timer event 0x7f5facf29540 "tevent_req_timedout" rpc_read_send: data_to_read: 32 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a6c0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47e90 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a6c0 samba_tevent: Destroying timer event 0x7f5facf47e90 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000001c (28) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48590 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf48590 "tevent_req_timedout" check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2: 3: Locking key 534543524554532F5349442F4558414D504C45 Allocated locked data 0x0x7f5facf29d40 Unlocking key 534543524554532F5349442F4558414D504C45 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1: 2: 3: check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2: 3: Locking key 534543524554532F4D414348494E455F50415353574F52442E505245562F4558414D504C45 Allocated locked data 0x0x7f5facf33950 Unlocking key 534543524554532F4D414348494E455F50415353574F52442E505245562F4558414D504C45 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1: 2: 3: check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2: 3: Locking key 534543524554532F4D414348494E455F50415353574F52442F4558414D504C45 Allocated locked data 0x0x7f5facf33460 Unlocking key 534543524554532F4D414348494E455F50415353574F52442F4558414D504C45 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1: 2: 3: check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2: 3: Locking key 534543524554532F4D414348494E455F4C4153545F4348414E47455F54494D452F4558414D504C45 Allocated locked data 0x0x7f5facf33460 Unlocking key 534543524554532F4D414348494E455F4C4153545F4348414E47455F54494D452F4558414D504C45 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1: 2: 3: check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2: 3: Locking key 534543524554532F4D414348494E455F5345435F4348414E4E454C5F545950452F4558414D504C45 Allocated locked data 0x0x7f5facf33460 Unlocking key 534543524554532F4D414348494E455F5345435F4348414E4E454C5F545950452F4558414D504C45 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1: 2: 3: samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf41b50 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf41b50 "tevent_req_timedout" saf_join_store: domain = [EXAMPLE], server = [PDC], expire = [1436355244] Adding cache entry with key=[SAFJOIN/DOMAIN/EXAMPLE] and timeout=[Wed Jul 8 12:34:04 2015 BST] (3600 seconds ahead) Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to register passdb backend samba_dsdb Successfully added passdb backend 'samba_dsdb' Attempting to register passdb backend samba4 Successfully added passdb backend 'samba4' Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend IPA_ldapsam Successfully added passdb backend 'IPA_ldapsam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init Could not find map for sid S-1-5-32-544 create_builtin_administrators: Failed to create Administrators Unable to auto-add domain administrators to BUILTIN\Administrators during join because winbindd must be running. Could not find map for sid S-1-5-32-545 create_builtin_users: Failed to create Users Unable to auto-add domain users to BUILTIN\users during join because winbindd must be running. sitename_fetch: No stored sitename for internal_resolve_name: looking up PDC#20 (sitename (null)) name PDC#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47420 Connecting to 192.168.0.60 at port 445 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf276c0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46630 samba_tevent: Destroying timer event 0x7f5facf276c0 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf47420 "tevent_req_timedout" samba_tevent: Running timer event 0x7f5facf46630 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47420 Connecting to 192.168.0.60 at port 139 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46cb0 samba_tevent: Ending timer event 0x7f5facf46630 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf46cb0 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf47420 "tevent_req_timedout" Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 24040 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf481e0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf47d90 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf47d90 samba_tevent: Destroying timer event 0x7f5facf481e0 "tevent_req_timedout" Doing spnego session setup (blob length=74) got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0007 (7) DomainNameMaxLen : 0x0007 (7) DomainName : * DomainName : 'EXAMPLE' WorkstationLen : 0x0009 (9) WorkstationMaxLen : 0x0009 (9) Workstation : * Workstation : 'DEBCLIENT' samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf434d0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf47d90 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf47d90 samba_tevent: Destroying timer event 0x7f5facf434d0 "tevent_req_timedout" challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000e (14) TargetNameMaxLen : 0x000e (14) TargetName : * TargetName : 'EXAMPLE' NegotiateFlags : 0x60898215 (1619624469) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : b5c399d9a23c6b40 Reserved : 0000000000000000 TargetInfoLen : 0x005c (92) TargetNameInfoMaxLen : 0x005c (92) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'EXAMPLE' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PDC' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'example.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'pdc.example.com' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 1ab8c087f40f0a5b5cf44eadd84e1a12ce441e9fbbd5111c NtChallengeResponseLen : 0x0088 (136) NtChallengeResponseMaxLen: 0x0088 (136) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 136) v2: struct NTLMv2_RESPONSE Response : f4fc1d755eafb2c42a57c751ed0e1913 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Wed Jul 8 11:34:04 2015 BST ChallengeFromClient : c3875c5db723cfe3 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'EXAMPLE' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PDC' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'example.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'pdc.example.com' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x000e (14) DomainNameMaxLen : 0x000e (14) DomainName : * DomainName : 'EXAMPLE' UserNameLen : 0x0014 (20) UserNameMaxLen : 0x0014 (20) UserName : * UserName : 'DEBCLIENT$' WorkstationLen : 0x0012 (18) WorkstationMaxLen : 0x0012 (18) Workstation : * Workstation : 'DEBCLIENT' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 21 6D 12 BF 04 87 43 70 F2 AB 35 6C 21 4C EB 2C !m....Cp ..5l!L., NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf43930 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf47d90 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf47d90 samba_tevent: Destroying timer event 0x7f5facf43930 "tevent_req_timedout" SPNEGO login failed: Undetermined error sitename_fetch: No stored sitename for internal_resolve_name: looking up PDC#20 (sitename (null)) name PDC#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf47420 Connecting to 192.168.0.60 at port 445 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf478e0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48e20 samba_tevent: Destroying timer event 0x7f5facf478e0 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf47420 "tevent_req_timedout" samba_tevent: Running timer event 0x7f5facf48e20 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf477f0 Connecting to 192.168.0.60 at port 139 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf44400 samba_tevent: Ending timer event 0x7f5facf48e20 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf44400 "tevent_req_timedout" samba_tevent: Destroying timer event 0x7f5facf477f0 "tevent_req_timedout" Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 24040 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29d70 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf29d70 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29c60 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf29c60 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf48160 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf48160 "tevent_req_timedout" cli_init_creds: user domain samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf33b30 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf33b30 "tevent_req_timedout" Bind RPC Pipe: host PDC auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x0000001d (29) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4b030 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf467c0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4c890 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf467c0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4bf90 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4bf90 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4bdd0 samba_tevent: Destroying timer event 0x7f5facf4b030 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4bdd0 samba_tevent: Destroying timer event 0x7f5facf4c890 "tevent_req_timedout" rpc_read_send: data_to_read: 56 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4b4e0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49a90 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4b4e0 samba_tevent: Destroying timer event 0x7f5facf49a90 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x0000001d (29) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=3 [0000] 00 00 00 ... num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 72 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 72 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe netlogon to machine PDC and bound anonymously. check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf4a500 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a2d0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4a2d0 check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf4a1d0 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\PDC' computer_name : * computer_name : 'DEBCLIENT' credentials : * credentials: struct netr_Credential data : 85039a30cb18165e &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000001e (30) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000044 (68) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46830 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=92, this_data=92, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49af0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4a6f0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf49af0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4e110 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4e110 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf49a30 samba_tevent: Destroying timer event 0x7f5facf46830 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf49a30 samba_tevent: Destroying timer event 0x7f5facf4a6f0 "tevent_req_timedout" rpc_read_send: data_to_read: 20 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4d610 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46830 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4d610 samba_tevent: Destroying timer event 0x7f5facf46830 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x0000001e (30) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=12 [0000] 73 DB 8E 56 CA 57 A1 20 00 00 00 00 s..V.W. .... Got pdu len 36, data_len 12, ss_len 0 rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 12 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 73db8e56ca57a120 result : NT_STATUS_OK netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\PDC' account_name : * account_name : 'DEBCLIENT$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'DEBCLIENT' credentials : * credentials: struct netr_Credential data : 43068c8afec1397c negotiate_flags : * negotiate_flags : 0x610fffff (1628438527) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000001f (31) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000006c (108) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4aba0 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=132, this_data=132, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4a6f0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf467c0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf4a6f0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4ed50 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4ed50 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a4e0 samba_tevent: Destroying timer event 0x7f5facf4aba0 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a4e0 samba_tevent: Destroying timer event 0x7f5facf467c0 "tevent_req_timedout" rpc_read_send: data_to_read: 28 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4e250 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf478c0 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4e250 samba_tevent: Destroying timer event 0x7f5facf478c0 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x0000001f (31) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=20 [0000] B5 28 EA 63 BD DA 5E E5 FF 41 02 41 EB 03 00 00 .(.c..^. .A.A.... [0010] 00 00 00 00 .... Got pdu len 44, data_len 20, ss_len 0 rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 20 bytes. netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : b528ea63bdda5ee5 negotiate_flags : * negotiate_flags : 0x410241ff (1090667007) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x000003eb (1003) result : NT_STATUS_OK check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf4a6f0 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf467c0 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: rpccli_setup_netlogon_creds: using new netlogon_creds cli[DEBCLIENT$/DEBCLIENT] to PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf27610 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf27610 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf46df0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf46df0 "tevent_req_timedout" check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf47170 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf27470 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf27470 Starting GENSEC mechanism schannel Bind RPC Pipe: host PDC auth_type 68, auth_level 6 create_generic_auth_rpc_bind_req: generate first token &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=26 [0000] 00 00 00 00 03 00 00 00 45 58 41 4D 50 4C 45 00 ........ EXAMPLE. [0010] 44 45 42 43 4C 49 45 4E 54 00 DEBCLIEN T. &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x006a (106) auth_length : 0x001a (26) call_id : 0x00000020 (32) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=34 [0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ [0010] 45 58 41 4D 50 4C 45 00 44 45 42 43 4C 49 45 4E EXAMPLE. DEBCLIEN [0020] 54 00 T. rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4c180 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=106, this_data=106, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf494d0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49d80 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf494d0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4d570 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4d570 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4cf20 samba_tevent: Destroying timer event 0x7f5facf4c180 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4cf20 samba_tevent: Destroying timer event 0x7f5facf49d80 "tevent_req_timedout" rpc_read_send: data_to_read: 76 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4c8f0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf49d80 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4c8f0 samba_tevent: Destroying timer event 0x7f5facf49d80 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005c (92) auth_length : 0x000c (12) call_id : 0x00000020 (32) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=3 [0000] 00 00 00 ... num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=20 [0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ [0010] 00 00 6C 00 ..l. rpc_api_pipe: got frag len of 92 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 92 bytes. check_bind_response: accepted! r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=12 [0000] 01 00 00 00 00 00 00 00 00 00 6C 00 ........ ..l. check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf4bf60 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf4bf60 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf46130 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf46130 seed 8a8c0643:7c39c1fe seed+time e02902e1:7c39c1fe CLIENT 29760227:7990b6cb seed+time+1 e02902e2:7c39c1fe SERVER 0e610a24:20d19a29 netr_LogonGetCapabilities: struct netr_LogonGetCapabilities in: struct netr_LogonGetCapabilities server_name : * server_name : '\\PDC' computer_name : * computer_name : 'DEBCLIENT' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : 27027629cbb69079 timestamp : Wed Jul 8 11:34:06 2015 BST return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 query_level : 0x00000001 (1) t: struct dcerpc_sec_verification_trailer _pad : DATA_BLOB length=0 magic : 0000000000000000 count: struct dcerpc_sec_vt_count count : 0x0002 (2) commands: ARRAY(2) commands: struct dcerpc_sec_vt command : 0x0001 (1) 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) 0: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x1) bitmask1 : 0x00000001 (1) 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING commands: struct dcerpc_sec_vt command : 0x4002 (16386) 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) 1: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x2) pcontext: struct dcerpc_sec_vt_pcontext abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000021 (33) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000094 (148) context_id : 0x0000 (0) opnum : 0x0015 (21) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x04 (4) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host PDC samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf27370 num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=240, this_data=240, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf460c0 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf4c020 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf460c0 "tevent_req_timedout" samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4ff80 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4ff80 samba_tevent: Schedule immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a7a0 samba_tevent: Destroying timer event 0x7f5facf27370 "tevent_req_timedout" samba_tevent: Run immediate event "tstream_smbXcli_np_readv_trans_next": 0x7f5facf4a7a0 samba_tevent: Destroying timer event 0x7f5facf4c020 "tevent_req_timedout" rpc_read_send: data_to_read: 96 samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4f480 samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf27370 samba_tevent: Run immediate event "tevent_req_trigger": 0x7f5facf4f480 samba_tevent: Destroying timer event 0x7f5facf27370 "tevent_req_timedout" r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0070 (112) auth_length : 0x0038 (56) call_id : 0x00000021 (33) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=88 [0000] 9E 9E AD 71 E5 B9 A0 71 1E B0 98 72 FF D8 9B 31 ...q...q ...r...1 [0010] FA E0 47 C8 E4 91 CC F8 44 06 00 00 01 00 00 00 ..G..... D....... [0020] 13 00 1A 00 FF FF 00 00 D3 F0 B7 64 5B 11 34 17 ........ ...d[.4. [0030] B2 01 37 F0 CB 1C 1D B7 AE 03 90 5C 91 A6 53 CA ..7..... ...\..S. [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 ........ Requested Privacy. ../librpc/rpc/dcerpc_util.c:141: auth_pad_length 0 GENSEC auth Got pdu len 112, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 112 at offset 0: NT_STATUS_OK rpc_api_pipe: host PDC returned 24 bytes. netr_LogonGetCapabilities: struct netr_LogonGetCapabilities out: struct netr_LogonGetCapabilities return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 240a610e299ad120 timestamp : (time_t)0 capabilities : * capabilities : union netr_Capabilities(case 1) server_capabilities : 0x410241ff (1090667007) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_OK check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf4c020 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: check lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2:/var/cache/samba/g_lock.tdb 3: Locking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 Allocated locked data 0x0x7f5facf494d0 Unlocking key 434C495B444542434C49454E542F444542434C49454E54245D2F5352565B5044432F4558414D504C455D00 release lock order 2 for /var/cache/samba/g_lock.tdb lock order: 1: 2: 3: samba_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5facf4a4f0 samba_tevent: Cancel immediate event 0x7f5facf4a4f0 "tevent_req_trigger" cli_rpc_pipe_open_schannel_with_key: opened pipe netlogon to machine PDC for domain EXAMPLE and bound using schannel. samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf33b30 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf33b30 "tevent_req_timedout" samba_tevent: Added timed event "tevent_req_timedout": 0x7f5facf29d20 samba_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5facf41cf0 samba_tevent: Destroying timer event 0x7f5facf29d20 "tevent_req_timedout" libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'EXAMPLE' dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : * domain_sid : S-1-5-21-3872212405-945173276-371960591 modified_config : 0x00 (0) error_string : NULL domain_is_ad : 0x00 (0) result : WERR_OK return code = 0 Freeing parametrics: Using short domain name -- EXAMPLE Joined 'DEBCLIENT' to domain 'EXAMPLE'