INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 winbindd version 4.6.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2017 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 Processing section "[global]" doing parameter realm = LAB.SAFERIT.FR doing parameter security = ads doing parameter workgroup = LAB doing parameter idmap config LAB : backend = ad doing parameter idmap config LAB : range = 10000-100000 doing parameter idmap config TESTDOM : backend = rid doing parameter idmap config TESTDOM : range = 10000-100000 doing parameter idmap config * : range = 1000-9999 doing parameter kerberos method = secrets and keytab doing parameter client signing = yes doing parameter client use spnego = yes doing parameter template shell = /bin/bash doing parameter template homedir = /home/%u.%D doing parameter winbind refresh tickets = yes doing parameter winbind nested groups = yes doing parameter winbind expand groups = 4 doing parameter winbind offline logon = false doing parameter printing = cups doing parameter printcap name = cups doing parameter load printers = yes doing parameter cups options = raw pm_process() returned Yes lp_servicenumber: couldn't find homes messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 16290806939454278482 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) messaging_init_internal: my id: 1701 lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 Processing section "[global]" doing parameter realm = LAB.SAFERIT.FR doing parameter security = ads doing parameter workgroup = LAB doing parameter idmap config LAB : backend = ad doing parameter idmap config LAB : range = 10000-100000 doing parameter idmap config TESTDOM : backend = rid doing parameter idmap config TESTDOM : range = 10000-100000 doing parameter idmap config * : range = 1000-9999 doing parameter kerberos method = secrets and keytab doing parameter client signing = yes doing parameter client use spnego = yes doing parameter template shell = /bin/bash doing parameter template homedir = /home/%u.%D doing parameter winbind refresh tickets = yes doing parameter winbind nested groups = yes doing parameter winbind expand groups = 4 doing parameter winbind offline logon = false doing parameter printing = cups doing parameter printcap name = cups doing parameter load printers = yes doing parameter cups options = raw pm_process() returned Yes lp_servicenumber: couldn't find homes added interface eth0 ip=10.0.3.54 bcast=10.0.3.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="CENTOS" added interface eth0 ip=10.0.3.54 bcast=10.0.3.255 netmask=255.255.255.0 fcntl_lock 10 6 0 1 1 fcntl_lock: Lock call successful TimeInit: Serverzone is 14400 msg_dgm_ref_destructor: refs=(nil) messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 7517049873169022586 initialize_winbindd_cache: clearing cache and re-creating with version number 2 check lock order 2 for /var/lib/samba/lock/serverid.tdb lock order: 1: 2:/var/lib/samba/lock/serverid.tdb 3: Locking key A506000000000000FFFF Allocated locked data 0x0x563e56a09820 Unlocking key A506000000000000FFFF release lock order 2 for /var/lib/samba/lock/serverid.tdb lock order: 1: 2: 3: Registering messaging pointer for type 33 - private_data=(nil) Registering messaging pointer for type 13 - private_data=(nil) Registering messaging pointer for type 1028 - private_data=(nil) Registering messaging pointer for type 1027 - private_data=(nil) Registering messaging pointer for type 1029 - private_data=(nil) Registering messaging pointer for type 1036 - private_data=(nil) Registering messaging pointer for type 1035 - private_data=(nil) Registering messaging pointer for type 1280 - private_data=(nil) Registering messaging pointer for type 1032 - private_data=(nil) Registering messaging pointer for type 1033 - private_data=(nil) Registering messaging pointer for type 1034 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) Overriding messaging pointer for type 1 - private_data=(nil) wcache_tdc_add_domain: Adding domain BUILTIN ((null)), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x0 pack_tdc_domains: Packing 1 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) Added domain BUILTIN (null) S-1-5-32 wcache_tdc_add_domain: Adding domain CENTOS ((null)), SID S-1-5-21-3071314533-1259387351-2362713575, flags = 0x0, attributes = 0x0, type = 0x0 pack_tdc_domains: Packing 2 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) Added domain CENTOS (null) S-1-5-21-3071314533-1259387351-2362713575 wcache_tdc_add_domain: Adding domain LAB (LAB.SAFERIT.FR), SID S-1-5-21-546099636-1453775275-3712789297, flags = 0x0, attributes = 0x0, type = 0x0 pack_tdc_domains: Packing 3 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) pack_tdc_domains: Packing domain LAB (LAB.SAFERIT.FR) Added domain LAB LAB.SAFERIT.FR S-1-5-21-546099636-1453775275-3712789297 set_domain_online_request: called for domain LAB set_domain_online_request: domain LAB was globally offline. messaging_dgm_ref: messaging_dgm_get_unique returned Success messaging_dgm_ref: unique = 7517049873169022586 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) messaging_init_internal: my id: 1701 messaging_dgm_ref: messaging_dgm_get_unique returned Success messaging_dgm_ref: unique = 7517049873169022586 fork_domain_child called for domain 'LAB' Child process 1702 msg_dgm_ref_destructor: refs=0x563e56a0d0c0 messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 12355143776520759608 Deregistering messaging pointer for type 33 - private_data=(nil) Deregistering messaging pointer for type 13 - private_data=(nil) Deregistering messaging pointer for type 1028 - private_data=(nil) Deregistering messaging pointer for type 1027 - private_data=(nil) Deregistering messaging pointer for type 1029 - private_data=(nil) Deregistering messaging pointer for type 1280 - private_data=(nil) Deregistering messaging pointer for type 1033 - private_data=(nil) Deregistering messaging pointer for type 1 - private_data=(nil) Deregistering messaging pointer for type 1036 - private_data=(nil) Deregistering messaging pointer for type 1035 - private_data=(nil) Registering messaging pointer for type 1028 - private_data=(nil) Registering messaging pointer for type 1027 - private_data=(nil) Registering messaging pointer for type 1280 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 1034 - private_data=(nil) Overriding messaging pointer for type 1034 - private_data=(nil) set_domain_online_request: called for domain LAB set_domain_online_request: domain LAB was globally offline. child daemon request 48 child_process_request: request fn INIT_CONNECTION connection_ok: Connection to (null) for domain LAB is not connected Opening cache file at /var/lib/samba/gencache.tdb Opening cache file at /var/lib/samba/lock/gencache_notrans.tdb Adding cache entry with key=[SAFJOIN/DOMAIN/LAB] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797138 seconds in the past) Could not get allrecord lock on gencache_notrans.tdb: Locking error saf_fetch: Returning "dc1.lab.saferit.fr" for "LAB" domain Adding cache entry with key=[NEG_CONN_CACHE/LAB,dc1.lab.saferit.fr] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797138 seconds in the past) Could not get allrecord lock on gencache_notrans.tdb: Locking error check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr cm_open_connection: saf_servername is 'dc1.lab.saferit.fr' for domain LAB cm_open_connection: dcname is 'dc1.lab.saferit.fr' for domain LAB check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Connecting to 10.0.3.10 at port 445 cm_prepare_connection: connecting to DC dc1.lab.saferit.fr for domain LAB Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a1d1e0 ldb: Added timed event "ltdb_timeout": 0x563e56a1d350 ldb: Running timer event 0x563e56a1d1e0 "ltdb_callback" ldb: Destroying timer event 0x563e56a1d350 "ltdb_timeout" ldb: Ending timer event 0x563e56a1d1e0 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a1de90 ldb: Added timed event "ltdb_timeout": 0x563e56a1dc10 ldb: Running timer event 0x563e56a1de90 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a1dc10 "ltdb_timeout" ldb: Ending timer event 0x563e56a1de90 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a1dc40 ldb: Added timed event "ltdb_timeout": 0x563e56a1ce60 ldb: Running timer event 0x563e56a1dc40 "ltdb_callback" ldb: Destroying timer event 0x563e56a1ce60 "ltdb_timeout" ldb: Ending timer event 0x563e56a1dc40 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 connecting to dc1.lab.saferit.fr (LAB, LAB.SAFERIT.FR) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 signed SMB2 message signed SMB2 message saf_store: domain = [LAB], server = [dc1.lab.saferit.fr], expire = [1521798038] Adding cache entry with key=[SAF/DOMAIN/LAB] and timeout=[Fri Mar 23 05:40:38 AM 2018 EDT] (900 seconds ahead) saf_store: domain = [LAB.SAFERIT.FR], server = [dc1.lab.saferit.fr], expire = [1521798038] Adding cache entry with key=[SAF/DOMAIN/LAB.SAFERIT.FR] and timeout=[Fri Mar 23 05:40:38 AM 2018 EDT] (900 seconds ahead) set_global_winbindd_state_online: online requested. set_global_winbindd_state_online: rejecting. set_domain_online: called for domain LAB messaging_dgm_send: Sending message to 1701 Did not store value for CURRENT_DCNAME/LAB, we already got it set_dc_type_and_flags: setting up flags for primary or internal domain set_dc_type_and_flags_connect: domain LAB signed SMB2 message imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x40b messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1702 messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1702 Domain LAB is marked as online now. Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 3919286a-b10c-11d0-9ba8-00c04fd92ef5 if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 52 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000756 (1878) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe dssetup to machine dc1.lab.saferit.fr and bound anonymously. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000002 (2) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 164 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00b4 (180) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000009c (156) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=156 [0000] 00 00 02 00 01 00 00 00 05 00 00 00 01 00 00 01 ........ ........ [0010] 04 00 02 00 08 00 02 00 0C 00 02 00 65 AD 6E 0B ........ ....e.n. [0020] 6B AB E6 4A BA 6C BB F0 10 E7 54 5D 04 00 00 00 k..J.l.. ..T].... [0030] 00 00 00 00 04 00 00 00 4C 00 41 00 42 00 00 00 ........ L.A.B... [0040] 0F 00 00 00 00 00 00 00 0F 00 00 00 6C 00 61 00 ........ ....l.a. [0050] 62 00 2E 00 73 00 61 00 66 00 65 00 72 00 69 00 b...s.a. f.e.r.i. [0060] 74 00 2E 00 66 00 72 00 00 00 00 00 0F 00 00 00 t...f.r. ........ [0070] 00 00 00 00 0F 00 00 00 6C 00 61 00 62 00 2E 00 ........ l.a.b... [0080] 73 00 61 00 66 00 65 00 72 00 69 00 74 00 2E 00 s.a.f.e. r.i.t... [0090] 66 00 72 00 00 00 00 00 00 00 00 00 f.r..... .... Got pdu len 180, data_len 156 rpc_api_pipe: got frag len of 180 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 156 bytes. dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_PRIMARY_DC (5) flags : 0x01000001 (16777217) 1: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'LAB' dns_domain : * dns_domain : 'lab.saferit.fr' forest : * forest : 'lab.saferit.fr' domain_guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d result : WERR_OK signed SMB2 message signed SMB2 message Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 52 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000757 (1879) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 01 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine dc1.lab.saferit.fr and bound anonymously. lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\DC1.LAB.SAFERIT.FR' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000060 (96) context_id : 0x0000 (0) opnum : 0x002c (44) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 32 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 76 D9 E6 D6 C6 44 42 4B 86 97 85 98 ....v... .DBK.... [0010] 7C 8C 64 8F 00 00 00 00 |.d..... Got pdu len 48, data_len 24 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 24 bytes. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d6e6d976-44c6-4b42-8697-85987c8c648f result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : d6e6d976-44c6-4b42-8697-85987c8c648f level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 192 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 0C 00 00 00 06 00 08 00 04 00 02 00 ........ ........ [0010] 1C 00 1E 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ........ ........ [0020] 65 AD 6E 0B 6B AB E6 4A BA 6C BB F0 10 E7 54 5D e.n.k..J .l....T] [0030] 10 00 02 00 04 00 00 00 00 00 00 00 03 00 00 00 ........ ........ [0040] 4C 00 41 00 42 00 00 00 0F 00 00 00 00 00 00 00 L.A.B... ........ [0050] 0E 00 00 00 6C 00 61 00 62 00 2E 00 73 00 61 00 ....l.a. b...s.a. [0060] 66 00 65 00 72 00 69 00 74 00 2E 00 66 00 72 00 f.e.r.i. t...f.r. [0070] 0F 00 00 00 00 00 00 00 0E 00 00 00 6C 00 61 00 ........ ....l.a. [0080] 62 00 2E 00 73 00 61 00 66 00 65 00 72 00 69 00 b...s.a. f.e.r.i. [0090] 74 00 2E 00 66 00 72 00 04 00 00 00 01 04 00 00 t...f.r. ........ [00A0] 00 00 00 05 15 00 00 00 B4 D1 8C 20 AB D9 A6 56 ........ ... ...V [00B0] 31 AB 4C DD 00 00 00 00 1.L..... Got pdu len 208, data_len 184 rpc_api_pipe: got frag len of 208 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 184 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'LAB' dns_domain: struct lsa_StringLarge length : 0x001c (28) size : 0x001e (30) string : * string : 'lab.saferit.fr' dns_forest: struct lsa_StringLarge length : 0x001c (28) size : 0x001e (30) string : * string : 'lab.saferit.fr' domain_guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d sid : * sid : S-1-5-21-546099636-1453775275-3712789297 result : NT_STATUS_OK set_dc_type_and_flags_connect: domain LAB is in native mode. set_dc_type_and_flags_connect: domain LAB is running active directory. signed SMB2 message Finished processing child request 48 Writing 3496 bytes to parent child daemon request 20 child_process_request: request fn LIST_TRUSTDOM [ 1701]: list trusted domains get_cache: Setting ADS methods for domain LAB trusted_domains: [Cached] - doing backend query for info for domain LAB ads: trusted_domains ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a168e0 ldb: Added timed event "ltdb_timeout": 0x563e56a169a0 ldb: Running timer event 0x563e56a168e0 "ltdb_callback" ldb: Destroying timer event 0x563e56a169a0 "ltdb_timeout" ldb: Ending timer event 0x563e56a168e0 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a269d0 ldb: Added timed event "ltdb_timeout": 0x563e56a26a90 ldb: Running timer event 0x563e56a269d0 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a26a90 "ltdb_timeout" ldb: Ending timer event 0x563e56a269d0 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a27430 ldb: Added timed event "ltdb_timeout": 0x563e56a27560 ldb: Running timer event 0x563e56a27430 "ltdb_callback" ldb: Destroying timer event 0x563e56a27560 "ltdb_timeout" ldb: Ending timer event 0x563e56a27430 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 Connecting to 10.0.3.10 at port 135 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 72 rpc_read_send: data_to_read: 44 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000dfd (3581) secondary_address_size : 0x0004 (4) secondary_address : '135' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. check_bind_response: accepted! epm_Map: struct epm_Map in: struct epm_Map object : * object : 12345678-1234-abcd-ef00-01234567cffb map_tower : * map_tower: struct epm_twr_t tower_length : 0x0000004b (75) tower: struct epm_tower num_floors : 0x0005 (5) floors: ARRAY(5) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [0010] 01 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [0010] 02 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_NCACN (11) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 11) ncacn: struct epm_rhs_ncacn minor_version : 0x0000 (0) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_TCP (7) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 7) tcp: struct epm_rhs_tcp port : 0x0087 (135) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_IP (9) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 9) ip: struct epm_rhs_ip ipaddr : 0.0.0.0 entry_handle : * entry_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 max_towers : 0x00000001 (1) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000084 (132) context_id : 0x0000 (0) opnum : 0x0003 (3) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 156 rpc_read_send: data_to_read: 136 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0098 (152) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000080 (128) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=128 [0000] 00 00 00 00 49 87 B1 F6 14 6F 1C 42 BC F5 B4 1C ....I... .o.B.... [0010] 97 DC DB B0 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0030] 05 00 13 00 0D 78 56 34 12 34 12 CD AB EF 00 01 .....xV4 .4...... [0040] 23 45 67 CF FB 01 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0070] C0 17 01 00 09 04 00 0A 00 03 0A 00 00 00 00 00 ........ ........ Got pdu len 152, data_len 128 rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 128 bytes. epm_Map: struct epm_Map out: struct epm_Map entry_handle : * entry_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : f6b18749-6f14-421c-bcf5-b41c97dcdbb0 num_towers : * num_towers : 0x00000001 (1) towers: ARRAY(1) towers: struct epm_twr_p_t twr : * twr: struct epm_twr_t tower_length : 0x0000004b (75) tower: struct epm_tower num_floors : 0x0005 (5) floors: ARRAY(5) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [0010] 01 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [0010] 02 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_NCACN (11) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 11) ncacn: struct epm_rhs_ncacn minor_version : 0x0000 (0) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_TCP (7) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 7) tcp: struct epm_rhs_tcp port : 0xc017 (49175) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_IP (9) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 9) ip: struct epm_rhs_ip ipaddr : 10.0.3.10 result : 0x00000000 (0) Connecting to 10.0.3.10 at port 49175 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 72 rpc_read_send: data_to_read: 44 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000758 (1880) secondary_address_size : 0x0006 (6) secondary_address : '49175' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe netlogon to machine dc1.lab.saferit.fr and bound anonymously. check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a22ed0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a22ed0 Unlocking key 434C495B43454E544F53 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\dc1.lab.saferit.fr' computer_name : * computer_name : 'CENTOS' credentials : * credentials: struct netr_Credential data : af77d2cd6b6ea127 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000005e (94) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 118 rpc_read_send: data_to_read: 20 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=12 [0000] 14 31 51 39 83 FE BA C7 00 00 00 00 .1Q9.... .... Got pdu len 36, data_len 12 rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 12 bytes. netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 1431513983febac7 result : NT_STATUS_OK netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\dc1.lab.saferit.fr' account_name : * account_name : 'CENTOS$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'CENTOS' credentials : * credentials: struct netr_Credential data : dfffa214787e1b3a negotiate_flags : * negotiate_flags : 0x610fffff (1628438527) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000084 (132) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 156 rpc_read_send: data_to_read: 28 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=20 [0000] 64 09 7E 79 90 A9 B6 56 FF FF 0F 61 6D 04 00 00 d.~y...V ...am... [0010] 00 00 00 00 .... Got pdu len 44, data_len 20 rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 20 bytes. netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 64097e7990a9b656 negotiate_flags : * negotiate_flags : 0x610fffff (1628438527) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x0000046d (1133) result : NT_STATUS_OK check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a31e30 Unlocking key 434C495B43454E544F53 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a239b0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 rpccli_setup_netlogon_creds: using new netlogon_creds cli[CENTOS$/CENTOS] to dc1.lab.saferit.fr Connecting to 10.0.3.10 at port 135 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 72 rpc_read_send: data_to_read: 44 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000dfe (3582) secondary_address_size : 0x0004 (4) secondary_address : '135' _pad1 : DATA_BLOB length=2 [0000] B1 F6 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. check_bind_response: accepted! epm_Map: struct epm_Map in: struct epm_Map object : * object : 12345678-1234-abcd-ef00-01234567cffb map_tower : * map_tower: struct epm_twr_t tower_length : 0x0000004b (75) tower: struct epm_tower num_floors : 0x0005 (5) floors: ARRAY(5) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [0010] 01 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [0010] 02 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_NCACN (11) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 11) ncacn: struct epm_rhs_ncacn minor_version : 0x0000 (0) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_TCP (7) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 7) tcp: struct epm_rhs_tcp port : 0x0087 (135) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_IP (9) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 9) ip: struct epm_rhs_ip ipaddr : 0.0.0.0 entry_handle : * entry_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 max_towers : 0x00000001 (1) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000084 (132) context_id : 0x0000 (0) opnum : 0x0003 (3) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 156 rpc_read_send: data_to_read: 136 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0098 (152) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000080 (128) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=128 [0000] 00 00 00 00 5D 14 6C 9D D5 7A 94 42 85 A4 C5 A7 ....].l. .z.B.... [0010] F9 73 98 4F 01 00 00 00 01 00 00 00 00 00 00 00 .s.O.... ........ [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0030] 05 00 13 00 0D 78 56 34 12 34 12 CD AB EF 00 01 .....xV4 .4...... [0040] 23 45 67 CF FB 01 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0070] C0 17 01 00 09 04 00 0A 00 03 0A 00 00 00 00 00 ........ ........ Got pdu len 152, data_len 128 rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 128 bytes. epm_Map: struct epm_Map out: struct epm_Map entry_handle : * entry_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 9d6c145d-7ad5-4294-85a4-c5a7f973984f num_towers : * num_towers : 0x00000001 (1) towers: ARRAY(1) towers: struct epm_twr_p_t twr : * twr: struct epm_twr_t tower_length : 0x0000004b (75) tower: struct epm_tower num_floors : 0x0005 (5) floors: ARRAY(5) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [0010] 01 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [0010] 02 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_NCACN (11) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 11) ncacn: struct epm_rhs_ncacn minor_version : 0x0000 (0) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_TCP (7) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 7) tcp: struct epm_rhs_tcp port : 0xc017 (49175) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_IP (9) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 9) ip: struct epm_rhs_ip ipaddr : 10.0.3.10 result : 0x00000000 (0) Connecting to 10.0.3.10 at port 49175 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a22800 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 Starting GENSEC mechanism schannel Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 68, auth_level 6 create_generic_auth_rpc_bind_req: generate first token &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=19 [0000] 00 00 00 00 03 00 00 00 4C 41 42 00 43 45 4E 54 ........ LAB.CENT [0010] 4F 53 00 OS. &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0063 (99) auth_length : 0x0013 (19) call_id : 0x0000000d (13) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=27 [0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ [0010] 4C 41 42 00 43 45 4E 54 4F 53 00 LAB.CENT OS. rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 99 rpc_read_send: data_to_read: 64 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0050 (80) auth_length : 0x000c (12) call_id : 0x0000000d (13) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000759 (1881) secondary_address_size : 0x0006 (6) secondary_address : '49175' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=20 [0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ [0010] 00 00 00 00 .... rpc_api_pipe: got frag len of 80 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 80 bytes. check_bind_response: accepted! ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a269c0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a16db0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 seed 14a2ffdf:3a1b7e78 seed+time 6f57c7f3:3a1b7e78 CLIENT 37275a83:2564ebb6 seed+time+1 6f57c7f4:3a1b7e78 SERVER 1b0b0484:20eea801 netr_LogonGetCapabilities: struct netr_LogonGetCapabilities in: struct netr_LogonGetCapabilities server_name : * server_name : '\\dc1.lab.saferit.fr' computer_name : * computer_name : 'CENTOS' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : 835a2737b6eb6425 timestamp : Fri Mar 23 05:25:40 AM 2018 EDT return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 query_level : 0x00000001 (1) t: struct dcerpc_sec_verification_trailer _pad : DATA_BLOB length=0 magic : 0000000000000000 count: struct dcerpc_sec_vt_count count : 0x0002 (2) commands: ARRAY(2) commands: struct dcerpc_sec_vt command : 0x0001 (1) 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) 0: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x1) bitmask1 : 0x00000001 (1) 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING commands: struct dcerpc_sec_vt command : 0x4002 (16386) 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) 1: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x2) pcontext: struct dcerpc_sec_vt_pcontext abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b0 (176) context_id : 0x0000 (0) opnum : 0x0015 (21) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 264 rpc_read_send: data_to_read: 104 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0078 (120) auth_length : 0x0038 (56) call_id : 0x0000000e (14) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=96 [0000] 6B 93 55 EE 8E B5 4C 50 22 8A 5D 58 C6 94 17 F9 k.U...LP ".]X.... [0010] A4 53 BC DD EA 39 07 DF 0F E9 39 FA 59 71 C7 A6 .S...9.. ..9.Yq.. [0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0030] B8 AD 41 E2 F9 06 81 4A 62 59 B1 89 86 59 BD 67 ..A....J bY...Y.g [0040] 14 75 88 BB BB EB 87 11 0F 00 00 00 00 00 00 00 .u...... ........ [0050] 0E 00 00 00 6C 00 61 00 62 00 2E 00 73 00 61 00 ....l.a. b...s.a. Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 GENSEC auth Got pdu len 120, data_len 24 rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 24 bytes. netr_LogonGetCapabilities: struct netr_LogonGetCapabilities out: struct netr_LogonGetCapabilities return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 84040b1b01a8ee20 timestamp : (time_t)0 capabilities : * capabilities : union netr_Capabilities(case 1) server_capabilities : 0x610fffff (1628438527) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_OK check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a16cd0 Unlocking key 434C495B43454E544F53 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a16070 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 cli_rpc_pipe_open_schannel_with_creds: opened pipe netlogon to machine dc1.lab.saferit.fr for domain LAB and bound using schannel. netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : 'dc1.lab.saferit.fr' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000003c (60) context_id : 0x0000 (0) opnum : 0x0028 (40) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x04 (4) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 152 rpc_read_send: data_to_read: 360 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0178 (376) auth_length : 0x0038 (56) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000120 (288) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=352 [0000] 7F B5 32 0F 07 26 6D CE 77 A0 3C 43 97 05 93 12 ..2..&m. w..n.Y.y. [0090] 6D 08 D8 08 26 F1 4A 89 EC FD 18 49 9C 35 63 12 m...&.J. ...I.5c. [00A0] 2A E8 2C C1 74 64 C7 E3 8D B2 34 96 5D DE A7 C7 *.,.td.. ..4.]... [00B0] 11 0D 62 E3 78 A2 72 6B 87 34 D1 82 F9 46 55 03 ..b.x.rk .4...FU. [00C0] 5F 1B 05 F5 66 76 54 69 C3 B2 30 F2 E1 10 43 C4 _...fvTi ..0...C. [00D0] ED B6 16 D8 7A 4D 67 7E EF 3A 3A 8E E8 C4 5D BB ....zMg~ .::...]. [00E0] 3E C4 7D EA 7A 4A 1B 81 D0 47 80 8A CB CE D9 02 >.}.zJ.. .G...... [00F0] CC B6 73 6C 57 A7 33 36 CB A3 D7 40 7F C7 CC C2 ..slW.36 ...@.... [0100] 99 37 A5 CF CF 3E C5 2D D3 E0 FE 9E 07 AA 00 67 .7...>.- .......g [0110] EC 09 B0 96 07 C5 77 05 5D E9 83 08 00 9C 1D 18 ......w. ]....... [0120] 44 06 00 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0130] 9C D4 6B 45 EC BB 31 99 6F 0C C4 46 79 22 5E 0D ..kE..1. o..Fy"^. [0140] E9 A0 6B 8B A2 61 1A 3E 00 00 00 00 00 00 00 00 ..k..a.> ........ [0150] 0B 00 00 0B FF B3 0C 00 90 FB 81 DF 33 00 00 00 ........ ....3... Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 GENSEC auth Got pdu len 376, data_len 288 rpc_api_pipe: got frag len of 376 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 288 bytes. netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts out: struct netr_DsrEnumerateDomainTrusts trusts : * trusts: struct netr_DomainTrustList count : 0x00000002 (2) array : * array: ARRAY(2) array: struct netr_DomainTrust netbios_name : * netbios_name : 'TESTDOM' dns_name : * dns_name : 'testdom.net' trust_flags : 0x00000002 (2) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION sid : * sid : S-1-5-21-847837108-3999977653-1779688838 guid : 00000000-0000-0000-0000-000000000000 array: struct netr_DomainTrust netbios_name : * netbios_name : 'LAB' dns_name : * dns_name : 'lab.saferit.fr' trust_flags : 0x0000001d (29) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION sid : * sid : S-1-5-21-546099636-1453775275-3712789297 guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d result : WERR_OK trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain testdom.net wcache_tdc_add_domain: Adding domain TESTDOM (testdom.net), SID S-1-5-21-847837108-3999977653-1779688838, flags = 0x2, attributes = 0x8, type = 0x2 pack_tdc_domains: Packing 4 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) pack_tdc_domains: Packing domain LAB (LAB.SAFERIT.FR) pack_tdc_domains: Packing domain TESTDOM (testdom.net) trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain lab.saferit.fr wcache_tdc_add_domain: Adding domain LAB (lab.saferit.fr), SID S-1-5-21-546099636-1453775275-3712789297, flags = 0x1d, attributes = 0x0, type = 0x2 add_wbdomain_to_tdc_array: Found existing record for LAB pack_tdc_domains: Packing 4 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) pack_tdc_domains: Packing domain LAB (lab.saferit.fr) pack_tdc_domains: Packing domain TESTDOM (testdom.net) Finished processing child request 20 Writing 3630 bytes to parent trustdom_list_done: parsing response line 'TESTDOM\testdom.net\S-1-5-21-847837108-3999977653-1779688838\2\2\8 LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' wcache_tdc_add_domain: Adding domain TESTDOM (testdom.net), SID S-1-5-21-847837108-3999977653-1779688838, flags = 0x2, attributes = 0x8, type = 0x2 add_wbdomain_to_tdc_array: Found existing record for TESTDOM pack_tdc_domains: Packing 4 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) pack_tdc_domains: Packing domain LAB (lab.saferit.fr) pack_tdc_domains: Packing domain TESTDOM (testdom.net) Added domain TESTDOM testdom.net S-1-5-21-847837108-3999977653-1779688838 trustdom_list_done: parsing response line 'LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' rescan_forest_root_trusts: Following trust path for domain tree root LAB (lab.saferit.fr) child daemon request 20 child_process_request: request fn LIST_TRUSTDOM [ 1701]: list trusted domains trusted_domains: [Cached] - doing backend query for info for domain LAB ads: trusted_domains netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : 'dc1.lab.saferit.fr' trust_flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000010 (16) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000003c (60) context_id : 0x0000 (0) opnum : 0x0028 (40) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x04 (4) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 152 rpc_read_send: data_to_read: 360 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0178 (376) auth_length : 0x0038 (56) call_id : 0x00000010 (16) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000120 (288) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=352 [0000] 6C 91 F6 7C 80 6F 81 EB B6 5D 27 D6 2A A3 DE 80 l..|.o.. .]'.*... [0010] 73 18 C9 A7 A0 29 5E A3 D6 A6 C3 9A E5 72 F6 0A s....)^. .....r.. [0020] 73 BA A6 84 69 BD 65 A5 26 53 01 B7 7C A7 76 79 s...i.e. &S..|.vy [0030] 1B 25 23 45 96 E5 1A 9C BD 36 78 C8 7C BC 0B AF .%#E.... .6x.|... [0040] 7C 99 39 C1 DA FA D7 94 D5 54 90 38 35 5F 2B 9C |.9..... .T.85_+. [0050] C6 DB 6E C3 EE B2 A1 CE F8 B5 21 C9 69 05 AA 02 ..n..... ..!.i... [0060] B8 03 E4 C6 CB 6E 87 66 33 C6 FD D0 16 06 5B 10 .....n.f 3.....[. [0070] 0C 3F 7B 90 24 BC DC 89 DA EC D4 D3 DD 02 A8 83 .?{.$... ........ [0080] EA 65 70 99 54 96 7F 1F 1B 1C 56 20 A4 1F CE B7 .ep.T... ..V .... [0090] 83 44 00 C6 DE 7E C1 24 CA 86 2C 8D 62 30 B6 5F .D...~.$ ..,.b0._ [00A0] B3 5C B4 A8 03 D9 8F 26 27 B2 71 46 F0 DB 94 FA .\.....& '.qF.... [00B0] 12 65 5F A1 49 76 18 D3 60 0E 8F 37 BD 93 9A A1 .e_.Iv.. `..7.... [00C0] D9 6F 28 D7 6B 77 40 EE 66 BF 95 AB DE AF 96 73 .o(.kw@. f......s [00D0] 74 A5 F2 D5 65 B5 5D 3C 30 F3 05 E3 71 A7 19 B8 t...e.]< 0...q... [00E0] B1 25 18 B9 FD 29 AD 24 61 E9 CC 40 54 84 99 F8 .%...).$ a..@T... [00F0] 32 64 E5 4D EC C7 1D DB E7 3A DE 9D 01 11 5A 39 2d.M.... .:....Z9 [0100] 54 5A 79 E6 00 4B FA 1E F5 56 BD C2 7C C2 B2 73 TZy..K.. .V..|..s [0110] E1 08 A9 32 7A C7 64 39 88 48 F7 6E 83 52 48 50 ...2z.d9 .H.n.RHP [0120] 44 06 00 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0130] 5B ED 57 1C D2 D6 53 B8 9A 4E 8A 81 86 CD C3 C3 [.W...S. .N...... [0140] A4 AE C1 11 1B 3F A2 80 00 00 00 00 00 00 00 00 .....?.. ........ [0150] 0B 00 00 0B FF B3 0C 00 90 FB 81 DF 33 00 00 00 ........ ....3... Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 GENSEC auth Got pdu len 376, data_len 288 rpc_api_pipe: got frag len of 376 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 288 bytes. netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts out: struct netr_DsrEnumerateDomainTrusts trusts : * trusts: struct netr_DomainTrustList count : 0x00000002 (2) array : * array: ARRAY(2) array: struct netr_DomainTrust netbios_name : * netbios_name : 'TESTDOM' dns_name : * dns_name : 'testdom.net' trust_flags : 0x00000002 (2) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION sid : * sid : S-1-5-21-847837108-3999977653-1779688838 guid : 00000000-0000-0000-0000-000000000000 array: struct netr_DomainTrust netbios_name : * netbios_name : 'LAB' dns_name : * dns_name : 'lab.saferit.fr' trust_flags : 0x0000001d (29) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION sid : * sid : S-1-5-21-546099636-1453775275-3712789297 guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d result : WERR_OK trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain testdom.net wcache_tdc_add_domain: Adding domain TESTDOM (testdom.net), SID S-1-5-21-847837108-3999977653-1779688838, flags = 0x2, attributes = 0x8, type = 0x2 add_wbdomain_to_tdc_array: Found existing record for TESTDOM pack_tdc_domains: Packing 4 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) pack_tdc_domains: Packing domain LAB (lab.saferit.fr) pack_tdc_domains: Packing domain TESTDOM (testdom.net) trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain lab.saferit.fr wcache_tdc_add_domain: Adding domain LAB (lab.saferit.fr), SID S-1-5-21-546099636-1453775275-3712789297, flags = 0x1d, attributes = 0x0, type = 0x2 add_wbdomain_to_tdc_array: Found existing record for LAB pack_tdc_domains: Packing 4 trusted domains pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) pack_tdc_domains: Packing domain CENTOS (UNKNOWN) pack_tdc_domains: Packing domain LAB (lab.saferit.fr) pack_tdc_domains: Packing domain TESTDOM (testdom.net) Finished processing child request 20 Writing 3630 bytes to parent trustdom_list_done: parsing response line 'TESTDOM\testdom.net\S-1-5-21-847837108-3999977653-1779688838\2\2\8 LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' trustdom_list_done: parsing response line 'LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' check_domain_online_handler: called for domain LAB (online = True) Registering messaging pointer for type 1030 - private_data=(nil) Registering messaging pointer for type 1031 - private_data=(nil) msg_dgm_ref_destructor: refs=0x563e56a0d0c0 messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 12475895378359245789 Deregistering messaging pointer for type 33 - private_data=(nil) Deregistering messaging pointer for type 13 - private_data=(nil) Deregistering messaging pointer for type 1028 - private_data=(nil) Deregistering messaging pointer for type 1027 - private_data=(nil) Deregistering messaging pointer for type 1029 - private_data=(nil) Deregistering messaging pointer for type 1280 - private_data=(nil) Deregistering messaging pointer for type 1033 - private_data=(nil) Deregistering messaging pointer for type 1 - private_data=(nil) Deregistering messaging pointer for type 1036 - private_data=(nil) Deregistering messaging pointer for type 1035 - private_data=(nil) Opening cache file at /var/lib/samba/gencache.tdb Opening cache file at /var/lib/samba/lock/gencache_notrans.tdb sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_dc_name: domain=LAB sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) Adding cache entry with key=[SAFJOIN/DOMAIN/LAB.SAFERIT.FR] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797143 seconds in the past) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding cache entry with key=[NEG_CONN_CACHE/lab.saferit.fr,10.0.3.10] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797143 seconds in the past) check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fd (61949) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d forest : 'lab.saferit.fr' dns_domain : 'lab.saferit.fr' pdc_dns_name : 'dc1.lab.saferit.fr' domain_name : 'LAB' pdc_name : 'DC1' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it Successfully contacted LDAP server 10.0.3.10 sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site Default-First-Site-Name search saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site-less search 0 additional KDCs to test get_kdc_ip_string: Returning kdc = 10.0.3.10 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 Adding cache entry with key=[NEG_CONN_CACHE/LAB,10.0.3.10] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797143 seconds in the past) check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename NULL) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename (null)) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 messaging_dgm_send: Sending message to 1701 imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x406 messaging_recv_cb: Received message 0x406 len 4 (num_fds:0) from 1704 messaging_recv_cb: Received message 0x406 len 4 (num_fds:0) from 1704 msg_try_to_go_online: received for domain LAB. msg_try_to_go_online: domain LAB already online. Already reaped child 1704 died accepted socket 21 process_request: request fn INTERFACE_VERSION [ 1682]: request interface version (version = 28) winbind_client_response_written[1682:INTERFACE_VERSION]: delivered response to client process_request: request fn WINBINDD_PRIV_PIPE_DIR [ 1682]: request location of privileged pipe winbind_client_response_written[1682:WINBINDD_PRIV_PIPE_DIR]: delivered response to client accepted socket 23 closing socket 21, client exited process_request: Handling async request 1682:GETPWNAM getpwnam TESTDOM\administrator wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) Need to read 52 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (LAB) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) ads: fetch sequence_number for LAB ads_cached_connection sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_dc_name: domain=LAB sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fd (61949) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d forest : 'lab.saferit.fr' dns_domain : 'lab.saferit.fr' pdc_dns_name : 'dc1.lab.saferit.fr' domain_name : 'LAB' pdc_name : 'DC1' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it Successfully contacted LDAP server 10.0.3.10 sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site Default-First-Site-Name search saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site-less search 0 additional KDCs to test get_kdc_ip_string: Returning kdc = 10.0.3.10 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 ads_find_dc: (ldap) looking for realm 'lab.saferit.fr' and falling back to domain 'LAB' sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_dc_name: domain=LAB sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fd (61949) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d forest : 'lab.saferit.fr' dns_domain : 'lab.saferit.fr' pdc_dns_name : 'dc1.lab.saferit.fr' domain_name : 'LAB' pdc_name : 'DC1' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it Successfully contacted LDAP server 10.0.3.10 sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site Default-First-Site-Name search saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site-less search 0 additional KDCs to test get_kdc_ip_string: Returning kdc = 10.0.3.10 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fd (61949) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d forest : 'lab.saferit.fr' dns_domain : 'lab.saferit.fr' pdc_dns_name : 'dc1.lab.saferit.fr' domain_name : 'LAB' pdc_name : 'DC1' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it Successfully contacted LDAP server 10.0.3.10 Opening connection to LDAP server '10.0.3.10:389', timeout 15 seconds Initialized connection for LDAP server 'ldap://10.0.3.10:389' Connected to LDAP server dc1.lab.saferit.fr ads_closest_dc: NBT_SERVER_CLOSEST flag set saf_store: domain = [LAB], server = [dc1.lab.saferit.fr], expire = [1521798049] Did not store value for SAF/DOMAIN/LAB, we already got it saf_store: domain = [lab.saferit.fr], server = [dc1.lab.saferit.fr], expire = [1521798049] Did not store value for SAF/DOMAIN/LAB.SAFERIT.FR, we already got it KDC time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:winbind_ccache] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.LAB] Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 Search for (objectclass=*) in <> gave 1 replies wcache_store_seqnum: success [LAB][335984 @ 1521797149] refresh_sequence_number: LAB seq number is now 335984 name_to_sid: [Cached] - doing backend query for name for domain LAB msrpc_name_to_sid: name=TESTDOM\ADMINISTRATOR name_to_sid [rpc] TESTDOM\ADMINISTRATOR for domain TESTDOM cm_connect_lsa_tcp ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a492b0 ldb: Added timed event "ltdb_timeout": 0x563e56a49690 ldb: Running timer event 0x563e56a492b0 "ltdb_callback" ldb: Destroying timer event 0x563e56a49690 "ltdb_timeout" ldb: Ending timer event 0x563e56a492b0 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a49d50 ldb: Added timed event "ltdb_timeout": 0x563e56a49ad0 ldb: Running timer event 0x563e56a49d50 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a49ad0 "ltdb_timeout" ldb: Ending timer event 0x563e56a49d50 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a48c90 ldb: Added timed event "ltdb_timeout": 0x563e56a49690 ldb: Running timer event 0x563e56a48c90 "ltdb_callback" ldb: Destroying timer event 0x563e56a49690 "ltdb_timeout" ldb: Ending timer event 0x563e56a48c90 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 Connecting to 10.0.3.10 at port 135 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa if_version : 0x00000003 (3) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 72 rpc_read_send: data_to_read: 44 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x003c (60) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000dff (3583) secondary_address_size : 0x0004 (4) secondary_address : '135' _pad1 : DATA_BLOB length=2 [0000] 6C 9D l. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. check_bind_response: accepted! epm_Map: struct epm_Map in: struct epm_Map object : * object : 12345778-1234-abcd-ef00-0123456789ab map_tower : * map_tower: struct epm_twr_t tower_length : 0x0000004b (75) tower: struct epm_tower num_floors : 0x0005 (5) floors: ARRAY(5) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [0010] 00 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [0010] 02 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_NCACN (11) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 11) ncacn: struct epm_rhs_ncacn minor_version : 0x0000 (0) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_TCP (7) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 7) tcp: struct epm_rhs_tcp port : 0x0087 (135) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_IP (9) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 9) ip: struct epm_rhs_ip ipaddr : 0.0.0.0 entry_handle : * entry_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 max_towers : 0x00000001 (1) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000012 (18) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000084 (132) context_id : 0x0000 (0) opnum : 0x0003 (3) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 156 rpc_read_send: data_to_read: 136 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0098 (152) auth_length : 0x0000 (0) call_id : 0x00000012 (18) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000080 (128) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=128 [0000] 00 00 00 00 9A 13 FA 15 1B 35 89 40 90 F3 5A 9E ........ .5.@..Z. [0010] EB 63 78 81 01 00 00 00 01 00 00 00 00 00 00 00 .cx..... ........ [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0030] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4...... [0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0070] C0 17 01 00 09 04 00 0A 00 03 0A 00 00 00 00 00 ........ ........ Got pdu len 152, data_len 128 rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 128 bytes. epm_Map: struct epm_Map out: struct epm_Map entry_handle : * entry_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 15fa139a-351b-4089-90f3-5a9eeb637881 num_towers : * num_towers : 0x00000001 (1) towers: ARRAY(1) towers: struct epm_twr_p_t twr : * twr: struct epm_twr_t tower_length : 0x0000004b (75) tower: struct epm_tower num_floors : 0x0005 (5) floors: ARRAY(5) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [0010] 00 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_UUID (13) lhs_data : DATA_BLOB length=18 [0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [0010] 02 00 .. rhs : union epm_rhs(case 13) uuid: struct epm_rhs_uuid unknown : DATA_BLOB length=2 [0000] 00 00 .. floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_NCACN (11) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 11) ncacn: struct epm_rhs_ncacn minor_version : 0x0000 (0) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_TCP (7) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 7) tcp: struct epm_rhs_tcp port : 0xc017 (49175) floors: struct epm_floor lhs: struct epm_lhs protocol : EPM_PROTOCOL_IP (9) lhs_data : DATA_BLOB length=0 rhs : union epm_rhs(case 9) ip: struct epm_rhs_ip ipaddr : 10.0.3.10 result : 0x00000000 (0) Connecting to 10.0.3.10 at port 49175 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a48cc0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 Starting GENSEC mechanism schannel Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 68, auth_level 6 create_generic_auth_rpc_bind_req: generate first token &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=19 [0000] 00 00 00 00 03 00 00 00 4C 41 42 00 43 45 4E 54 ........ LAB.CENT [0010] 4F 53 00 OS. &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0063 (99) auth_length : 0x0013 (19) call_id : 0x00000013 (19) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=27 [0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ [0010] 4C 41 42 00 43 45 4E 54 4F 53 00 LAB.CENT OS. rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 99 rpc_read_send: data_to_read: 64 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0050 (80) auth_length : 0x000c (12) call_id : 0x00000013 (19) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x0000075a (1882) secondary_address_size : 0x0006 (6) secondary_address : '49175' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=20 [0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ [0010] 00 00 00 00 .... rpc_api_pipe: got frag len of 80 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 80 bytes. check_bind_response: accepted! ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a20fc0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 cli_rpc_pipe_open_schannel_with_creds: opened pipe lsarpc to machine dc1.lab.saferit.fr for domain LAB and bound using schannel. lsa_LookupNames4: struct lsa_LookupNames4 in: struct lsa_LookupNames4 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x002a (42) size : 0x002a (42) string : * string : 'TESTDOM\ADMINISTRATOR' sids : * sids: struct lsa_TransSidArray3 count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) client_revision : LSA_CLIENT_REVISION_2 (2) t: struct dcerpc_sec_verification_trailer _pad : DATA_BLOB length=0 magic : 0000000000000000 count: struct dcerpc_sec_vt_count count : 0x0002 (2) commands: ARRAY(2) commands: struct dcerpc_sec_vt command : 0x0001 (1) 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) 0: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x1) bitmask1 : 0x00000001 (1) 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING commands: struct dcerpc_sec_vt command : 0x4002 (16386) 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) 1: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x2) pcontext: struct dcerpc_sec_vt_pcontext abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000014 (20) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000009c (156) context_id : 0x0000 (0) opnum : 0x004d (77) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x04 (4) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 248 rpc_read_send: data_to_read: 232 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00f8 (248) auth_length : 0x0038 (56) call_id : 0x00000014 (20) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000009c (156) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=224 [0000] 03 E9 8F 7A 10 B4 C6 4E D2 7C 11 16 26 49 3D 63 ...z...N .|..&I=c [0010] BF D9 3E 53 F6 BA C9 A6 14 77 77 9E 16 87 4E 70 ..>S.... .ww...Np [0020] 71 77 FB EA 2A 2A D7 D2 61 30 E1 E5 B0 16 B6 CF qw..**.. a0...... [0030] 86 5B B6 88 53 8F 82 7E 34 AB A2 2F B7 6D 99 63 .[..S..~ 4../.m.c [0040] 25 D9 C5 3B F4 81 DC A2 2C B1 72 5D 35 12 F9 1A %..;.... ,.r]5... [0050] F5 0A A4 82 E1 4B 50 82 E5 C2 1B F5 EA 21 D2 ED .....KP. .....!.. [0060] D1 7D 5F F9 56 52 39 04 15 E1 31 77 80 4B 1D 9D .}_.VR9. ..1w.K.. [0070] 31 9C AE BE 2E DA 9B E5 AB 2C 1C 8F 0F 16 C0 E4 1....... .,...... [0080] B5 34 A6 90 13 B5 51 15 63 BE 70 04 77 BB 45 DE .4....Q. c.p.w.E. [0090] FD 46 5D 34 43 27 60 DE 38 C0 14 6F C6 69 8F 5B .F]4C'`. 8..o.i.[ [00A0] 44 06 04 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [00B0] 3E 0D 0D 2D 3C AF 3A DF 63 18 55 BE 11 1C 1B 83 >..-<.:. c.U..... [00C0] 6E 63 7B 96 E9 3C 8C 7D 13 00 1A 00 FF FF 00 00 nc{..<.} ........ [00D0] F7 E7 1C C2 22 97 CC 10 52 C3 CD 21 37 EE 53 46 ...."... R..!7.SF Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 4 GENSEC auth Got pdu len 248, data_len 156 rpc_api_pipe: got frag len of 248 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 156 bytes. lsa_LookupNames4: struct lsa_LookupNames4 out: struct lsa_LookupNames4 domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' sid : * sid : S-1-5-21-847837108-3999977653-1779688838 max_size : 0x00000001 (1) sids : * sids: struct lsa_TransSidArray3 count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid3 sid_type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 sid_index : 0x00000000 (0) flags : 0x00000000 (0) count : * count : 0x00000001 (1) result : NT_STATUS_OK refresh_sequence_number: LAB time ok refresh_sequence_number: LAB seq number is now 335984 wcache_save_name_to_sid: TESTDOM\ADMINISTRATOR -> S-1-5-21-847837108-3999977653-1779688838-500 (NT_STATUS_OK) wcache_save_sid_to_name: S-1-5-21-847837108-3999977653-1779688838-500 -> TESTDOM\administrator (NT_STATUS_OK) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK Finished processing child request 56 Writing 3532 bytes to parent wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK SID 0: S-1-5-21-847837108-3999977653-1779688838-500 Opening cache file at /var/lib/samba/gencache.tdb Opening cache file at /var/lib/samba/lock/gencache_notrans.tdb Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] &r: struct netsamlogoncache_entry timestamp : Fri Mar 23 05:20:37 AM 2018 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Mar 23 05:09:15 AM 2018 EDT logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT last_password_change : Mon Feb 12 09:15:04 AM 2018 EST allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x009d (157) bad_password_count : 0x0000 (0) rid : 0x000001f4 (500) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids: struct samr_RidWithAttribute rid : 0x00000208 (520) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000206 (518) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000207 (519) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'WIN-NJ57UVUO8PC' logon_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' domain_sid : * domain_sid : S-1-5-21-847837108-3999977653-1779688838 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct netr_SidAttr sid : * sid : S-1-5-21-546099636-1453775275-3712789297-1130 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 fork_domain_child called without domain. Child process 1707 msg_dgm_ref_destructor: refs=0x563e56a0d0c0 messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 2413307727200749532 Deregistering messaging pointer for type 33 - private_data=(nil) Deregistering messaging pointer for type 13 - private_data=(nil) Deregistering messaging pointer for type 1028 - private_data=(nil) Deregistering messaging pointer for type 1027 - private_data=(nil) Deregistering messaging pointer for type 1029 - private_data=(nil) Deregistering messaging pointer for type 1280 - private_data=(nil) Deregistering messaging pointer for type 1033 - private_data=(nil) Deregistering messaging pointer for type 1 - private_data=(nil) Deregistering messaging pointer for type 1036 - private_data=(nil) Deregistering messaging pointer for type 1035 - private_data=(nil) Registering messaging pointer for type 1028 - private_data=(nil) Registering messaging pointer for type 1027 - private_data=(nil) Registering messaging pointer for type 1280 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 1034 - private_data=(nil) Overriding messaging pointer for type 1034 - private_data=(nil) set_domain_online_request: called for domain LAB set_domain_online_request: domain LAB was globally offline. Need to read 210 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 idmap_find_domain called for domain 'TESTDOM' idmap_init(): calling static_init_idmap calling idmap_tdb_init Successfully added idmap backend 'tdb' Successfully added idmap backend 'passdb' Successfully added idmap backend 'nss' Successfully added idmap backend 'ldap' Attempting to find a passdb backend to match tdbsam (tdbsam) No builtin backend found, trying to load plugin Probing module 'tdbsam' Probing module 'tdbsam': Trying to load from /usr/lib64/samba/pdb/tdbsam.so Module 'tdbsam' loaded Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Found pdb backend tdbsam pdb backend tdbsam has a valid init idmap_tdb_db_init called for domain '*' Opening tdbfile /var/lib/samba/winbindd_idmap.tdb lp_scan_idmap_found_domain: Found idmap domain "testdom" idmap_found_domain_backend: Found idmap domain "testdom" idmap backend rid not found Probing module 'rid' Probing module 'rid': Trying to load from /usr/lib64/samba/idmap/rid.so Module 'rid' loaded Successfully added idmap backend 'rid' lp_scan_idmap_found_domain: Found idmap domain "lab" idmap_found_domain_backend: Found idmap domain "lab" idmap backend ad not found Probing module 'ad' Probing module 'ad': Trying to load from /usr/lib64/samba/idmap/ad.so Module 'ad' loaded Successfully added idmap backend 'ad' smb_register_idmap_nss: Successfully added idmap nss backend 'rfc2307' smb_register_idmap_nss: Successfully added idmap nss backend 'sfu' smb_register_idmap_nss: Successfully added idmap nss backend 'sfu20' lp_scan_idmap_found_domain: Found idmap domain "*" idmap_found_domain_backend: Found idmap domain "*" wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Finished processing child request 56 Writing 3712 bytes to parent wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED SID 0: S-1-5-21-847837108-3999977653-1779688838-513 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) calling find_our_domain wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 Need to read 28 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (LAB) wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 refresh_sequence_number: LAB time ok refresh_sequence_number: LAB seq number is now 335984 sid_to_name: [Cached] - doing backend query for name for domain LAB msrpc_sid_to_name: S-1-5-21-847837108-3999977653-1779688838-513 for domain LAB cm_connect_lsa_tcp rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1. lsa_LookupSids3: struct lsa_LookupSids3 in: struct lsa_LookupSids3 sids : * sids: struct lsa_SidArray num_sids : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_SidPtr sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 names : * names: struct lsa_TransNameArray2 count : 0x00000000 (0) names : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) client_revision : LSA_CLIENT_REVISION_2 (2) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000015 (21) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000048 (72) context_id : 0x0000 (0) opnum : 0x004c (76) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x08 (8) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr rpc_write_send: data_to_write: 168 rpc_read_send: data_to_read: 248 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0108 (264) auth_length : 0x0038 (56) call_id : 0x00000015 (21) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000000a4 (164) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=240 [0000] 0F 7A A3 CE 60 56 F9 42 F6 D2 10 14 C3 AA A0 34 .z..`V.B .......4 [0010] B3 9E B6 18 D2 45 C1 9A B5 36 6D FC DD B4 CC 8C .....E.. .6m..... [0020] 54 1F 30 BD 83 EA F2 EA 26 B7 13 2A AC BA 60 4A T.0..... &..*..`J [0030] 5C 3D 2B 37 CD CA 00 4A 4D E4 C8 50 4C 6A C9 E6 \=+7...J M..PLj.. [0040] 95 9A EF FA C7 69 28 5C B0 A5 F9 01 9A 8F 41 8C .....i(\ ......A. [0050] 42 1A 9E 15 C0 95 0A 9D 9C F9 3A 36 73 5A 0A 45 B....... ..:6sZ.E [0060] 9E 0C 7D 26 BE 88 9C 04 0A 6C 1A B0 BD 4D 32 54 ..}&.... .l...M2T [0070] F2 0B 8B 95 BF 53 19 FB D9 E5 44 9D F4 36 85 33 .....S.. ..D..6.3 [0080] 78 2C C4 2D 31 13 8F 59 08 6E BE CE 07 65 6E CD x,.-1..Y .n...en. [0090] EE 30 A5 C5 FB 9C 6B 01 71 6C 41 F6 33 FF 8E 3E .0....k. qlA.3..> [00A0] 52 91 5B 87 37 6D 0C 0D B1 9C 27 C7 0C D2 5A C8 R.[.7m.. ..'...Z. [00B0] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [00C0] 02 E9 41 51 21 4E 21 32 F0 1E C1 5B 62 89 76 66 ..AQ!N!2 ...[b.vf [00D0] 92 88 B6 28 B9 07 8E B5 52 C3 CD 21 37 EE 53 46 ...(.... R..!7.SF [00E0] 1F 62 05 72 C2 DB 27 18 61 E9 CC 40 54 84 99 F8 .b.r..'. a..@T... Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 12 GENSEC auth Got pdu len 264, data_len 164 rpc_api_pipe: got frag len of 264 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 164 bytes. lsa_LookupSids3: struct lsa_LookupSids3 out: struct lsa_LookupSids3 domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' sid : * sid : S-1-5-21-847837108-3999977653-1779688838 max_size : 0x00000001 (1) names : * names: struct lsa_TransNameArray2 count : 0x00000001 (1) names : * names: ARRAY(1) names: struct lsa_TranslatedName2 sid_type : SID_NAME_DOM_GRP (2) name: struct lsa_String length : 0x0018 (24) size : 0x0018 (24) string : * string : 'Domain Users' sid_index : 0x00000000 (0) unknown : 0x00000000 (0) count : * count : 0x00000001 (1) result : NT_STATUS_OK LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1' Mapped sid to [TESTDOM]\[Domain Users] refresh_sequence_number: LAB time ok refresh_sequence_number: LAB seq number is now 335984 wcache_save_sid_to_name: S-1-5-21-847837108-3999977653-1779688838-513 -> TESTDOM\Domain Users (NT_STATUS_OK) wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK Finished processing child request 56 Writing 3560 bytes to parent wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK wb_request_done[1682:GETPWNAM]: NT_STATUS_OK winbind_client_response_written[1682:GETPWNAM]: delivered response to client process_request: Handling async request 1682:GETPWNAM getpwnam TESTDOM\administrator wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK SID 0: S-1-5-21-847837108-3999977653-1779688838-500 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] &r: struct netsamlogoncache_entry timestamp : Fri Mar 23 05:20:37 AM 2018 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Mar 23 05:09:15 AM 2018 EDT logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT last_password_change : Mon Feb 12 09:15:04 AM 2018 EST allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x009d (157) bad_password_count : 0x0000 (0) rid : 0x000001f4 (500) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids: struct samr_RidWithAttribute rid : 0x00000208 (520) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000206 (518) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000207 (519) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'WIN-NJ57UVUO8PC' logon_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' domain_sid : * domain_sid : S-1-5-21-847837108-3999977653-1779688838 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct netr_SidAttr sid : * sid : S-1-5-21-546099636-1453775275-3712789297-1130 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 Need to read 210 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 idmap_find_domain called for domain 'TESTDOM' wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Finished processing child request 56 Writing 3712 bytes to parent wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED SID 0: S-1-5-21-847837108-3999977653-1779688838-513 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) calling find_our_domain wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK wb_request_done[1682:GETPWNAM]: NT_STATUS_OK winbind_client_response_written[1682:GETPWNAM]: delivered response to client process_request: Handling async request 1682:GETPWNAM getpwnam TESTDOM\administrator wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK SID 0: S-1-5-21-847837108-3999977653-1779688838-500 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] &r: struct netsamlogoncache_entry timestamp : Fri Mar 23 05:20:37 AM 2018 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Mar 23 05:09:15 AM 2018 EDT logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT last_password_change : Mon Feb 12 09:15:04 AM 2018 EST allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x009d (157) bad_password_count : 0x0000 (0) rid : 0x000001f4 (500) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids: struct samr_RidWithAttribute rid : 0x00000208 (520) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000206 (518) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000207 (519) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'WIN-NJ57UVUO8PC' logon_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' domain_sid : * domain_sid : S-1-5-21-847837108-3999977653-1779688838 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct netr_SidAttr sid : * sid : S-1-5-21-546099636-1453775275-3712789297-1130 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 Need to read 210 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 idmap_find_domain called for domain 'TESTDOM' wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Finished processing child request 56 Writing 3712 bytes to parent wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED SID 0: S-1-5-21-847837108-3999977653-1779688838-513 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) calling find_our_domain wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK wb_request_done[1682:GETPWNAM]: NT_STATUS_OK winbind_client_response_written[1682:GETPWNAM]: delivered response to client process_request: Handling async request 1682:GETPWNAM getpwnam TESTDOM\administrator wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK SID 0: S-1-5-21-847837108-3999977653-1779688838-500 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] &r: struct netsamlogoncache_entry timestamp : Fri Mar 23 05:20:37 AM 2018 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Mar 23 05:09:15 AM 2018 EDT logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT last_password_change : Mon Feb 12 09:15:04 AM 2018 EST allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x009d (157) bad_password_count : 0x0000 (0) rid : 0x000001f4 (500) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids: struct samr_RidWithAttribute rid : 0x00000208 (520) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000206 (518) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000207 (519) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'WIN-NJ57UVUO8PC' logon_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' domain_sid : * domain_sid : S-1-5-21-847837108-3999977653-1779688838 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct netr_SidAttr sid : * sid : S-1-5-21-546099636-1453775275-3712789297-1130 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 Need to read 210 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 idmap_find_domain called for domain 'TESTDOM' wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Finished processing child request 56 Writing 3712 bytes to parent wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED SID 0: S-1-5-21-847837108-3999977653-1779688838-513 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) calling find_our_domain wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK wb_request_done[1682:GETPWNAM]: NT_STATUS_OK winbind_client_response_written[1682:GETPWNAM]: delivered response to client process_request: Handling async request 1682:GETPWNAM getpwnam TESTDOM\administrator wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK SID 0: S-1-5-21-847837108-3999977653-1779688838-500 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] &r: struct netsamlogoncache_entry timestamp : Fri Mar 23 05:20:37 AM 2018 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Mar 23 05:09:15 AM 2018 EDT logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT last_password_change : Mon Feb 12 09:15:04 AM 2018 EST allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x009d (157) bad_password_count : 0x0000 (0) rid : 0x000001f4 (500) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids: struct samr_RidWithAttribute rid : 0x00000208 (520) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000206 (518) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000207 (519) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'WIN-NJ57UVUO8PC' logon_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' domain_sid : * domain_sid : S-1-5-21-847837108-3999977653-1779688838 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct netr_SidAttr sid : * sid : S-1-5-21-546099636-1453775275-3712789297-1130 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 Need to read 210 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 idmap_find_domain called for domain 'TESTDOM' wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Finished processing child request 56 Writing 3712 bytes to parent wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED SID 0: S-1-5-21-847837108-3999977653-1779688838-513 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) calling find_our_domain wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK wb_request_done[1682:GETPWNAM]: NT_STATUS_OK winbind_client_response_written[1682:GETPWNAM]: delivered response to client accepted socket 25 process_request: request fn INTERFACE_VERSION [ 1682]: request interface version (version = 28) winbind_client_response_written[1682:INTERFACE_VERSION]: delivered response to client process_request: request fn WINBINDD_PRIV_PIPE_DIR [ 1682]: request location of privileged pipe winbind_client_response_written[1682:WINBINDD_PRIV_PIPE_DIR]: delivered response to client accepted socket 27 closing socket 25, client exited process_request: Handling async request 1682:PAM_AUTH [ 1682]: pam auth TESTDOM\administrator fork_domain_child called for domain 'TESTDOM' Child process 1708 msg_dgm_ref_destructor: refs=0x563e56a0d0c0 messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 861304241047392926 Deregistering messaging pointer for type 33 - private_data=(nil) Deregistering messaging pointer for type 13 - private_data=(nil) Deregistering messaging pointer for type 1028 - private_data=(nil) Deregistering messaging pointer for type 1027 - private_data=(nil) Deregistering messaging pointer for type 1029 - private_data=(nil) Deregistering messaging pointer for type 1280 - private_data=(nil) Deregistering messaging pointer for type 1033 - private_data=(nil) Deregistering messaging pointer for type 1 - private_data=(nil) Deregistering messaging pointer for type 1036 - private_data=(nil) Deregistering messaging pointer for type 1035 - private_data=(nil) Registering messaging pointer for type 1028 - private_data=(nil) Registering messaging pointer for type 1027 - private_data=(nil) Registering messaging pointer for type 1280 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 1034 - private_data=(nil) Overriding messaging pointer for type 1034 - private_data=(nil) set_domain_online_request: called for domain TESTDOM set_domain_online_request: domain TESTDOM was globally offline. set_domain_online_request: called for domain LAB set_domain_online_request: domain LAB was globally offline. child daemon request 13 child_process_request: request fn PAM_AUTH [ 1701]: dual pam auth TESTDOM\administrator winbindd_dual_pam_auth: domain: TESTDOM offline and auth request in startup mode. Searching cache keys with pattern NEG_CONN_CACHE/TESTDOM,* Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) Deleting cache entry (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net]) Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) flush_negative_conn_cache_for_domain: flushed domain TESTDOM Searching cache keys with pattern NEG_CONN_CACHE/testdom.net,* Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) Deleting cache entry (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net]) Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) flush_negative_conn_cache_for_domain: flushed domain testdom.net connection_ok: Connection to (null) for domain TESTDOM is not connected set_dc_type_and_flags_trustinfo: domain TESTDOM connection_ok: Connection to (null) for domain LAB is not connected set_dc_type_and_flags_trustinfo: No connection to our domain! Adding cache entry with key=[SAFJOIN/DOMAIN/TESTDOM] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) Adding cache entry with key=[SAF/DOMAIN/TESTDOM] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) saf_fetch: failed to find server for "TESTDOM" domain cm_open_connection: dcname is '' for domain TESTDOM connection_ok: Connection to (null) for domain LAB is not connected Adding cache entry with key=[SAFJOIN/DOMAIN/LAB] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) saf_fetch: Returning "dc1.lab.saferit.fr" for "LAB" domain Adding cache entry with key=[NEG_CONN_CACHE/LAB,dc1.lab.saferit.fr] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr cm_open_connection: saf_servername is 'dc1.lab.saferit.fr' for domain LAB cm_open_connection: dcname is 'dc1.lab.saferit.fr' for domain LAB check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Connecting to 10.0.3.10 at port 445 cm_prepare_connection: connecting to DC dc1.lab.saferit.fr for domain LAB Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a20b10 ldb: Added timed event "ltdb_timeout": 0x563e56a20bd0 ldb: Running timer event 0x563e56a20b10 "ltdb_callback" ldb: Destroying timer event 0x563e56a20bd0 "ltdb_timeout" ldb: Ending timer event 0x563e56a20b10 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a20ff0 ldb: Added timed event "ltdb_timeout": 0x563e56a210b0 ldb: Running timer event 0x563e56a20ff0 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a210b0 "ltdb_timeout" ldb: Ending timer event 0x563e56a20ff0 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a21d90 ldb: Added timed event "ltdb_timeout": 0x563e56a21ec0 ldb: Running timer event 0x563e56a21d90 "ltdb_callback" ldb: Destroying timer event 0x563e56a21ec0 "ltdb_timeout" ldb: Ending timer event 0x563e56a21d90 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 connecting to dc1.lab.saferit.fr (LAB, lab.saferit.fr) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 signed SMB2 message signed SMB2 message saf_store: domain = [LAB], server = [dc1.lab.saferit.fr], expire = [1521798052] Did not store value for SAF/DOMAIN/LAB, we already got it saf_store: domain = [lab.saferit.fr], server = [dc1.lab.saferit.fr], expire = [1521798052] Did not store value for SAF/DOMAIN/LAB.SAFERIT.FR, we already got it set_domain_online: called for domain LAB Deregistering messaging pointer for type 1030 - private_data=(nil) Deregistering messaging pointer for type 1031 - private_data=(nil) messaging_dgm_send: Sending message to 1701 Did not store value for CURRENT_DCNAME/LAB, we already got it ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a2b3c0 ldb: Added timed event "ltdb_timeout": 0x563e56a2b480 ldb: Running timer event 0x563e56a2b3c0 "ltdb_callback" ldb: Destroying timer event 0x563e56a2b480 "ltdb_timeout" ldb: Ending timer event 0x563e56a2b3c0 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a21f50 ldb: Added timed event "ltdb_timeout": 0x563e56a21cd0 ldb: Running timer event 0x563e56a21f50 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a21cd0 "ltdb_timeout" ldb: Ending timer event 0x563e56a21f50 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a1f400 ldb: Added timed event "ltdb_timeout": 0x563e56a1f4c0 ldb: Running timer event 0x563e56a1f400 "ltdb_callback" ldb: Destroying timer event 0x563e56a1f4c0 "ltdb_timeout" ldb: Ending timer event 0x563e56a1f400 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 rpccli_setup_netlogon_creds: using cached netlogon_creds cli[CENTOS$/CENTOS] to dc1.lab.saferit.fr signed SMB2 message imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x40b messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1708 messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1708 Domain LAB is marked as online now. check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a22b00 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 Starting GENSEC mechanism schannel Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 68, auth_level 6 create_generic_auth_rpc_bind_req: generate first token &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=19 [0000] 00 00 00 00 03 00 00 00 4C 41 42 00 43 45 4E 54 ........ LAB.CENT [0010] 4F 53 00 OS. &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0063 (99) auth_length : 0x0013 (19) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=27 [0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ [0010] 4C 41 42 00 43 45 4E 54 4F 53 00 LAB.CENT OS. rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 72 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x07 (7) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0058 (88) auth_length : 0x000c (12) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x0000075b (1883) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 00 00 .. num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) reason : union dcerpc_bind_ack_reason(case 0) value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=20 [0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ [0010] 00 00 00 00 .... rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 88 bytes. check_bind_response: accepted! ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a2b6a0 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a18540 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 seed 6f57c7f4:3a1b7e78 seed+time ca0c9014:3a1b7e78 CLIENT 9c6ea864:c9b60df4 seed+time+1 ca0c9015:3a1b7e78 SERVER 97719b65:901f03bb netr_LogonGetCapabilities: struct netr_LogonGetCapabilities in: struct netr_LogonGetCapabilities server_name : * server_name : '\\dc1.lab.saferit.fr' computer_name : * computer_name : 'CENTOS' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : 64a86e9cf40db6c9 timestamp : Fri Mar 23 05:25:52 AM 2018 EDT return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 query_level : 0x00000001 (1) t: struct dcerpc_sec_verification_trailer _pad : DATA_BLOB length=0 magic : 0000000000000000 count: struct dcerpc_sec_vt_count count : 0x0002 (2) commands: ARRAY(2) commands: struct dcerpc_sec_vt command : 0x0001 (1) 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) 0: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x1) bitmask1 : 0x00000001 (1) 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING commands: struct dcerpc_sec_vt command : 0x4002 (16386) 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) 1: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x2) pcontext: struct dcerpc_sec_vt_pcontext abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b0 (176) context_id : 0x0000 (0) opnum : 0x0015 (21) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x00 (0) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 104 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0078 (120) auth_length : 0x0038 (56) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=96 [0000] D1 E1 91 5E A1 34 C6 25 F8 40 5A A3 55 B8 7D FB ...^.4.% .@Z.U.}. [0010] 5F AD 1D 45 50 FE 81 79 59 04 EE 32 B8 CA C7 20 _..EP..y Y..2... [0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0030] E7 AE FE 70 E4 A5 04 B7 9A 39 77 AA 75 53 C3 0F ...p.... .9w.uS.. [0040] 73 4A E6 EC 0F 07 0F 33 B0 A5 F9 01 9A 8F 41 8C sJ.....3 ......A. [0050] 42 1A 9E 15 C0 95 0A 9D 9C F9 3A 36 73 5A 0A 45 B....... ..:6sZ.E Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 GENSEC auth Got pdu len 120, data_len 24 rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 24 bytes. netr_LogonGetCapabilities: struct netr_LogonGetCapabilities out: struct netr_LogonGetCapabilities return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 659b7197bb031f90 timestamp : (time_t)0 capabilities : * capabilities : union netr_Capabilities(case 1) server_capabilities : 0x610fffff (1628438527) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_OK check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a2b320 Unlocking key 434C495B43454E544F53 release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb lock order: 1: 2: 3: check lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2:/var/lib/samba/lock/g_lock.tdb 3: Locking key 434C495B43454E544F53 Allocated locked data 0x0x563e56a2b390 release lock order 2 for /var/lib/samba/lock/g_lock.tdb lock order: 1: 2: 3: Unlocking key 434C495B43454E544F53 cli_rpc_pipe_open_schannel_with_creds: opened pipe netlogon to machine dc1.lab.saferit.fr for domain LAB and bound using schannel. netr_DsRGetDCName: struct netr_DsRGetDCName in: struct netr_DsRGetDCName server_unc : * server_unc : 'dc1.lab.saferit.fr' domain_name : * domain_name : 'TESTDOM' domain_guid : NULL site_guid : NULL flags : 0x40000000 (1073741824) 0: DS_FORCE_REDISCOVERY 0: DS_DIRECTORY_SERVICE_REQUIRED 0: DS_DIRECTORY_SERVICE_PREFERRED 0: DS_GC_SERVER_REQUIRED 0: DS_PDC_REQUIRED 0: DS_BACKGROUND_ONLY 0: DS_IP_REQUIRED 0: DS_KDC_REQUIRED 0: DS_TIMESERV_REQUIRED 0: DS_WRITABLE_REQUIRED 0: DS_GOOD_TIMESERV_PREFERRED 0: DS_AVOID_SELF 0: DS_ONLY_LDAP_NEEDED 0: DS_IS_FLAT_NAME 0: DS_IS_DNS_NAME 0: DS_TRY_NEXTCLOSEST_SITE 0: DS_DIRECTORY_SERVICE_6_REQUIRED 0: DS_WEB_SERVICE_REQUIRED 1: DS_RETURN_DNS_NAME 0: DS_RETURN_FLAT_NAME &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000064 (100) context_id : 0x0000 (0) opnum : 0x0014 (20) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x0c (12) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 440 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x01c8 (456) auth_length : 0x0038 (56) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000168 (360) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=432 [0000] 28 AF 9D BE 68 D1 65 92 31 77 22 B7 D1 7E AE 3B (...h.e. 1w"..~.; [0010] 4B 94 B8 9B 2A 4B 9E 3A 3D AA 7B 77 81 5F 64 D6 K...*K.: =.{w._d. [0020] E9 1E 73 41 9F F8 A0 90 D0 90 1C 96 32 5E FC D7 ..sA.... ....2^.. [0030] 36 A9 B7 8B 1C 1C 81 67 25 46 7A 8E 11 57 5A D7 6......g %Fz..WZ. [0040] BB FF F7 97 71 14 75 7D D4 95 CF 31 E6 7D 79 04 ....q.u} ...1.}y. [0050] A7 1F AA EB 73 5D 1A F3 0F F0 DA D0 D3 7A BF 07 ....s].. .....z.. [0060] 31 65 B1 09 62 36 5A BE 21 D1 39 01 9C ED 98 43 1e..b6Z. !.9....C [0070] 4F DA 9C 56 4C E8 69 7F 16 27 00 E6 15 B9 B8 9E O..VL.i. .'...... [0080] 3E 7E C7 4C DC FE 0E 4B 35 9A 95 6B B4 D3 8E EF >~.L...K 5..k.... [0090] 32 AF FD 69 77 E7 8F 4D 02 35 A4 05 6D 4E D9 E3 2..iw..M .5..mN.. [00A0] D0 C2 4A 99 79 3E 3C 3D 00 E7 0D 8C A1 41 32 A9 ..J.y><= .....A2. [00B0] 1D F0 77 F3 11 1A BF 24 6A 0E BA 13 BB C9 E3 4F ..w....$ j......O [00C0] 67 93 E1 F8 0D E4 B2 A9 A2 C0 7C 5B 29 3E 88 1C g....... ..|[)>.. [00D0] D2 04 CF 10 FF E5 A0 77 84 B0 60 B6 AC 37 9E 25 .......w ..`..7.% [00E0] 74 54 6A D0 7B 81 B1 FC 3B FF A6 42 42 3D 84 51 tTj.{... ;..BB=.Q [00F0] AE AE 8E 02 5B 53 90 3C A8 74 80 5A 42 32 97 BD ....[S.< .t.ZB2.. [0100] 37 5B C8 F6 8D 32 47 05 70 B7 45 5B 4E B8 14 81 7[...2G. p.E[N... [0110] EE CE 41 B8 F9 BA A8 EF 6F 9A 08 AE 48 03 6D 9E ..A..... o...H.m. [0120] AF 04 4B 20 AA 12 C6 31 75 DD 25 FD 24 BB 6C 8C ..K ...1 u.%.$.l. [0130] 9E B2 72 95 97 D8 26 F1 9C 52 A2 59 C9 14 99 A1 ..r...&. .R.Y.... [0140] 36 9E EB DA E3 42 0B 2F 4C 02 2F 4C BD 66 50 46 6....B./ L./L.fPF [0150] 71 66 C3 13 32 23 1F D9 FF F9 93 76 E6 A2 7F 07 qf..2#.. ...v.... [0160] 4D CE 5A 96 DB F6 91 58 38 8D F4 BE 55 62 99 1B M.Z....X 8...Ub.. [0170] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0180] 3D E9 79 F1 05 AE 87 A6 30 34 50 43 DD 0F 56 7D =.y..... 04PC..V} [0190] AF 2C 54 BB 9A C1 CB D2 00 00 00 00 00 00 00 00 .,T..... ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 GENSEC auth Got pdu len 456, data_len 360 rpc_api_pipe: got frag len of 456 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 360 bytes. netr_DsRGetDCName: struct netr_DsRGetDCName out: struct netr_DsRGetDCName info : * info : * info: struct netr_DsRGetDCNameInfo dc_unc : * dc_unc : '\\WIN-NJ57UVUO8PC.testdom.net' dc_address : * dc_address : '\\10.0.3.110' dc_address_type : DS_ADDRESS_TYPE_INET (1) domain_guid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef domain_name : * domain_name : 'testdom.net' forest_name : * forest_name : 'testdom.net' dc_flags : 0xe00031fd (3758109181) 1: DS_SERVER_PDC 1: DS_SERVER_GC 1: DS_SERVER_LDAP 1: DS_SERVER_DS 1: DS_SERVER_KDC 1: DS_SERVER_TIMESERV 1: DS_SERVER_CLOSEST 1: DS_SERVER_WRITABLE 0: DS_SERVER_GOOD_TIMESERV 0: DS_SERVER_NDNC 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 1: DS_SERVER_FULL_SECRET_DOMAIN_6 1: DS_SERVER_WEBSERV 0: DS_SERVER_DS_8 1: DS_DNS_CONTROLLER 1: DS_DNS_DOMAIN 1: DS_DNS_FOREST_ROOT dc_site_name : * dc_site_name : 'Default-First-Site-Name' client_site_name : * client_site_name : 'Default-First-Site-Name' result : WERR_OK dcerpc_netr_GetAnyDCName returned WIN-NJ57UVUO8PC.testdom.net sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up WIN-NJ57UVUO8PC.testdom.net#20 (sitename Default-First-Site-Name) name WIN-NJ57UVUO8PC.testdom.net#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net Retrieved DC WIN-NJ57UVUO8PC.testdom.net at 10.0.3.110 via netlogon Connecting to 10.0.3.110 at port 445 cm_prepare_connection: connecting to DC WIN-NJ57UVUO8PC.testdom.net for domain TESTDOM Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a24a70 ldb: Added timed event "ltdb_timeout": 0x563e56a24b30 ldb: Running timer event 0x563e56a24a70 "ltdb_callback" ldb: Destroying timer event 0x563e56a24b30 "ltdb_timeout" ldb: Ending timer event 0x563e56a24a70 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a24f50 ldb: Added timed event "ltdb_timeout": 0x563e56a25010 ldb: Running timer event 0x563e56a24f50 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a25010 "ltdb_timeout" ldb: Ending timer event 0x563e56a24f50 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a25cf0 ldb: Added timed event "ltdb_timeout": 0x563e56a25e20 ldb: Running timer event 0x563e56a25cf0 "ltdb_callback" ldb: Destroying timer event 0x563e56a25e20 "ltdb_timeout" ldb: Ending timer event 0x563e56a25cf0 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 connecting to WIN-NJ57UVUO8PC.testdom.net (TESTDOM, testdom.net) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gse_get_client_auth_token: Server principal not found SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/WIN-NJ57UVUO8PC.testdom.net failed (next[ntlmssp]): NT_STATUS_INVALID_PARAMETER Starting GENSEC submechanism ntlmssp negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : * Workstation : '' Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH SPNEGO login failed: Logon failure authenticated session setup to WIN-NJ57UVUO8PC.testdom.net using LAB\CENTOS$ failed with NT_STATUS_LOGON_FAILURE cm_get_ipc_userpass: No auth-user defined cm_get_ipc_userpass: No auth-user defined Failed to prepare SMB connection to WIN-NJ57UVUO8PC.testdom.net: NT_STATUS_LOGON_FAILURE Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Fri Mar 23 05:26:52 AM 2018 EDT] (60 seconds ahead) add_failed_connection_entry: added domain TESTDOM (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM]) Deleting cache entry (key=[SAF/DOMAIN/TESTDOM]) Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Fri Mar 23 05:26:52 AM 2018 EDT] (60 seconds ahead) add_failed_connection_entry: added domain testdom.net (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM.NET]) Adding cache entry with key=[SAFJOIN/DOMAIN/TESTDOM.NET] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) Deleting cache entry (key=[SAF/DOMAIN/TESTDOM.NET]) Adding cache entry with key=[SAF/DOMAIN/TESTDOM.NET] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) cm_open_connection: dcname is 'WIN-NJ57UVUO8PC.testdom.net' for domain TESTDOM check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net netr_DsRGetDCName: struct netr_DsRGetDCName in: struct netr_DsRGetDCName server_unc : * server_unc : 'dc1.lab.saferit.fr' domain_name : * domain_name : 'TESTDOM' domain_guid : NULL site_guid : NULL flags : 0x40000000 (1073741824) 0: DS_FORCE_REDISCOVERY 0: DS_DIRECTORY_SERVICE_REQUIRED 0: DS_DIRECTORY_SERVICE_PREFERRED 0: DS_GC_SERVER_REQUIRED 0: DS_PDC_REQUIRED 0: DS_BACKGROUND_ONLY 0: DS_IP_REQUIRED 0: DS_KDC_REQUIRED 0: DS_TIMESERV_REQUIRED 0: DS_WRITABLE_REQUIRED 0: DS_GOOD_TIMESERV_PREFERRED 0: DS_AVOID_SELF 0: DS_ONLY_LDAP_NEEDED 0: DS_IS_FLAT_NAME 0: DS_IS_DNS_NAME 0: DS_TRY_NEXTCLOSEST_SITE 0: DS_DIRECTORY_SERVICE_6_REQUIRED 0: DS_WEB_SERVICE_REQUIRED 1: DS_RETURN_DNS_NAME 0: DS_RETURN_FLAT_NAME &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000064 (100) context_id : 0x0000 (0) opnum : 0x0014 (20) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x0c (12) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 440 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x01c8 (456) auth_length : 0x0038 (56) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000168 (360) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=432 [0000] 0C 5B F8 45 BE 0E 11 4E 3A 53 D9 79 82 05 FC A1 .[.E...N :S.y.... [0010] EB 5D 3E 99 A4 F5 D2 0B 55 FB AC C0 BA EA 9A AA .]>..... U....... [0020] D8 75 BB F7 B1 04 B3 42 5C F9 22 18 9F A3 1C 9E .u.....B \."..... [0030] DC AB F3 2C 4F DF C0 87 D7 48 14 1F C6 F7 1F 72 ...,O... .H.....r [0040] 8B 85 37 7C 87 77 D1 34 3F 61 37 AF 4D 1D 16 23 ..7|.w.4 ?a7.M..# [0050] FD FC 4C B9 81 BB 29 54 90 91 E7 CF 4E 0C 34 1A ..L...)T ....N.4. [0060] E9 D6 CA 27 BE BC E5 5A 05 D5 0B 99 25 B6 B9 33 ...'...Z ....%..3 [0070] DC EE 1C D1 93 A8 8A 69 58 6B BD 59 14 6B 41 3C .......i Xk.Y.kA< [0080] 5C E2 67 C9 CF FE EB C3 FF E7 9A 0F 12 ED 97 27 \.g..... .......' [0090] 78 F9 2E E3 C2 FC FD 51 C4 97 91 4E 63 69 DC E4 x......Q ...Nci.. [00A0] 50 BE 26 98 6D F9 EF 9F 04 B6 47 8B FB 9F DB D1 P.&.m... ..G..... [00B0] 65 B2 C7 EA 5E D7 B6 A1 56 FD EB 9E 28 0E A7 52 e...^... V...(..R [00C0] 67 B7 5D EA 37 BC 37 63 6A B2 81 55 02 8A 17 A1 g.].7.7c j..U.... [00D0] 04 28 CC 87 80 DB E6 B1 CE 3B 1A 42 83 DA 7A D0 .(...... .;.B..z. [00E0] 64 0E 42 B4 83 21 F2 90 03 E9 C9 8F F1 65 93 93 d.B..!.. .....e.. [00F0] 85 CC 99 41 0E 40 41 D0 D8 E4 99 B8 3A D0 15 32 ...A.@A. ....:..2 [0100] 60 3D 1D 0C AA 64 29 E7 12 CA AA 55 40 79 8A EE `=...d). ...U@y.. [0110] 8D 74 7A F2 5E 0B B0 F9 EA BD 8D C5 A0 2C 73 C8 .tz.^... .....,s. [0120] 60 3A 5D D3 CE 20 11 CC 9D 30 14 73 D6 8A 5C 1D `:].. .. .0.s..\. [0130] 50 5F 20 55 A9 B6 86 EE 2D 68 B2 42 1D 37 44 59 P_ U.... -h.B.7DY [0140] B0 14 EA 6C 30 89 8E DD B2 88 2D C8 FC B2 77 86 ...l0... ..-...w. [0150] 18 9D F1 A1 39 02 CC 0C B9 CA C0 86 10 87 05 96 ....9... ........ [0160] CC B5 99 3A 1B B1 7B 55 18 79 37 0C 81 0E 23 55 ...:..{U .y7...#U [0170] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0180] C9 FA C3 3A 44 24 38 2A 40 5F 42 38 9B 41 27 47 ...:D$8* @_B8.A'G [0190] D7 8F 46 8A 34 B4 CD 1B 00 00 00 00 00 00 00 00 ..F.4... ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 GENSEC auth Got pdu len 456, data_len 360 rpc_api_pipe: got frag len of 456 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 360 bytes. netr_DsRGetDCName: struct netr_DsRGetDCName out: struct netr_DsRGetDCName info : * info : * info: struct netr_DsRGetDCNameInfo dc_unc : * dc_unc : '\\WIN-NJ57UVUO8PC.testdom.net' dc_address : * dc_address : '\\10.0.3.110' dc_address_type : DS_ADDRESS_TYPE_INET (1) domain_guid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef domain_name : * domain_name : 'testdom.net' forest_name : * forest_name : 'testdom.net' dc_flags : 0xe00031fd (3758109181) 1: DS_SERVER_PDC 1: DS_SERVER_GC 1: DS_SERVER_LDAP 1: DS_SERVER_DS 1: DS_SERVER_KDC 1: DS_SERVER_TIMESERV 1: DS_SERVER_CLOSEST 1: DS_SERVER_WRITABLE 0: DS_SERVER_GOOD_TIMESERV 0: DS_SERVER_NDNC 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 1: DS_SERVER_FULL_SECRET_DOMAIN_6 1: DS_SERVER_WEBSERV 0: DS_SERVER_DS_8 1: DS_DNS_CONTROLLER 1: DS_DNS_DOMAIN 1: DS_DNS_FOREST_ROOT dc_site_name : * dc_site_name : 'Default-First-Site-Name' client_site_name : * client_site_name : 'Default-First-Site-Name' result : WERR_OK dcerpc_netr_GetAnyDCName returned WIN-NJ57UVUO8PC.testdom.net sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up WIN-NJ57UVUO8PC.testdom.net#20 (sitename Default-First-Site-Name) name WIN-NJ57UVUO8PC.testdom.net#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net DC WIN-NJ57UVUO8PC.testdom.net was in the negative conn cache sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" ads_dc_name: domain=TESTDOM sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" resolve_and_ping_dns: (cldap) looking for realm 'testdom.net' get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) saf_fetch: failed to find server for "testdom.net" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) name testdom.net#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,10.0.3.110] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.110:389 check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000031fd (12797) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef forest : 'testdom.net' dns_domain : 'testdom.net' pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' domain_name : 'TESTDOM' pdc_name : 'WIN-NJ57UVUO8PC' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it Successfully contacted LDAP server 10.0.3.110 sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" ads_dc_name: using server='WIN-NJ57UVUO8PC.TESTDOM.NET' IP=10.0.3.110 sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) saf_fetch: failed to find server for "testdom.net" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) name testdom.net#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.110:389 Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,10.0.3.110] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 get_sorted_dc_list: attempting lookup for name testdom.net (sitename NULL) saf_fetch: failed to find server for "testdom.net" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up testdom.net#1c (sitename (null)) name testdom.net#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.110:389 check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 Connecting to 10.0.3.110 at port 445 ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000031fd (12797) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef forest : 'testdom.net' dns_domain : 'testdom.net' pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' domain_name : 'TESTDOM' pdc_name : 'WIN-NJ57UVUO8PC' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it Successfully contacted LDAP server 10.0.3.110 namecache_store: storing 1 address for WIN-NJ57UVUO8PC.testdom.net#20: 10.0.3.110 Adding cache entry with key=[NBT/WIN-NJ57UVUO8PC.TESTDOM.NET#20] and timeout=[Fri Mar 23 05:36:52 AM 2018 EDT] (660 seconds ahead) dcip_to_name: flags = 0x31fd cm_prepare_connection: connecting to DC WIN-NJ57UVUO8PC.testdom.net for domain TESTDOM Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a278b0 ldb: Added timed event "ltdb_timeout": 0x563e56a27970 ldb: Running timer event 0x563e56a278b0 "ltdb_callback" ldb: Destroying timer event 0x563e56a27970 "ltdb_timeout" ldb: Ending timer event 0x563e56a278b0 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a27d90 ldb: Added timed event "ltdb_timeout": 0x563e56a27e50 ldb: Running timer event 0x563e56a27d90 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a27e50 "ltdb_timeout" ldb: Ending timer event 0x563e56a27d90 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a25290 ldb: Added timed event "ltdb_timeout": 0x563e56a253c0 ldb: Running timer event 0x563e56a25290 "ltdb_callback" ldb: Destroying timer event 0x563e56a253c0 "ltdb_timeout" ldb: Ending timer event 0x563e56a25290 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 connecting to WIN-NJ57UVUO8PC.testdom.net (TESTDOM, testdom.net) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gse_get_client_auth_token: Server principal not found SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/WIN-NJ57UVUO8PC.testdom.net failed (next[ntlmssp]): NT_STATUS_INVALID_PARAMETER Starting GENSEC submechanism ntlmssp negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : * Workstation : '' Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH SPNEGO login failed: Logon failure authenticated session setup to WIN-NJ57UVUO8PC.testdom.net using LAB\CENTOS$ failed with NT_STATUS_LOGON_FAILURE cm_get_ipc_userpass: No auth-user defined cm_get_ipc_userpass: No auth-user defined Failed to prepare SMB connection to WIN-NJ57UVUO8PC.testdom.net: NT_STATUS_LOGON_FAILURE Did not store value for NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net, we already got it add_failed_connection_entry: added domain TESTDOM (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM]) Deleting cache entry (key=[SAF/DOMAIN/TESTDOM]) Did not store value for NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net, we already got it add_failed_connection_entry: added domain testdom.net (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM.NET]) Deleting cache entry (key=[SAF/DOMAIN/TESTDOM.NET]) cm_open_connection: dcname is 'WIN-NJ57UVUO8PC.testdom.net' for domain TESTDOM check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net netr_DsRGetDCName: struct netr_DsRGetDCName in: struct netr_DsRGetDCName server_unc : * server_unc : 'dc1.lab.saferit.fr' domain_name : * domain_name : 'TESTDOM' domain_guid : NULL site_guid : NULL flags : 0x40000000 (1073741824) 0: DS_FORCE_REDISCOVERY 0: DS_DIRECTORY_SERVICE_REQUIRED 0: DS_DIRECTORY_SERVICE_PREFERRED 0: DS_GC_SERVER_REQUIRED 0: DS_PDC_REQUIRED 0: DS_BACKGROUND_ONLY 0: DS_IP_REQUIRED 0: DS_KDC_REQUIRED 0: DS_TIMESERV_REQUIRED 0: DS_WRITABLE_REQUIRED 0: DS_GOOD_TIMESERV_PREFERRED 0: DS_AVOID_SELF 0: DS_ONLY_LDAP_NEEDED 0: DS_IS_FLAT_NAME 0: DS_IS_DNS_NAME 0: DS_TRY_NEXTCLOSEST_SITE 0: DS_DIRECTORY_SERVICE_6_REQUIRED 0: DS_WEB_SERVICE_REQUIRED 1: DS_RETURN_DNS_NAME 0: DS_RETURN_FLAT_NAME &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0038 (56) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000064 (100) context_id : 0x0000 (0) opnum : 0x0014 (20) object : union dcerpc_object(case 0) empty: struct dcerpc_empty stub_and_verifier : DATA_BLOB length=0 &r: struct dcerpc_auth auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) auth_pad_length : 0x0c (12) auth_reserved : 0x00 (0) auth_context_id : 0x00000001 (1) credentials : DATA_BLOB length=0 rpc_api_pipe: host dc1.lab.saferit.fr signed SMB2 message rpc_read_send: data_to_read: 440 state->pkt: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) 1: DCERPC_PFC_FLAG_FIRST 1: DCERPC_PFC_FLAG_LAST 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING 0: DCERPC_PFC_FLAG_CONC_MPX 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE 0: DCERPC_PFC_FLAG_MAYBE 0: DCERPC_PFC_FLAG_OBJECT_UUID drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x01c8 (456) auth_length : 0x0038 (56) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000168 (360) context_id : 0x0000 (0) cancel_count : 0x00 (0) reserved : 0x00 (0) stub_and_verifier : DATA_BLOB length=432 [0000] 55 20 64 9B 38 01 37 A5 C6 A8 95 66 D1 57 0D 42 U d.8.7. ...f.W.B [0010] 1B 0C FF B2 00 A8 BA EE DB 2F 14 5B 8C C2 49 74 ........ ./.[..It [0020] E3 30 13 9E 13 B5 83 0C 3F 68 56 AF BE 38 6E 79 .0...... ?hV..8ny [0030] A4 29 BD D5 17 26 96 52 B0 9F 85 9E 60 61 CD B6 .)...&.R ....`a.. [0040] 76 B8 BC 7D B6 FF 29 52 68 A3 F9 2A B7 76 68 B7 v..}..)R h..*.vh. [0050] D0 EB 07 EA 41 31 B1 63 FD 70 43 F7 70 2B 64 7F ....A1.c .pC.p+d. [0060] CD CC AD A1 12 00 BE B4 8F 63 92 51 6B DF FF F5 ........ .c.Qk... [0070] 51 3B 1E DE A5 43 0D 98 B9 3E 8F 75 B0 C4 54 DC Q;...C.. .>.u..T. [0080] AA 21 AF F8 14 71 73 60 2A E6 0E 3E 9D F9 57 27 .!...qs` *..>..W' [0090] FE BD 5C 9B FD D9 88 34 75 7B CE 11 3B AB B9 D8 ..\....4 u{..;... [00A0] 36 7D BA 9E 99 99 3F 12 E3 19 02 DE 58 F5 0F B4 6}....?. ....X... [00B0] 17 72 53 41 D2 08 CB CF D8 79 B8 24 9C CC A0 4A .rSA.... .y.$...J [00C0] 42 FD B4 47 68 17 20 49 FF E7 83 7B DD 86 86 42 B..Gh. I ...{...B [00D0] A5 83 2D BB 0B 8B A9 3F 71 C7 6C A4 08 08 01 18 ..-....? q.l..... [00E0] F4 C2 49 47 6B 4F 73 53 2E 86 CA 06 80 09 63 85 ..IGkOsS ......c. [00F0] 91 D5 C7 14 A6 78 45 C5 F2 3B 70 CB F8 70 DA 3E .....xE. .;p..p.> [0100] 99 D1 6F 36 C8 AF 89 3D F8 E9 83 02 A0 EF 38 E7 ..o6...= ......8. [0110] AB D7 9C 53 AB 0D 28 BD 7C 5E E7 D0 DF 43 56 0B ...S..(. |^...CV. [0120] 60 4B D5 43 24 6C 2C DE 90 CF 17 F4 D4 32 78 7F `K.C$l,. .....2x. [0130] 9B 8B 92 42 47 5E A2 32 58 F1 D8 53 A4 7D AD 8F ...BG^.2 X..S.}.. [0140] 77 C3 3B 81 86 80 89 29 92 27 01 9D 94 A0 5F BA w.;....) .'...._. [0150] 45 7C 7E 35 B8 F2 9E 78 BA 8F BE 4C 68 99 10 3F E|~5...x ...Lh..? [0160] 2F 81 B7 37 A0 56 CC 8A EE 31 D5 D7 03 5D 70 66 /..7.V.. .1...]pf [0170] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ [0180] 1F 56 8D D2 8C F1 78 58 E3 CD A6 44 05 D7 BC 7B .V....xX ...D...{ [0190] 26 0A 3B 53 94 90 5B E2 00 00 00 00 00 00 00 00 &.;S..[. ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Requested Privacy. ../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 GENSEC auth Got pdu len 456, data_len 360 rpc_api_pipe: got frag len of 456 at offset 0: NT_STATUS_OK rpc_api_pipe: host dc1.lab.saferit.fr returned 360 bytes. netr_DsRGetDCName: struct netr_DsRGetDCName out: struct netr_DsRGetDCName info : * info : * info: struct netr_DsRGetDCNameInfo dc_unc : * dc_unc : '\\WIN-NJ57UVUO8PC.testdom.net' dc_address : * dc_address : '\\10.0.3.110' dc_address_type : DS_ADDRESS_TYPE_INET (1) domain_guid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef domain_name : * domain_name : 'testdom.net' forest_name : * forest_name : 'testdom.net' dc_flags : 0xe00031fd (3758109181) 1: DS_SERVER_PDC 1: DS_SERVER_GC 1: DS_SERVER_LDAP 1: DS_SERVER_DS 1: DS_SERVER_KDC 1: DS_SERVER_TIMESERV 1: DS_SERVER_CLOSEST 1: DS_SERVER_WRITABLE 0: DS_SERVER_GOOD_TIMESERV 0: DS_SERVER_NDNC 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 1: DS_SERVER_FULL_SECRET_DOMAIN_6 1: DS_SERVER_WEBSERV 0: DS_SERVER_DS_8 1: DS_DNS_CONTROLLER 1: DS_DNS_DOMAIN 1: DS_DNS_FOREST_ROOT dc_site_name : * dc_site_name : 'Default-First-Site-Name' client_site_name : * client_site_name : 'Default-First-Site-Name' result : WERR_OK dcerpc_netr_GetAnyDCName returned WIN-NJ57UVUO8PC.testdom.net sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up WIN-NJ57UVUO8PC.testdom.net#20 (sitename Default-First-Site-Name) name WIN-NJ57UVUO8PC.testdom.net#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net DC WIN-NJ57UVUO8PC.testdom.net was in the negative conn cache sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" ads_dc_name: domain=TESTDOM sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" resolve_and_ping_dns: (cldap) looking for realm 'testdom.net' get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) saf_fetch: failed to find server for "testdom.net" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) name testdom.net#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.110:389 check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000031fd (12797) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef forest : 'testdom.net' dns_domain : 'testdom.net' pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' domain_name : 'TESTDOM' pdc_name : 'WIN-NJ57UVUO8PC' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it Successfully contacted LDAP server 10.0.3.110 sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" ads_dc_name: using server='WIN-NJ57UVUO8PC.TESTDOM.NET' IP=10.0.3.110 sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) saf_fetch: failed to find server for "testdom.net" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) name testdom.net#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.110:389 check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 get_sorted_dc_list: attempting lookup for name testdom.net (sitename NULL) saf_fetch: failed to find server for "testdom.net" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up testdom.net#1c (sitename (null)) name testdom.net#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.110:389 check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 Connecting to 10.0.3.110 at port 445 ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000031fd (12797) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef forest : 'testdom.net' dns_domain : 'testdom.net' pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' domain_name : 'TESTDOM' pdc_name : 'WIN-NJ57UVUO8PC' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it Successfully contacted LDAP server 10.0.3.110 namecache_store: storing 1 address for WIN-NJ57UVUO8PC.testdom.net#20: 10.0.3.110 Did not store value for NBT/WIN-NJ57UVUO8PC.TESTDOM.NET#20, we already got it dcip_to_name: flags = 0x31fd cm_prepare_connection: connecting to DC WIN-NJ57UVUO8PC.testdom.net for domain TESTDOM Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 367360 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a29ae0 ldb: Added timed event "ltdb_timeout": 0x563e56a29ba0 ldb: Running timer event 0x563e56a29ae0 "ltdb_callback" ldb: Destroying timer event 0x563e56a29ba0 "ltdb_timeout" ldb: Ending timer event 0x563e56a29ae0 "ltdb_callback" ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request ldb: ldb_trace_request: SEARCH dn: scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a248e0 ldb: Added timed event "ltdb_timeout": 0x563e56a249a0 ldb: Running timer event 0x563e56a248e0 "ltdb_callback" ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb: Destroying timer event 0x563e56a249a0 "ltdb_timeout" ldb: Ending timer event 0x563e56a248e0 "ltdb_callback" ldb_wrap open of secrets.ldb ldb: ldb_trace_request: SEARCH dn: cn=Primary Domains scope: sub expr: (&(flatname=LAB)(objectclass=primaryDomain)) attr: control: ldb: ldb_trace_request: (tdb)->search ldb: Added timed event "ltdb_callback": 0x563e56a29980 ldb: Added timed event "ltdb_timeout": 0x563e56a294e0 ldb: Running timer event 0x563e56a29980 "ltdb_callback" ldb: Destroying timer event 0x563e56a294e0 "ltdb_timeout" ldb: Ending timer event 0x563e56a29980 "ltdb_callback" ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 connecting to WIN-NJ57UVUO8PC.testdom.net (TESTDOM, testdom.net) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gse_get_client_auth_token: Server principal not found SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/WIN-NJ57UVUO8PC.testdom.net failed (next[ntlmssp]): NT_STATUS_INVALID_PARAMETER Starting GENSEC submechanism ntlmssp negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : * Workstation : '' Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH SPNEGO login failed: Logon failure authenticated session setup to WIN-NJ57UVUO8PC.testdom.net using LAB\CENTOS$ failed with NT_STATUS_LOGON_FAILURE cm_get_ipc_userpass: No auth-user defined cm_get_ipc_userpass: No auth-user defined Failed to prepare SMB connection to WIN-NJ57UVUO8PC.testdom.net: NT_STATUS_LOGON_FAILURE Did not store value for NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net, we already got it add_failed_connection_entry: added domain TESTDOM (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM]) Deleting cache entry (key=[SAF/DOMAIN/TESTDOM]) Did not store value for NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net, we already got it add_failed_connection_entry: added domain testdom.net (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM.NET]) Deleting cache entry (key=[SAF/DOMAIN/TESTDOM.NET]) set_domain_offline: called for domain TESTDOM set_domain_offline: added event handler for domain TESTDOM messaging_dgm_send: Sending message to 1701 winbindd_dual_pam_auth: domain: TESTDOM last was offline Plain-text authentication for user TESTDOM\administrator returned NT_STATUS_LOGON_FAILURE (PAM: 7) Finished processing child request 13 Writing 3496 bytes to parent imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x40c messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from 1708 messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from 1708 Domain TESTDOM is marked as offline now. child daemon request 48 child_process_request: request fn INIT_CONNECTION Finished processing child request 48 Writing 3496 bytes to parent child daemon request 13 child_process_request: request fn PAM_AUTH [ 1701]: dual pam auth TESTDOM\administrator winbindd_dual_pam_auth: domain: TESTDOM offline and auth request in startup mode. Searching cache keys with pattern NEG_CONN_CACHE/TESTDOM,* Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) Deleting cache entry (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net]) Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) flush_negative_conn_cache_for_domain: flushed domain TESTDOM Searching cache keys with pattern NEG_CONN_CACHE/testdom.net,* Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) Deleting cache entry (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net]) Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) flush_negative_conn_cache_for_domain: flushed domain testdom.net winbindd_dual_pam_auth: domain: TESTDOM last was offline Plain-text authentication for user TESTDOM\administrator returned NT_STATUS_NO_LOGON_SERVERS (PAM: 9) Finished processing child request 13 Writing 3496 bytes to parent wb_request_done[1682:PAM_AUTH]: NT_STATUS_NO_LOGON_SERVERS winbind_client_response_written[1682:PAM_AUTH]: delivered response to client closing socket 27, client exited check_domain_online_handler: called for domain LAB (online = True) Registering messaging pointer for type 1030 - private_data=(nil) Overriding messaging pointer for type 1030 - private_data=(nil) Registering messaging pointer for type 1031 - private_data=(nil) Overriding messaging pointer for type 1031 - private_data=(nil) msg_dgm_ref_destructor: refs=0x563e56a0d0c0 messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 9440874404573255484 Deregistering messaging pointer for type 1028 - private_data=(nil) Deregistering messaging pointer for type 1027 - private_data=(nil) Deregistering messaging pointer for type 1280 - private_data=(nil) Deregistering messaging pointer for type 1 - private_data=(nil) sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_dc_name: domain=LAB sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000f1fd (61949) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 1: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d forest : 'lab.saferit.fr' dns_domain : 'lab.saferit.fr' pdc_dns_name : 'dc1.lab.saferit.fr' domain_name : 'LAB' pdc_name : 'DC1' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it Successfully contacted LDAP server 10.0.3.10 sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site Default-First-Site-Name search saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 1 addresses: 10.0.3.10:88 Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:88 got 1 addresses from site-less search 0 additional KDCs to test get_kdc_ip_string: Returning kdc = 10.0.3.10 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename NULL) saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" internal_resolve_name: looking up lab.saferit.fr#1c (sitename (null)) name lab.saferit.fr#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) name dc1.lab.saferit.fr#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.0.3.10:389 check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 messaging_dgm_send: Sending message to 1707 messaging_recv_cb: Received message 0x406 len 4 (num_fds:0) from 1709 msg_try_to_go_online: received for domain LAB. msg_try_to_go_online: domain LAB already online. process_request: Handling async request 1682:GETPWNAM getpwnam TESTDOM\administrator wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'TESTDOM' name : * name : 'ADMINISTRATOR' flags : 0x00000008 (8) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USER (1) sid : * sid : S-1-5-21-847837108-3999977653-1779688838-500 result : NT_STATUS_OK SID 0: S-1-5-21-847837108-3999977653-1779688838-500 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] &r: struct netsamlogoncache_entry timestamp : Fri Mar 23 05:20:37 AM 2018 EDT info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo logon_time : Fri Mar 23 05:09:15 AM 2018 EDT logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT last_password_change : Mon Feb 12 09:15:04 AM 2018 EST allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT account_name: struct lsa_String length : 0x001a (26) size : 0x001a (26) string : * string : 'Administrator' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x009d (157) bad_password_count : 0x0000 (0) rid : 0x000001f4 (500) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000005 (5) rids : * rids: ARRAY(5) rids: struct samr_RidWithAttribute rid : 0x00000208 (520) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000200 (512) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000206 (518) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000207 (519) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 00000000000000000000000000000000 logon_server: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'WIN-NJ57UVUO8PC' logon_domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'TESTDOM' domain_sid : * domain_sid : S-1-5-21-847837108-3999977653-1779688838 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS sub_auth_status : 0x00000000 (0) last_successful_logon : NTTIME(0) last_failed_logon : NTTIME(0) failed_logon_count : 0x00000000 (0) reserved : 0x00000000 (0) sidcount : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct netr_SidAttr sid : * sid : S-1-5-21-546099636-1453775275-3712789297-1130 attributes : 0x20000007 (536870919) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 1: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 Need to read 210 extra bytes child daemon request 56 child_process_request: request fn NDRCMD winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 idmap_find_domain called for domain 'TESTDOM' wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Finished processing child request 56 Writing 3712 bytes to parent wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'TESTDOM' acct_name : * acct_name : 'Administrator' full_name : * full_name : '' homedir : * homedir : '/home/%u.%D' shell : * shell : '/bin/bash' uid : 0x0000000000002904 (10500) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : S-1-5-21-847837108-3999977653-1779688838-500 group_sid : S-1-5-21-847837108-3999977653-1779688838-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED SID 0: S-1-5-21-847837108-3999977653-1779688838-513 Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) calling find_our_domain wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : S-1-5-21-847837108-3999977653-1779688838-513 wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_DOM_GRP (2) domain : * domain : * domain : 'TESTDOM' name : * name : * name : 'Domain Users' result : NT_STATUS_OK wb_request_done[1682:GETPWNAM]: NT_STATUS_OK winbind_client_response_written[1682:GETPWNAM]: delivered response to client Got sig[2] terminate (is_parent=0) Got sig[2] terminate (is_parent=0) Got sig[2] terminate (is_parent=0) Got sig[2] terminate (is_parent=1) check lock order 2 for /var/lib/samba/lock/serverid.tdb lock order: 1: 2:/var/lib/samba/lock/serverid.tdb 3: Locking key A506000000000000FFFF Allocated locked data 0x0x563e56a16920 Unlocking key A506000000000000FFFF release lock order 2 for /var/lib/samba/lock/serverid.tdb lock order: 1: 2: 3: