The Samba-Bugzilla – Attachment 14079 Details for
Bug 13346
cannot authenticate users from a one way trusted domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
one way trust failed log with krb5
winbindkowithkrb5andwithntlm.log (text/plain), 408.98 KB, created by
fanch
on 2018-03-23 09:33:40 UTC
(
hide
)
Description:
one way trust failed log with krb5
Filename:
MIME Type:
Creator:
fanch
Created:
2018-03-23 09:33:40 UTC
Size:
408.98 KB
patch
obsolete
>INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 >winbindd version 4.6.2 started. >Copyright Andrew Tridgell and the Samba Team 1992-2017 >lp_load_ex: refreshing parameters >Initialising global parameters >rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 >Processing section "[global]" >doing parameter realm = LAB.SAFERIT.FR >doing parameter security = ads >doing parameter workgroup = LAB >doing parameter idmap config LAB : backend = ad >doing parameter idmap config LAB : range = 10000-100000 >doing parameter idmap config TESTDOM : backend = rid >doing parameter idmap config TESTDOM : range = 10000-100000 >doing parameter idmap config * : range = 1000-9999 >doing parameter kerberos method = secrets and keytab >doing parameter client signing = yes >doing parameter client use spnego = yes >doing parameter template shell = /bin/bash >doing parameter template homedir = /home/%u.%D >doing parameter winbind refresh tickets = yes >doing parameter winbind nested groups = yes >doing parameter winbind expand groups = 4 >doing parameter winbind offline logon = false >doing parameter printing = cups >doing parameter printcap name = cups >doing parameter load printers = yes >doing parameter cups options = raw >pm_process() returned Yes >lp_servicenumber: couldn't find homes >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 16290806939454278482 >Registering messaging pointer for type 2 - private_data=(nil) >Registering messaging pointer for type 9 - private_data=(nil) >Registered MSG_REQ_POOL_USAGE >Registering messaging pointer for type 11 - private_data=(nil) >Registering messaging pointer for type 12 - private_data=(nil) >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 5 - private_data=(nil) >messaging_init_internal: my id: 1701 >lp_load_ex: refreshing parameters >Freeing parametrics: >Initialising global parameters >rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 >Processing section "[global]" >doing parameter realm = LAB.SAFERIT.FR >doing parameter security = ads >doing parameter workgroup = LAB >doing parameter idmap config LAB : backend = ad >doing parameter idmap config LAB : range = 10000-100000 >doing parameter idmap config TESTDOM : backend = rid >doing parameter idmap config TESTDOM : range = 10000-100000 >doing parameter idmap config * : range = 1000-9999 >doing parameter kerberos method = secrets and keytab >doing parameter client signing = yes >doing parameter client use spnego = yes >doing parameter template shell = /bin/bash >doing parameter template homedir = /home/%u.%D >doing parameter winbind refresh tickets = yes >doing parameter winbind nested groups = yes >doing parameter winbind expand groups = 4 >doing parameter winbind offline logon = false >doing parameter printing = cups >doing parameter printcap name = cups >doing parameter load printers = yes >doing parameter cups options = raw >pm_process() returned Yes >lp_servicenumber: couldn't find homes >added interface eth0 ip=10.0.3.54 bcast=10.0.3.255 netmask=255.255.255.0 >Netbios name list:- >my_netbios_names[0]="CENTOS" >added interface eth0 ip=10.0.3.54 bcast=10.0.3.255 netmask=255.255.255.0 >fcntl_lock 10 6 0 1 1 >fcntl_lock: Lock call successful >TimeInit: Serverzone is 14400 >msg_dgm_ref_destructor: refs=(nil) >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 7517049873169022586 >initialize_winbindd_cache: clearing cache and re-creating with version number 2 >check lock order 2 for /var/lib/samba/lock/serverid.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/serverid.tdb 3:<none> >Locking key A506000000000000FFFF >Allocated locked data 0x0x563e56a09820 >Unlocking key A506000000000000FFFF >release lock order 2 for /var/lib/samba/lock/serverid.tdb >lock order: 1:<none> 2:<none> 3:<none> >Registering messaging pointer for type 33 - private_data=(nil) >Registering messaging pointer for type 13 - private_data=(nil) >Registering messaging pointer for type 1028 - private_data=(nil) >Registering messaging pointer for type 1027 - private_data=(nil) >Registering messaging pointer for type 1029 - private_data=(nil) >Registering messaging pointer for type 1036 - private_data=(nil) >Registering messaging pointer for type 1035 - private_data=(nil) >Registering messaging pointer for type 1280 - private_data=(nil) >Registering messaging pointer for type 1032 - private_data=(nil) >Registering messaging pointer for type 1033 - private_data=(nil) >Registering messaging pointer for type 1034 - private_data=(nil) >Registering messaging pointer for type 1 - private_data=(nil) >Overriding messaging pointer for type 1 - private_data=(nil) >wcache_tdc_add_domain: Adding domain BUILTIN ((null)), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 1 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >Added domain BUILTIN (null) S-1-5-32 >wcache_tdc_add_domain: Adding domain CENTOS ((null)), SID S-1-5-21-3071314533-1259387351-2362713575, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 2 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >Added domain CENTOS (null) S-1-5-21-3071314533-1259387351-2362713575 >wcache_tdc_add_domain: Adding domain LAB (LAB.SAFERIT.FR), SID S-1-5-21-546099636-1453775275-3712789297, flags = 0x0, attributes = 0x0, type = 0x0 >pack_tdc_domains: Packing 3 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >pack_tdc_domains: Packing domain LAB (LAB.SAFERIT.FR) >Added domain LAB LAB.SAFERIT.FR S-1-5-21-546099636-1453775275-3712789297 >set_domain_online_request: called for domain LAB >set_domain_online_request: domain LAB was globally offline. >messaging_dgm_ref: messaging_dgm_get_unique returned Success >messaging_dgm_ref: unique = 7517049873169022586 >Registering messaging pointer for type 2 - private_data=(nil) >Registering messaging pointer for type 9 - private_data=(nil) >Registered MSG_REQ_POOL_USAGE >Registering messaging pointer for type 11 - private_data=(nil) >Registering messaging pointer for type 12 - private_data=(nil) >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 5 - private_data=(nil) >messaging_init_internal: my id: 1701 >messaging_dgm_ref: messaging_dgm_get_unique returned Success >messaging_dgm_ref: unique = 7517049873169022586 >fork_domain_child called for domain 'LAB' >Child process 1702 >msg_dgm_ref_destructor: refs=0x563e56a0d0c0 >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 12355143776520759608 >Deregistering messaging pointer for type 33 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Deregistering messaging pointer for type 1036 - private_data=(nil) >Deregistering messaging pointer for type 1035 - private_data=(nil) >Registering messaging pointer for type 1028 - private_data=(nil) >Registering messaging pointer for type 1027 - private_data=(nil) >Registering messaging pointer for type 1280 - private_data=(nil) >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 1034 - private_data=(nil) >Overriding messaging pointer for type 1034 - private_data=(nil) >set_domain_online_request: called for domain LAB >set_domain_online_request: domain LAB was globally offline. >child daemon request 48 >child_process_request: request fn INIT_CONNECTION >connection_ok: Connection to (null) for domain LAB is not connected >Opening cache file at /var/lib/samba/gencache.tdb >Opening cache file at /var/lib/samba/lock/gencache_notrans.tdb >Adding cache entry with key=[SAFJOIN/DOMAIN/LAB] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797138 seconds in the past) >Could not get allrecord lock on gencache_notrans.tdb: Locking error >saf_fetch: Returning "dc1.lab.saferit.fr" for "LAB" domain >Adding cache entry with key=[NEG_CONN_CACHE/LAB,dc1.lab.saferit.fr] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797138 seconds in the past) >Could not get allrecord lock on gencache_notrans.tdb: Locking error >check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr >cm_open_connection: saf_servername is 'dc1.lab.saferit.fr' for domain LAB >cm_open_connection: dcname is 'dc1.lab.saferit.fr' for domain LAB >check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Connecting to 10.0.3.10 at port 445 >cm_prepare_connection: connecting to DC dc1.lab.saferit.fr for domain LAB >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a1d1e0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a1d350 > >ldb: Running timer event 0x563e56a1d1e0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a1d350 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a1d1e0 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a1de90 > >ldb: Added timed event "ltdb_timeout": 0x563e56a1dc10 > >ldb: Running timer event 0x563e56a1de90 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a1dc10 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a1de90 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a1dc40 > >ldb: Added timed event "ltdb_timeout": 0x563e56a1ce60 > >ldb: Running timer event 0x563e56a1dc40 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a1ce60 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a1dc40 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >connecting to dc1.lab.saferit.fr (LAB, LAB.SAFERIT.FR) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] >got OID=1.3.6.1.4.1.311.2.2.30 >got OID=1.2.840.48018.1.2.2 >kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] >GENSEC backend 'gssapi_spnego' registered >GENSEC backend 'gssapi_krb5' registered >GENSEC backend 'gssapi_krb5_sasl' registered >GENSEC backend 'spnego' registered >GENSEC backend 'schannel' registered >GENSEC backend 'naclrpc_as_system' registered >GENSEC backend 'sasl-EXTERNAL' registered >GENSEC backend 'ntlmssp' registered >GENSEC backend 'ntlmssp_resume_ccache' registered >GENSEC backend 'http_basic' registered >GENSEC backend 'http_ntlm' registered >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >signed SMB2 message >signed SMB2 message >saf_store: domain = [LAB], server = [dc1.lab.saferit.fr], expire = [1521798038] >Adding cache entry with key=[SAF/DOMAIN/LAB] and timeout=[Fri Mar 23 05:40:38 AM 2018 EDT] (900 seconds ahead) >saf_store: domain = [LAB.SAFERIT.FR], server = [dc1.lab.saferit.fr], expire = [1521798038] >Adding cache entry with key=[SAF/DOMAIN/LAB.SAFERIT.FR] and timeout=[Fri Mar 23 05:40:38 AM 2018 EDT] (900 seconds ahead) >set_global_winbindd_state_online: online requested. >set_global_winbindd_state_online: rejecting. >set_domain_online: called for domain LAB >messaging_dgm_send: Sending message to 1701 >Did not store value for CURRENT_DCNAME/LAB, we already got it >set_dc_type_and_flags: setting up flags for primary or internal domain >set_dc_type_and_flags_connect: domain LAB >signed SMB2 message >imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x40b >messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1702 >messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1702 >Domain LAB is marked as online now. >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 3919286a-b10c-11d0-9ba8-00c04fd92ef5 > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 52 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000756 (1878) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 00 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe dssetup to machine dc1.lab.saferit.fr and bound anonymously. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > in: struct dssetup_DsRoleGetPrimaryDomainInformation > level : DS_ROLE_BASIC_INFORMATION (1) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000002 (2) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 164 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00b4 (180) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000009c (156) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=156 >[0000] 00 00 02 00 01 00 00 00 05 00 00 00 01 00 00 01 ........ ........ >[0010] 04 00 02 00 08 00 02 00 0C 00 02 00 65 AD 6E 0B ........ ....e.n. >[0020] 6B AB E6 4A BA 6C BB F0 10 E7 54 5D 04 00 00 00 k..J.l.. ..T].... >[0030] 00 00 00 00 04 00 00 00 4C 00 41 00 42 00 00 00 ........ L.A.B... >[0040] 0F 00 00 00 00 00 00 00 0F 00 00 00 6C 00 61 00 ........ ....l.a. >[0050] 62 00 2E 00 73 00 61 00 66 00 65 00 72 00 69 00 b...s.a. f.e.r.i. >[0060] 74 00 2E 00 66 00 72 00 00 00 00 00 0F 00 00 00 t...f.r. ........ >[0070] 00 00 00 00 0F 00 00 00 6C 00 61 00 62 00 2E 00 ........ l.a.b... >[0080] 73 00 61 00 66 00 65 00 72 00 69 00 74 00 2E 00 s.a.f.e. r.i.t... >[0090] 66 00 72 00 00 00 00 00 00 00 00 00 f.r..... .... >Got pdu len 180, data_len 156 >rpc_api_pipe: got frag len of 180 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 156 bytes. > dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation > out: struct dssetup_DsRoleGetPrimaryDomainInformation > info : * > info : union dssetup_DsRoleInfo(case 1) > basic: struct dssetup_DsRolePrimaryDomInfoBasic > role : DS_ROLE_PRIMARY_DC (5) > flags : 0x01000001 (16777217) > 1: DS_ROLE_PRIMARY_DS_RUNNING > 0: DS_ROLE_PRIMARY_DS_MIXED_MODE > 0: DS_ROLE_UPGRADE_IN_PROGRESS > 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT > domain : * > domain : 'LAB' > dns_domain : * > dns_domain : 'lab.saferit.fr' > forest : * > forest : 'lab.saferit.fr' > domain_guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > result : WERR_OK >signed SMB2 message >signed SMB2 message >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 52 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000757 (1879) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 00 01 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine dc1.lab.saferit.fr and bound anonymously. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\DC1.LAB.SAFERIT.FR' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000060 (96) > context_id : 0x0000 (0) > opnum : 0x002c (44) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 32 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=24 >[0000] 00 00 00 00 76 D9 E6 D6 C6 44 42 4B 86 97 85 98 ....v... .DBK.... >[0010] 7C 8C 64 8F 00 00 00 00 |.d..... >Got pdu len 48, data_len 24 >rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 24 bytes. > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d6e6d976-44c6-4b42-8697-85987c8c648f > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : d6e6d976-44c6-4b42-8697-85987c8c648f > level : LSA_POLICY_INFO_DNS (12) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x002e (46) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 192 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=184 >[0000] 00 00 02 00 0C 00 00 00 06 00 08 00 04 00 02 00 ........ ........ >[0010] 1C 00 1E 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ........ ........ >[0020] 65 AD 6E 0B 6B AB E6 4A BA 6C BB F0 10 E7 54 5D e.n.k..J .l....T] >[0030] 10 00 02 00 04 00 00 00 00 00 00 00 03 00 00 00 ........ ........ >[0040] 4C 00 41 00 42 00 00 00 0F 00 00 00 00 00 00 00 L.A.B... ........ >[0050] 0E 00 00 00 6C 00 61 00 62 00 2E 00 73 00 61 00 ....l.a. b...s.a. >[0060] 66 00 65 00 72 00 69 00 74 00 2E 00 66 00 72 00 f.e.r.i. t...f.r. >[0070] 0F 00 00 00 00 00 00 00 0E 00 00 00 6C 00 61 00 ........ ....l.a. >[0080] 62 00 2E 00 73 00 61 00 66 00 65 00 72 00 69 00 b...s.a. f.e.r.i. >[0090] 74 00 2E 00 66 00 72 00 04 00 00 00 01 04 00 00 t...f.r. ........ >[00A0] 00 00 00 05 15 00 00 00 B4 D1 8C 20 AB D9 A6 56 ........ ... ...V >[00B0] 31 AB 4C DD 00 00 00 00 1.L..... >Got pdu len 208, data_len 184 >rpc_api_pipe: got frag len of 208 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 184 bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x0006 (6) > size : 0x0008 (8) > string : * > string : 'LAB' > dns_domain: struct lsa_StringLarge > length : 0x001c (28) > size : 0x001e (30) > string : * > string : 'lab.saferit.fr' > dns_forest: struct lsa_StringLarge > length : 0x001c (28) > size : 0x001e (30) > string : * > string : 'lab.saferit.fr' > domain_guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297 > result : NT_STATUS_OK >set_dc_type_and_flags_connect: domain LAB is in native mode. >set_dc_type_and_flags_connect: domain LAB is running active directory. >signed SMB2 message >Finished processing child request 48 >Writing 3496 bytes to parent >child daemon request 20 >child_process_request: request fn LIST_TRUSTDOM >[ 1701]: list trusted domains >get_cache: Setting ADS methods for domain LAB >trusted_domains: [Cached] - doing backend query for info for domain LAB >ads: trusted_domains >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a168e0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a169a0 > >ldb: Running timer event 0x563e56a168e0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a169a0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a168e0 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a269d0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a26a90 > >ldb: Running timer event 0x563e56a269d0 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a26a90 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a269d0 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a27430 > >ldb: Added timed event "ltdb_timeout": 0x563e56a27560 > >ldb: Running timer event 0x563e56a27430 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a27560 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a27430 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >Connecting to 10.0.3.10 at port 135 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 72 >rpc_read_send: data_to_read: 44 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000dfd (3581) > secondary_address_size : 0x0004 (4) > secondary_address : '135' > _pad1 : DATA_BLOB length=2 >[0000] 00 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. >check_bind_response: accepted! > epm_Map: struct epm_Map > in: struct epm_Map > object : * > object : 12345678-1234-abcd-ef00-01234567cffb > map_tower : * > map_tower: struct epm_twr_t > tower_length : 0x0000004b (75) > tower: struct epm_tower > num_floors : 0x0005 (5) > floors: ARRAY(5) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[0010] 01 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[0010] 02 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_NCACN (11) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 11) > ncacn: struct epm_rhs_ncacn > minor_version : 0x0000 (0) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_TCP (7) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 7) > tcp: struct epm_rhs_tcp > port : 0x0087 (135) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_IP (9) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 9) > ip: struct epm_rhs_ip > ipaddr : 0.0.0.0 > entry_handle : * > entry_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > max_towers : 0x00000001 (1) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000084 (132) > context_id : 0x0000 (0) > opnum : 0x0003 (3) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 156 >rpc_read_send: data_to_read: 136 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0098 (152) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000080 (128) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=128 >[0000] 00 00 00 00 49 87 B1 F6 14 6F 1C 42 BC F5 B4 1C ....I... .o.B.... >[0010] 97 DC DB B0 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........ >[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... >[0030] 05 00 13 00 0D 78 56 34 12 34 12 CD AB EF 00 01 .....xV4 .4...... >[0040] 23 45 67 CF FB 01 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ >[0070] C0 17 01 00 09 04 00 0A 00 03 0A 00 00 00 00 00 ........ ........ >Got pdu len 152, data_len 128 >rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 128 bytes. > epm_Map: struct epm_Map > out: struct epm_Map > entry_handle : * > entry_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : f6b18749-6f14-421c-bcf5-b41c97dcdbb0 > num_towers : * > num_towers : 0x00000001 (1) > towers: ARRAY(1) > towers: struct epm_twr_p_t > twr : * > twr: struct epm_twr_t > tower_length : 0x0000004b (75) > tower: struct epm_tower > num_floors : 0x0005 (5) > floors: ARRAY(5) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[0010] 01 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[0010] 02 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_NCACN (11) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 11) > ncacn: struct epm_rhs_ncacn > minor_version : 0x0000 (0) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_TCP (7) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 7) > tcp: struct epm_rhs_tcp > port : 0xc017 (49175) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_IP (9) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 9) > ip: struct epm_rhs_ip > ipaddr : 10.0.3.10 > result : 0x00000000 (0) >Connecting to 10.0.3.10 at port 49175 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 72 >rpc_read_send: data_to_read: 44 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000758 (1880) > secondary_address_size : 0x0006 (6) > secondary_address : '49175' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe netlogon to machine dc1.lab.saferit.fr and bound anonymously. >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a22ed0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a22ed0 >Unlocking key 434C495B43454E544F53 >release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:<none> 3:<none> > netr_ServerReqChallenge: struct netr_ServerReqChallenge > in: struct netr_ServerReqChallenge > server_name : * > server_name : '\\dc1.lab.saferit.fr' > computer_name : * > computer_name : 'CENTOS' > credentials : * > credentials: struct netr_Credential > data : af77d2cd6b6ea127 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000005e (94) > context_id : 0x0000 (0) > opnum : 0x0004 (4) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 118 >rpc_read_send: data_to_read: 20 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=12 >[0000] 14 31 51 39 83 FE BA C7 00 00 00 00 .1Q9.... .... >Got pdu len 36, data_len 12 >rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 12 bytes. > netr_ServerReqChallenge: struct netr_ServerReqChallenge > out: struct netr_ServerReqChallenge > return_credentials : * > return_credentials: struct netr_Credential > data : 1431513983febac7 > result : NT_STATUS_OK > netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 > in: struct netr_ServerAuthenticate3 > server_name : * > server_name : '\\dc1.lab.saferit.fr' > account_name : * > account_name : 'CENTOS$' > secure_channel_type : SEC_CHAN_WKSTA (2) > computer_name : * > computer_name : 'CENTOS' > credentials : * > credentials: struct netr_Credential > data : dfffa214787e1b3a > negotiate_flags : * > negotiate_flags : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000084 (132) > context_id : 0x0000 (0) > opnum : 0x001a (26) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 156 >rpc_read_send: data_to_read: 28 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=20 >[0000] 64 09 7E 79 90 A9 B6 56 FF FF 0F 61 6D 04 00 00 d.~y...V ...am... >[0010] 00 00 00 00 .... >Got pdu len 44, data_len 20 >rpc_api_pipe: got frag len of 44 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 20 bytes. > netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 > out: struct netr_ServerAuthenticate3 > return_credentials : * > return_credentials: struct netr_Credential > data : 64097e7990a9b656 > negotiate_flags : * > negotiate_flags : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > rid : * > rid : 0x0000046d (1133) > result : NT_STATUS_OK >check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a31e30 >Unlocking key 434C495B43454E544F53 >release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:<none> 3:<none> >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a239b0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >rpccli_setup_netlogon_creds: using new netlogon_creds cli[CENTOS$/CENTOS] to dc1.lab.saferit.fr >Connecting to 10.0.3.10 at port 135 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 72 >rpc_read_send: data_to_read: 44 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000dfe (3582) > secondary_address_size : 0x0004 (4) > secondary_address : '135' > _pad1 : DATA_BLOB length=2 >[0000] B1 F6 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. >check_bind_response: accepted! > epm_Map: struct epm_Map > in: struct epm_Map > object : * > object : 12345678-1234-abcd-ef00-01234567cffb > map_tower : * > map_tower: struct epm_twr_t > tower_length : 0x0000004b (75) > tower: struct epm_tower > num_floors : 0x0005 (5) > floors: ARRAY(5) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[0010] 01 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[0010] 02 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_NCACN (11) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 11) > ncacn: struct epm_rhs_ncacn > minor_version : 0x0000 (0) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_TCP (7) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 7) > tcp: struct epm_rhs_tcp > port : 0x0087 (135) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_IP (9) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 9) > ip: struct epm_rhs_ip > ipaddr : 0.0.0.0 > entry_handle : * > entry_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > max_towers : 0x00000001 (1) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000084 (132) > context_id : 0x0000 (0) > opnum : 0x0003 (3) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 156 >rpc_read_send: data_to_read: 136 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0098 (152) > auth_length : 0x0000 (0) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000080 (128) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=128 >[0000] 00 00 00 00 5D 14 6C 9D D5 7A 94 42 85 A4 C5 A7 ....].l. .z.B.... >[0010] F9 73 98 4F 01 00 00 00 01 00 00 00 00 00 00 00 .s.O.... ........ >[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... >[0030] 05 00 13 00 0D 78 56 34 12 34 12 CD AB EF 00 01 .....xV4 .4...... >[0040] 23 45 67 CF FB 01 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ >[0070] C0 17 01 00 09 04 00 0A 00 03 0A 00 00 00 00 00 ........ ........ >Got pdu len 152, data_len 128 >rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 128 bytes. > epm_Map: struct epm_Map > out: struct epm_Map > entry_handle : * > entry_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 9d6c145d-7ad5-4294-85a4-c5a7f973984f > num_towers : * > num_towers : 0x00000001 (1) > towers: ARRAY(1) > towers: struct epm_twr_p_t > twr : * > twr: struct epm_twr_t > tower_length : 0x0000004b (75) > tower: struct epm_tower > num_floors : 0x0005 (5) > floors: ARRAY(5) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[0010] 01 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[0010] 02 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_NCACN (11) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 11) > ncacn: struct epm_rhs_ncacn > minor_version : 0x0000 (0) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_TCP (7) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 7) > tcp: struct epm_rhs_tcp > port : 0xc017 (49175) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_IP (9) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 9) > ip: struct epm_rhs_ip > ipaddr : 10.0.3.10 > result : 0x00000000 (0) >Connecting to 10.0.3.10 at port 49175 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a22800 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >Starting GENSEC mechanism schannel >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 68, auth_level 6 >create_generic_auth_rpc_bind_req: generate first token > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=19 >[0000] 00 00 00 00 03 00 00 00 4C 41 42 00 43 45 4E 54 ........ LAB.CENT >[0010] 4F 53 00 OS. > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0063 (99) > auth_length : 0x0013 (19) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=27 >[0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ >[0010] 4C 41 42 00 43 45 4E 54 4F 53 00 LAB.CENT OS. >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 99 >rpc_read_send: data_to_read: 64 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0050 (80) > auth_length : 0x000c (12) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000759 (1881) > secondary_address_size : 0x0006 (6) > secondary_address : '49175' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=20 >[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ >[0010] 00 00 00 00 .... >rpc_api_pipe: got frag len of 80 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 80 bytes. >check_bind_response: accepted! >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a269c0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a16db0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 > seed 14a2ffdf:3a1b7e78 > seed+time 6f57c7f3:3a1b7e78 > CLIENT 37275a83:2564ebb6 > seed+time+1 6f57c7f4:3a1b7e78 > SERVER 1b0b0484:20eea801 > netr_LogonGetCapabilities: struct netr_LogonGetCapabilities > in: struct netr_LogonGetCapabilities > server_name : * > server_name : '\\dc1.lab.saferit.fr' > computer_name : * > computer_name : 'CENTOS' > credential : * > credential: struct netr_Authenticator > cred: struct netr_Credential > data : 835a2737b6eb6425 > timestamp : Fri Mar 23 05:25:40 AM 2018 EDT > return_authenticator : * > return_authenticator: struct netr_Authenticator > cred: struct netr_Credential > data : 0000000000000000 > timestamp : (time_t)0 > query_level : 0x00000001 (1) > t: struct dcerpc_sec_verification_trailer > _pad : DATA_BLOB length=0 > magic : 0000000000000000 > count: struct dcerpc_sec_vt_count > count : 0x0002 (2) > commands: ARRAY(2) > commands: struct dcerpc_sec_vt > command : 0x0001 (1) > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > 0: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union dcerpc_sec_vt_union(case 0x1) > bitmask1 : 0x00000001 (1) > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > commands: struct dcerpc_sec_vt > command : 0x4002 (16386) > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > 1: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union dcerpc_sec_vt_union(case 0x2) > pcontext: struct dcerpc_sec_vt_pcontext > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x0000000e (14) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b0 (176) > context_id : 0x0000 (0) > opnum : 0x0015 (21) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 264 >rpc_read_send: data_to_read: 104 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0078 (120) > auth_length : 0x0038 (56) > call_id : 0x0000000e (14) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=96 >[0000] 6B 93 55 EE 8E B5 4C 50 22 8A 5D 58 C6 94 17 F9 k.U...LP ".]X.... >[0010] A4 53 BC DD EA 39 07 DF 0F E9 39 FA 59 71 C7 A6 .S...9.. ..9.Yq.. >[0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0030] B8 AD 41 E2 F9 06 81 4A 62 59 B1 89 86 59 BD 67 ..A....J bY...Y.g >[0040] 14 75 88 BB BB EB 87 11 0F 00 00 00 00 00 00 00 .u...... ........ >[0050] 0E 00 00 00 6C 00 61 00 62 00 2E 00 73 00 61 00 ....l.a. b...s.a. >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 >GENSEC auth >Got pdu len 120, data_len 24 >rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 24 bytes. > netr_LogonGetCapabilities: struct netr_LogonGetCapabilities > out: struct netr_LogonGetCapabilities > return_authenticator : * > return_authenticator: struct netr_Authenticator > cred: struct netr_Credential > data : 84040b1b01a8ee20 > timestamp : (time_t)0 > capabilities : * > capabilities : union netr_Capabilities(case 1) > server_capabilities : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > result : NT_STATUS_OK >check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a16cd0 >Unlocking key 434C495B43454E544F53 >release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:<none> 3:<none> >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a16070 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >cli_rpc_pipe_open_schannel_with_creds: opened pipe netlogon to machine dc1.lab.saferit.fr for domain LAB and bound using schannel. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'dc1.lab.saferit.fr' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x0000000f (15) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000003c (60) > context_id : 0x0000 (0) > opnum : 0x0028 (40) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 152 >rpc_read_send: data_to_read: 360 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0178 (376) > auth_length : 0x0038 (56) > call_id : 0x0000000f (15) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000120 (288) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=352 >[0000] 7F B5 32 0F 07 26 6D CE 77 A0 3C 43 97 05 93 12 ..2..&m. w.<C.... >[0010] 1C 1D 70 CE 1F 26 67 9D 22 35 D9 80 5F 5D 91 F3 ..p..&g. "5.._].. >[0020] 78 81 98 D4 9E 96 84 AE E7 A6 6E 9C A9 C1 04 25 x....... ..n....% >[0030] C7 D7 CA 19 25 E8 88 39 02 6A 1B EB B8 93 28 AC ....%..9 .j....(. >[0040] B5 D7 AB A3 66 8C 71 7B 79 B3 83 D1 D8 BB 49 A8 ....f.q{ y.....I. >[0050] AE 0D 2E 9C 50 B2 84 C3 A9 81 A6 96 59 E5 C0 88 ....P... ....Y... >[0060] D8 FB 58 E4 82 42 13 7A 11 AB E5 61 85 45 5C FB ..X..B.z ...a.E\. >[0070] 69 60 0D 36 27 ED 4F 18 8A 49 CC 77 E5 C2 81 10 i`.6'.O. .I.w.... >[0080] F0 1E B2 30 CA FC A2 33 3E 09 6E 8A 59 BF 79 0A ...0...3 >.n.Y.y. >[0090] 6D 08 D8 08 26 F1 4A 89 EC FD 18 49 9C 35 63 12 m...&.J. ...I.5c. >[00A0] 2A E8 2C C1 74 64 C7 E3 8D B2 34 96 5D DE A7 C7 *.,.td.. ..4.]... >[00B0] 11 0D 62 E3 78 A2 72 6B 87 34 D1 82 F9 46 55 03 ..b.x.rk .4...FU. >[00C0] 5F 1B 05 F5 66 76 54 69 C3 B2 30 F2 E1 10 43 C4 _...fvTi ..0...C. >[00D0] ED B6 16 D8 7A 4D 67 7E EF 3A 3A 8E E8 C4 5D BB ....zMg~ .::...]. >[00E0] 3E C4 7D EA 7A 4A 1B 81 D0 47 80 8A CB CE D9 02 >.}.zJ.. .G...... >[00F0] CC B6 73 6C 57 A7 33 36 CB A3 D7 40 7F C7 CC C2 ..slW.36 ...@.... >[0100] 99 37 A5 CF CF 3E C5 2D D3 E0 FE 9E 07 AA 00 67 .7...>.- .......g >[0110] EC 09 B0 96 07 C5 77 05 5D E9 83 08 00 9C 1D 18 ......w. ]....... >[0120] 44 06 00 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0130] 9C D4 6B 45 EC BB 31 99 6F 0C C4 46 79 22 5E 0D ..kE..1. o..Fy"^. >[0140] E9 A0 6B 8B A2 61 1A 3E 00 00 00 00 00 00 00 00 ..k..a.> ........ >[0150] 0B 00 00 0B FF B3 0C 00 90 FB 81 DF 33 00 00 00 ........ ....3... >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 >GENSEC auth >Got pdu len 376, data_len 288 >rpc_api_pipe: got frag len of 376 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 288 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000002 (2) > array : * > array: ARRAY(2) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'TESTDOM' > dns_name : * > dns_name : 'testdom.net' > trust_flags : 0x00000002 (2) > 0: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > parent_index : 0x00000000 (0) > trust_type : LSA_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000008 (8) > 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838 > guid : 00000000-0000-0000-0000-000000000000 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'LAB' > dns_name : * > dns_name : 'lab.saferit.fr' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > parent_index : 0x00000000 (0) > trust_type : LSA_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297 > guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > result : WERR_OK >trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain testdom.net >wcache_tdc_add_domain: Adding domain TESTDOM (testdom.net), SID S-1-5-21-847837108-3999977653-1779688838, flags = 0x2, attributes = 0x8, type = 0x2 >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >pack_tdc_domains: Packing domain LAB (LAB.SAFERIT.FR) >pack_tdc_domains: Packing domain TESTDOM (testdom.net) >trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain lab.saferit.fr >wcache_tdc_add_domain: Adding domain LAB (lab.saferit.fr), SID S-1-5-21-546099636-1453775275-3712789297, flags = 0x1d, attributes = 0x0, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for LAB >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >pack_tdc_domains: Packing domain LAB (lab.saferit.fr) >pack_tdc_domains: Packing domain TESTDOM (testdom.net) >Finished processing child request 20 >Writing 3630 bytes to parent >trustdom_list_done: parsing response line 'TESTDOM\testdom.net\S-1-5-21-847837108-3999977653-1779688838\2\2\8 >LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' >wcache_tdc_add_domain: Adding domain TESTDOM (testdom.net), SID S-1-5-21-847837108-3999977653-1779688838, flags = 0x2, attributes = 0x8, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for TESTDOM >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >pack_tdc_domains: Packing domain LAB (lab.saferit.fr) >pack_tdc_domains: Packing domain TESTDOM (testdom.net) >Added domain TESTDOM testdom.net S-1-5-21-847837108-3999977653-1779688838 >trustdom_list_done: parsing response line 'LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' >rescan_forest_root_trusts: Following trust path for domain tree root LAB (lab.saferit.fr) >child daemon request 20 >child_process_request: request fn LIST_TRUSTDOM >[ 1701]: list trusted domains >trusted_domains: [Cached] - doing backend query for info for domain LAB >ads: trusted_domains > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : 'dc1.lab.saferit.fr' > trust_flags : 0x00000023 (35) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000010 (16) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000003c (60) > context_id : 0x0000 (0) > opnum : 0x0028 (40) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 152 >rpc_read_send: data_to_read: 360 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0178 (376) > auth_length : 0x0038 (56) > call_id : 0x00000010 (16) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000120 (288) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=352 >[0000] 6C 91 F6 7C 80 6F 81 EB B6 5D 27 D6 2A A3 DE 80 l..|.o.. .]'.*... >[0010] 73 18 C9 A7 A0 29 5E A3 D6 A6 C3 9A E5 72 F6 0A s....)^. .....r.. >[0020] 73 BA A6 84 69 BD 65 A5 26 53 01 B7 7C A7 76 79 s...i.e. &S..|.vy >[0030] 1B 25 23 45 96 E5 1A 9C BD 36 78 C8 7C BC 0B AF .%#E.... .6x.|... >[0040] 7C 99 39 C1 DA FA D7 94 D5 54 90 38 35 5F 2B 9C |.9..... .T.85_+. >[0050] C6 DB 6E C3 EE B2 A1 CE F8 B5 21 C9 69 05 AA 02 ..n..... ..!.i... >[0060] B8 03 E4 C6 CB 6E 87 66 33 C6 FD D0 16 06 5B 10 .....n.f 3.....[. >[0070] 0C 3F 7B 90 24 BC DC 89 DA EC D4 D3 DD 02 A8 83 .?{.$... ........ >[0080] EA 65 70 99 54 96 7F 1F 1B 1C 56 20 A4 1F CE B7 .ep.T... ..V .... >[0090] 83 44 00 C6 DE 7E C1 24 CA 86 2C 8D 62 30 B6 5F .D...~.$ ..,.b0._ >[00A0] B3 5C B4 A8 03 D9 8F 26 27 B2 71 46 F0 DB 94 FA .\.....& '.qF.... >[00B0] 12 65 5F A1 49 76 18 D3 60 0E 8F 37 BD 93 9A A1 .e_.Iv.. `..7.... >[00C0] D9 6F 28 D7 6B 77 40 EE 66 BF 95 AB DE AF 96 73 .o(.kw@. f......s >[00D0] 74 A5 F2 D5 65 B5 5D 3C 30 F3 05 E3 71 A7 19 B8 t...e.]< 0...q... >[00E0] B1 25 18 B9 FD 29 AD 24 61 E9 CC 40 54 84 99 F8 .%...).$ a..@T... >[00F0] 32 64 E5 4D EC C7 1D DB E7 3A DE 9D 01 11 5A 39 2d.M.... .:....Z9 >[0100] 54 5A 79 E6 00 4B FA 1E F5 56 BD C2 7C C2 B2 73 TZy..K.. .V..|..s >[0110] E1 08 A9 32 7A C7 64 39 88 48 F7 6E 83 52 48 50 ...2z.d9 .H.n.RHP >[0120] 44 06 00 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0130] 5B ED 57 1C D2 D6 53 B8 9A 4E 8A 81 86 CD C3 C3 [.W...S. .N...... >[0140] A4 AE C1 11 1B 3F A2 80 00 00 00 00 00 00 00 00 .....?.. ........ >[0150] 0B 00 00 0B FF B3 0C 00 90 FB 81 DF 33 00 00 00 ........ ....3... >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 >GENSEC auth >Got pdu len 376, data_len 288 >rpc_api_pipe: got frag len of 376 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 288 bytes. > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > out: struct netr_DsrEnumerateDomainTrusts > trusts : * > trusts: struct netr_DomainTrustList > count : 0x00000002 (2) > array : * > array: ARRAY(2) > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'TESTDOM' > dns_name : * > dns_name : 'testdom.net' > trust_flags : 0x00000002 (2) > 0: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 0: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > parent_index : 0x00000000 (0) > trust_type : LSA_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000008 (8) > 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838 > guid : 00000000-0000-0000-0000-000000000000 > array: struct netr_DomainTrust > netbios_name : * > netbios_name : 'LAB' > dns_name : * > dns_name : 'lab.saferit.fr' > trust_flags : 0x0000001d (29) > 1: NETR_TRUST_FLAG_IN_FOREST > 0: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES > parent_index : 0x00000000 (0) > trust_type : LSA_TRUST_TYPE_UPLEVEL (2) > trust_attributes : 0x00000000 (0) > 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY > 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN > 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE > 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION > 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST > 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297 > guid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > result : WERR_OK >trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain testdom.net >wcache_tdc_add_domain: Adding domain TESTDOM (testdom.net), SID S-1-5-21-847837108-3999977653-1779688838, flags = 0x2, attributes = 0x8, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for TESTDOM >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >pack_tdc_domains: Packing domain LAB (lab.saferit.fr) >pack_tdc_domains: Packing domain TESTDOM (testdom.net) >trusted_domains(ads): Searching trusted domain list of LAB and storing trust flags for domain lab.saferit.fr >wcache_tdc_add_domain: Adding domain LAB (lab.saferit.fr), SID S-1-5-21-546099636-1453775275-3712789297, flags = 0x1d, attributes = 0x0, type = 0x2 >add_wbdomain_to_tdc_array: Found existing record for LAB >pack_tdc_domains: Packing 4 trusted domains >pack_tdc_domains: Packing domain BUILTIN (UNKNOWN) >pack_tdc_domains: Packing domain CENTOS (UNKNOWN) >pack_tdc_domains: Packing domain LAB (lab.saferit.fr) >pack_tdc_domains: Packing domain TESTDOM (testdom.net) >Finished processing child request 20 >Writing 3630 bytes to parent >trustdom_list_done: parsing response line 'TESTDOM\testdom.net\S-1-5-21-847837108-3999977653-1779688838\2\2\8 >LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' >trustdom_list_done: parsing response line 'LAB\lab.saferit.fr\S-1-5-21-546099636-1453775275-3712789297\29\2\0' >check_domain_online_handler: called for domain LAB (online = True) >Registering messaging pointer for type 1030 - private_data=(nil) >Registering messaging pointer for type 1031 - private_data=(nil) >msg_dgm_ref_destructor: refs=0x563e56a0d0c0 >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 12475895378359245789 >Deregistering messaging pointer for type 33 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Deregistering messaging pointer for type 1036 - private_data=(nil) >Deregistering messaging pointer for type 1035 - private_data=(nil) >Opening cache file at /var/lib/samba/gencache.tdb >Opening cache file at /var/lib/samba/lock/gencache_notrans.tdb >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_dc_name: domain=LAB >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) >Adding cache entry with key=[SAFJOIN/DOMAIN/LAB.SAFERIT.FR] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797143 seconds in the past) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding cache entry with key=[NEG_CONN_CACHE/lab.saferit.fr,10.0.3.10] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797143 seconds in the past) >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f1fd (61949) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > forest : 'lab.saferit.fr' > dns_domain : 'lab.saferit.fr' > pdc_dns_name : 'dc1.lab.saferit.fr' > domain_name : 'LAB' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it >sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it >Successfully contacted LDAP server 10.0.3.10 >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site Default-First-Site-Name search >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site-less search >0 additional KDCs to test >get_kdc_ip_string: Returning kdc = 10.0.3.10 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 > >ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >Adding cache entry with key=[NEG_CONN_CACHE/LAB,10.0.3.10] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797143 seconds in the past) >check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename NULL) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename (null)) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 >messaging_dgm_send: Sending message to 1701 >imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x406 >messaging_recv_cb: Received message 0x406 len 4 (num_fds:0) from 1704 >messaging_recv_cb: Received message 0x406 len 4 (num_fds:0) from 1704 >msg_try_to_go_online: received for domain LAB. >msg_try_to_go_online: domain LAB already online. >Already reaped child 1704 died >accepted socket 21 >process_request: request fn INTERFACE_VERSION >[ 1682]: request interface version (version = 28) >winbind_client_response_written[1682:INTERFACE_VERSION]: delivered response to client >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 1682]: request location of privileged pipe >winbind_client_response_written[1682:WINBINDD_PRIV_PIPE_DIR]: delivered response to client >accepted socket 23 >closing socket 21, client exited >process_request: Handling async request 1682:GETPWNAM >getpwnam TESTDOM\administrator > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) >Need to read 52 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (LAB) > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) >ads: fetch sequence_number for LAB >ads_cached_connection >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_dc_name: domain=LAB >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f1fd (61949) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > forest : 'lab.saferit.fr' > dns_domain : 'lab.saferit.fr' > pdc_dns_name : 'dc1.lab.saferit.fr' > domain_name : 'LAB' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it >sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it >Successfully contacted LDAP server 10.0.3.10 >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site Default-First-Site-Name search >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site-less search >0 additional KDCs to test >get_kdc_ip_string: Returning kdc = 10.0.3.10 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 > >ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 >ads_find_dc: (ldap) looking for realm 'lab.saferit.fr' and falling back to domain 'LAB' >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_dc_name: domain=LAB >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f1fd (61949) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > forest : 'lab.saferit.fr' > dns_domain : 'lab.saferit.fr' > pdc_dns_name : 'dc1.lab.saferit.fr' > domain_name : 'LAB' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it >sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it >Successfully contacted LDAP server 10.0.3.10 >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site Default-First-Site-Name search >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site-less search >0 additional KDCs to test >get_kdc_ip_string: Returning kdc = 10.0.3.10 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 > >ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 >ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f1fd (61949) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > forest : 'lab.saferit.fr' > dns_domain : 'lab.saferit.fr' > pdc_dns_name : 'dc1.lab.saferit.fr' > domain_name : 'LAB' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it >sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it >Successfully contacted LDAP server 10.0.3.10 >Opening connection to LDAP server '10.0.3.10:389', timeout 15 seconds >Initialized connection for LDAP server 'ldap://10.0.3.10:389' >Connected to LDAP server dc1.lab.saferit.fr >ads_closest_dc: NBT_SERVER_CLOSEST flag set >saf_store: domain = [LAB], server = [dc1.lab.saferit.fr], expire = [1521798049] >Did not store value for SAF/DOMAIN/LAB, we already got it >saf_store: domain = [lab.saferit.fr], server = [dc1.lab.saferit.fr], expire = [1521798049] >Did not store value for SAF/DOMAIN/LAB.SAFERIT.FR, we already got it >KDC time offset is 0 seconds >Found SASL mechanism GSS-SPNEGO >ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 >ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:winbind_ccache] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.LAB] >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >Search for (objectclass=*) in <> gave 1 replies >wcache_store_seqnum: success [LAB][335984 @ 1521797149] >refresh_sequence_number: LAB seq number is now 335984 >name_to_sid: [Cached] - doing backend query for name for domain LAB >msrpc_name_to_sid: name=TESTDOM\ADMINISTRATOR >name_to_sid [rpc] TESTDOM\ADMINISTRATOR for domain TESTDOM >cm_connect_lsa_tcp >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a492b0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a49690 > >ldb: Running timer event 0x563e56a492b0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a49690 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a492b0 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a49d50 > >ldb: Added timed event "ltdb_timeout": 0x563e56a49ad0 > >ldb: Running timer event 0x563e56a49d50 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a49ad0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a49d50 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a48c90 > >ldb: Added timed event "ltdb_timeout": 0x563e56a49690 > >ldb: Running timer event 0x563e56a48c90 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a49690 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a48c90 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >Connecting to 10.0.3.10 at port 135 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 0, auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000011 (17) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : e1af8308-5d1f-11c9-91a4-08002b14a0fa > if_version : 0x00000003 (3) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 72 >rpc_read_send: data_to_read: 44 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000011 (17) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000dff (3583) > secondary_address_size : 0x0004 (4) > secondary_address : '135' > _pad1 : DATA_BLOB length=2 >[0000] 6C 9D l. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >rpc_api_pipe: got frag len of 60 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 60 bytes. >check_bind_response: accepted! > epm_Map: struct epm_Map > in: struct epm_Map > object : * > object : 12345778-1234-abcd-ef00-0123456789ab > map_tower : * > map_tower: struct epm_twr_t > tower_length : 0x0000004b (75) > tower: struct epm_tower > num_floors : 0x0005 (5) > floors: ARRAY(5) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[0010] 00 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[0010] 02 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_NCACN (11) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 11) > ncacn: struct epm_rhs_ncacn > minor_version : 0x0000 (0) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_TCP (7) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 7) > tcp: struct epm_rhs_tcp > port : 0x0087 (135) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_IP (9) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 9) > ip: struct epm_rhs_ip > ipaddr : 0.0.0.0 > entry_handle : * > entry_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > max_towers : 0x00000001 (1) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000012 (18) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000084 (132) > context_id : 0x0000 (0) > opnum : 0x0003 (3) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 156 >rpc_read_send: data_to_read: 136 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0098 (152) > auth_length : 0x0000 (0) > call_id : 0x00000012 (18) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000080 (128) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=128 >[0000] 00 00 00 00 9A 13 FA 15 1B 35 89 40 90 F3 5A 9E ........ .5.@..Z. >[0010] EB 63 78 81 01 00 00 00 01 00 00 00 00 00 00 00 .cx..... ........ >[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... >[0030] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4...... >[0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......] >[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. >[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ >[0070] C0 17 01 00 09 04 00 0A 00 03 0A 00 00 00 00 00 ........ ........ >Got pdu len 152, data_len 128 >rpc_api_pipe: got frag len of 152 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 128 bytes. > epm_Map: struct epm_Map > out: struct epm_Map > entry_handle : * > entry_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 15fa139a-351b-4089-90f3-5a9eeb637881 > num_towers : * > num_towers : 0x00000001 (1) > towers: ARRAY(1) > towers: struct epm_twr_p_t > twr : * > twr: struct epm_twr_t > tower_length : 0x0000004b (75) > tower: struct epm_tower > num_floors : 0x0005 (5) > floors: ARRAY(5) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[0010] 00 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_UUID (13) > lhs_data : DATA_BLOB length=18 >[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[0010] 02 00 .. > rhs : union epm_rhs(case 13) > uuid: struct epm_rhs_uuid > unknown : DATA_BLOB length=2 >[0000] 00 00 .. > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_NCACN (11) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 11) > ncacn: struct epm_rhs_ncacn > minor_version : 0x0000 (0) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_TCP (7) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 7) > tcp: struct epm_rhs_tcp > port : 0xc017 (49175) > floors: struct epm_floor > lhs: struct epm_lhs > protocol : EPM_PROTOCOL_IP (9) > lhs_data : DATA_BLOB length=0 > rhs : union epm_rhs(case 9) > ip: struct epm_rhs_ip > ipaddr : 10.0.3.10 > result : 0x00000000 (0) >Connecting to 10.0.3.10 at port 49175 >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a48cc0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >Starting GENSEC mechanism schannel >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 68, auth_level 6 >create_generic_auth_rpc_bind_req: generate first token > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=19 >[0000] 00 00 00 00 03 00 00 00 4C 41 42 00 43 45 4E 54 ........ LAB.CENT >[0010] 4F 53 00 OS. > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0063 (99) > auth_length : 0x0013 (19) > call_id : 0x00000013 (19) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=27 >[0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ >[0010] 4C 41 42 00 43 45 4E 54 4F 53 00 LAB.CENT OS. >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 99 >rpc_read_send: data_to_read: 64 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0050 (80) > auth_length : 0x000c (12) > call_id : 0x00000013 (19) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x0000075a (1882) > secondary_address_size : 0x0006 (6) > secondary_address : '49175' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=20 >[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ >[0010] 00 00 00 00 .... >rpc_api_pipe: got frag len of 80 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 80 bytes. >check_bind_response: accepted! >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a20fc0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >cli_rpc_pipe_open_schannel_with_creds: opened pipe lsarpc to machine dc1.lab.saferit.fr for domain LAB and bound using schannel. > lsa_LookupNames4: struct lsa_LookupNames4 > in: struct lsa_LookupNames4 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x002a (42) > size : 0x002a (42) > string : * > string : 'TESTDOM\ADMINISTRATOR' > sids : * > sids: struct lsa_TransSidArray3 > count : 0x00000000 (0) > sids : NULL > level : LSA_LOOKUP_NAMES_ALL (1) > count : * > count : 0x00000000 (0) > lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) > client_revision : LSA_CLIENT_REVISION_2 (2) > t: struct dcerpc_sec_verification_trailer > _pad : DATA_BLOB length=0 > magic : 0000000000000000 > count: struct dcerpc_sec_vt_count > count : 0x0002 (2) > commands: ARRAY(2) > commands: struct dcerpc_sec_vt > command : 0x0001 (1) > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > 0: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union dcerpc_sec_vt_union(case 0x1) > bitmask1 : 0x00000001 (1) > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > commands: struct dcerpc_sec_vt > command : 0x4002 (16386) > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > 1: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union dcerpc_sec_vt_union(case 0x2) > pcontext: struct dcerpc_sec_vt_pcontext > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000014 (20) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000009c (156) > context_id : 0x0000 (0) > opnum : 0x004d (77) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x04 (4) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 248 >rpc_read_send: data_to_read: 232 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00f8 (248) > auth_length : 0x0038 (56) > call_id : 0x00000014 (20) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000009c (156) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=224 >[0000] 03 E9 8F 7A 10 B4 C6 4E D2 7C 11 16 26 49 3D 63 ...z...N .|..&I=c >[0010] BF D9 3E 53 F6 BA C9 A6 14 77 77 9E 16 87 4E 70 ..>S.... .ww...Np >[0020] 71 77 FB EA 2A 2A D7 D2 61 30 E1 E5 B0 16 B6 CF qw..**.. a0...... >[0030] 86 5B B6 88 53 8F 82 7E 34 AB A2 2F B7 6D 99 63 .[..S..~ 4../.m.c >[0040] 25 D9 C5 3B F4 81 DC A2 2C B1 72 5D 35 12 F9 1A %..;.... ,.r]5... >[0050] F5 0A A4 82 E1 4B 50 82 E5 C2 1B F5 EA 21 D2 ED .....KP. .....!.. >[0060] D1 7D 5F F9 56 52 39 04 15 E1 31 77 80 4B 1D 9D .}_.VR9. ..1w.K.. >[0070] 31 9C AE BE 2E DA 9B E5 AB 2C 1C 8F 0F 16 C0 E4 1....... .,...... >[0080] B5 34 A6 90 13 B5 51 15 63 BE 70 04 77 BB 45 DE .4....Q. c.p.w.E. >[0090] FD 46 5D 34 43 27 60 DE 38 C0 14 6F C6 69 8F 5B .F]4C'`. 8..o.i.[ >[00A0] 44 06 04 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[00B0] 3E 0D 0D 2D 3C AF 3A DF 63 18 55 BE 11 1C 1B 83 >..-<.:. c.U..... >[00C0] 6E 63 7B 96 E9 3C 8C 7D 13 00 1A 00 FF FF 00 00 nc{..<.} ........ >[00D0] F7 E7 1C C2 22 97 CC 10 52 C3 CD 21 37 EE 53 46 ...."... R..!7.SF >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 4 >GENSEC auth >Got pdu len 248, data_len 156 >rpc_api_pipe: got frag len of 248 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 156 bytes. > lsa_LookupNames4: struct lsa_LookupNames4 > out: struct lsa_LookupNames4 > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838 > max_size : 0x00000001 (1) > sids : * > sids: struct lsa_TransSidArray3 > count : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_TranslatedSid3 > sid_type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > sid_index : 0x00000000 (0) > flags : 0x00000000 (0) > count : * > count : 0x00000001 (1) > result : NT_STATUS_OK >refresh_sequence_number: LAB time ok >refresh_sequence_number: LAB seq number is now 335984 >wcache_save_name_to_sid: TESTDOM\ADMINISTRATOR -> S-1-5-21-847837108-3999977653-1779688838-500 (NT_STATUS_OK) >wcache_save_sid_to_name: S-1-5-21-847837108-3999977653-1779688838-500 -> TESTDOM\administrator (NT_STATUS_OK) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >Finished processing child request 56 >Writing 3532 bytes to parent > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >SID 0: S-1-5-21-847837108-3999977653-1779688838-500 >Opening cache file at /var/lib/samba/gencache.tdb >Opening cache file at /var/lib/samba/lock/gencache_notrans.tdb >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] >netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] > &r: struct netsamlogoncache_entry > timestamp : Fri Mar 23 05:20:37 AM 2018 EDT > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > logon_time : Fri Mar 23 05:09:15 AM 2018 EDT > logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > last_password_change : Mon Feb 12 09:15:04 AM 2018 EST > allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST > force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT > account_name: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'Administrator' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x009d (157) > bad_password_count : 0x0000 (0) > rid : 0x000001f4 (500) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000005 (5) > rids : * > rids: ARRAY(5) > rids: struct samr_RidWithAttribute > rid : 0x00000208 (520) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000206 (518) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000207 (519) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x001e (30) > size : 0x0020 (32) > string : * > string : 'WIN-NJ57UVUO8PC' > logon_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > domain_sid : * > domain_sid : S-1-5-21-847837108-3999977653-1779688838 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > sub_auth_status : 0x00000000 (0) > last_successful_logon : NTTIME(0) > last_failed_logon : NTTIME(0) > failed_logon_count : 0x00000000 (0) > reserved : 0x00000000 (0) > sidcount : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297-1130 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >fork_domain_child called without domain. >Child process 1707 >msg_dgm_ref_destructor: refs=0x563e56a0d0c0 >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 2413307727200749532 >Deregistering messaging pointer for type 33 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Deregistering messaging pointer for type 1036 - private_data=(nil) >Deregistering messaging pointer for type 1035 - private_data=(nil) >Registering messaging pointer for type 1028 - private_data=(nil) >Registering messaging pointer for type 1027 - private_data=(nil) >Registering messaging pointer for type 1280 - private_data=(nil) >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 1034 - private_data=(nil) >Overriding messaging pointer for type 1034 - private_data=(nil) >set_domain_online_request: called for domain LAB >set_domain_online_request: domain LAB was globally offline. >Need to read 210 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >idmap_find_domain called for domain 'TESTDOM' >idmap_init(): calling static_init_idmap >calling idmap_tdb_init >Successfully added idmap backend 'tdb' >Successfully added idmap backend 'passdb' >Successfully added idmap backend 'nss' >Successfully added idmap backend 'ldap' >Attempting to find a passdb backend to match tdbsam (tdbsam) >No builtin backend found, trying to load plugin >Probing module 'tdbsam' >Probing module 'tdbsam': Trying to load from /usr/lib64/samba/pdb/tdbsam.so >Module 'tdbsam' loaded >Attempting to register passdb backend tdbsam >Successfully added passdb backend 'tdbsam' >Found pdb backend tdbsam >pdb backend tdbsam has a valid init >idmap_tdb_db_init called for domain '*' >Opening tdbfile /var/lib/samba/winbindd_idmap.tdb >lp_scan_idmap_found_domain: Found idmap domain "testdom" >idmap_found_domain_backend: Found idmap domain "testdom" >idmap backend rid not found >Probing module 'rid' >Probing module 'rid': Trying to load from /usr/lib64/samba/idmap/rid.so >Module 'rid' loaded >Successfully added idmap backend 'rid' >lp_scan_idmap_found_domain: Found idmap domain "lab" >idmap_found_domain_backend: Found idmap domain "lab" >idmap backend ad not found >Probing module 'ad' >Probing module 'ad': Trying to load from /usr/lib64/samba/idmap/ad.so >Module 'ad' loaded >Successfully added idmap backend 'ad' >smb_register_idmap_nss: Successfully added idmap nss backend 'rfc2307' >smb_register_idmap_nss: Successfully added idmap nss backend 'sfu' >smb_register_idmap_nss: Successfully added idmap nss backend 'sfu20' >lp_scan_idmap_found_domain: Found idmap domain "*" >idmap_found_domain_backend: Found idmap domain "*" > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >Finished processing child request 56 >Writing 3712 bytes to parent > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >SID 0: S-1-5-21-847837108-3999977653-1779688838-513 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] >find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) >calling find_our_domain > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 >Need to read 28 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (LAB) > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 >refresh_sequence_number: LAB time ok >refresh_sequence_number: LAB seq number is now 335984 >sid_to_name: [Cached] - doing backend query for name for domain LAB >msrpc_sid_to_name: S-1-5-21-847837108-3999977653-1779688838-513 for domain LAB >cm_connect_lsa_tcp >rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1. > lsa_LookupSids3: struct lsa_LookupSids3 > in: struct lsa_LookupSids3 > sids : * > sids: struct lsa_SidArray > num_sids : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_SidPtr > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 > names : * > names: struct lsa_TransNameArray2 > count : 0x00000000 (0) > names : NULL > level : LSA_LOOKUP_NAMES_ALL (1) > count : * > count : 0x00000000 (0) > lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) > client_revision : LSA_CLIENT_REVISION_2 (2) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000015 (21) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000048 (72) > context_id : 0x0000 (0) > opnum : 0x004c (76) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x08 (8) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >rpc_write_send: data_to_write: 168 >rpc_read_send: data_to_read: 248 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0108 (264) > auth_length : 0x0038 (56) > call_id : 0x00000015 (21) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000a4 (164) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=240 >[0000] 0F 7A A3 CE 60 56 F9 42 F6 D2 10 14 C3 AA A0 34 .z..`V.B .......4 >[0010] B3 9E B6 18 D2 45 C1 9A B5 36 6D FC DD B4 CC 8C .....E.. .6m..... >[0020] 54 1F 30 BD 83 EA F2 EA 26 B7 13 2A AC BA 60 4A T.0..... &..*..`J >[0030] 5C 3D 2B 37 CD CA 00 4A 4D E4 C8 50 4C 6A C9 E6 \=+7...J M..PLj.. >[0040] 95 9A EF FA C7 69 28 5C B0 A5 F9 01 9A 8F 41 8C .....i(\ ......A. >[0050] 42 1A 9E 15 C0 95 0A 9D 9C F9 3A 36 73 5A 0A 45 B....... ..:6sZ.E >[0060] 9E 0C 7D 26 BE 88 9C 04 0A 6C 1A B0 BD 4D 32 54 ..}&.... .l...M2T >[0070] F2 0B 8B 95 BF 53 19 FB D9 E5 44 9D F4 36 85 33 .....S.. ..D..6.3 >[0080] 78 2C C4 2D 31 13 8F 59 08 6E BE CE 07 65 6E CD x,.-1..Y .n...en. >[0090] EE 30 A5 C5 FB 9C 6B 01 71 6C 41 F6 33 FF 8E 3E .0....k. qlA.3..> >[00A0] 52 91 5B 87 37 6D 0C 0D B1 9C 27 C7 0C D2 5A C8 R.[.7m.. ..'...Z. >[00B0] 44 06 0C 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[00C0] 02 E9 41 51 21 4E 21 32 F0 1E C1 5B 62 89 76 66 ..AQ!N!2 ...[b.vf >[00D0] 92 88 B6 28 B9 07 8E B5 52 C3 CD 21 37 EE 53 46 ...(.... R..!7.SF >[00E0] 1F 62 05 72 C2 DB 27 18 61 E9 CC 40 54 84 99 F8 .b.r..'. a..@T... >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 12 >GENSEC auth >Got pdu len 264, data_len 164 >rpc_api_pipe: got frag len of 264 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 164 bytes. > lsa_LookupSids3: struct lsa_LookupSids3 > out: struct lsa_LookupSids3 > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838 > max_size : 0x00000001 (1) > names : * > names: struct lsa_TransNameArray2 > count : 0x00000001 (1) > names : * > names: ARRAY(1) > names: struct lsa_TranslatedName2 > sid_type : SID_NAME_DOM_GRP (2) > name: struct lsa_String > length : 0x0018 (24) > size : 0x0018 (24) > string : * > string : 'Domain Users' > sid_index : 0x00000000 (0) > unknown : 0x00000000 (0) > count : * > count : 0x00000001 (1) > result : NT_STATUS_OK >LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1' >Mapped sid to [TESTDOM]\[Domain Users] >refresh_sequence_number: LAB time ok >refresh_sequence_number: LAB seq number is now 335984 >wcache_save_sid_to_name: S-1-5-21-847837108-3999977653-1779688838-513 -> TESTDOM\Domain Users (NT_STATUS_OK) > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >Finished processing child request 56 >Writing 3560 bytes to parent > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >wb_request_done[1682:GETPWNAM]: NT_STATUS_OK >winbind_client_response_written[1682:GETPWNAM]: delivered response to client >process_request: Handling async request 1682:GETPWNAM >getpwnam TESTDOM\administrator > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >SID 0: S-1-5-21-847837108-3999977653-1779688838-500 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] >netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] > &r: struct netsamlogoncache_entry > timestamp : Fri Mar 23 05:20:37 AM 2018 EDT > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > logon_time : Fri Mar 23 05:09:15 AM 2018 EDT > logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > last_password_change : Mon Feb 12 09:15:04 AM 2018 EST > allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST > force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT > account_name: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'Administrator' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x009d (157) > bad_password_count : 0x0000 (0) > rid : 0x000001f4 (500) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000005 (5) > rids : * > rids: ARRAY(5) > rids: struct samr_RidWithAttribute > rid : 0x00000208 (520) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000206 (518) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000207 (519) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x001e (30) > size : 0x0020 (32) > string : * > string : 'WIN-NJ57UVUO8PC' > logon_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > domain_sid : * > domain_sid : S-1-5-21-847837108-3999977653-1779688838 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > sub_auth_status : 0x00000000 (0) > last_successful_logon : NTTIME(0) > last_failed_logon : NTTIME(0) > failed_logon_count : 0x00000000 (0) > reserved : 0x00000000 (0) > sidcount : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297-1130 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >Need to read 210 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >idmap_find_domain called for domain 'TESTDOM' > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >Finished processing child request 56 >Writing 3712 bytes to parent > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >SID 0: S-1-5-21-847837108-3999977653-1779688838-513 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] >find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) >calling find_our_domain > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >wb_request_done[1682:GETPWNAM]: NT_STATUS_OK >winbind_client_response_written[1682:GETPWNAM]: delivered response to client >process_request: Handling async request 1682:GETPWNAM >getpwnam TESTDOM\administrator > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >SID 0: S-1-5-21-847837108-3999977653-1779688838-500 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] >netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] > &r: struct netsamlogoncache_entry > timestamp : Fri Mar 23 05:20:37 AM 2018 EDT > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > logon_time : Fri Mar 23 05:09:15 AM 2018 EDT > logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > last_password_change : Mon Feb 12 09:15:04 AM 2018 EST > allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST > force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT > account_name: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'Administrator' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x009d (157) > bad_password_count : 0x0000 (0) > rid : 0x000001f4 (500) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000005 (5) > rids : * > rids: ARRAY(5) > rids: struct samr_RidWithAttribute > rid : 0x00000208 (520) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000206 (518) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000207 (519) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x001e (30) > size : 0x0020 (32) > string : * > string : 'WIN-NJ57UVUO8PC' > logon_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > domain_sid : * > domain_sid : S-1-5-21-847837108-3999977653-1779688838 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > sub_auth_status : 0x00000000 (0) > last_successful_logon : NTTIME(0) > last_failed_logon : NTTIME(0) > failed_logon_count : 0x00000000 (0) > reserved : 0x00000000 (0) > sidcount : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297-1130 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >Need to read 210 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >idmap_find_domain called for domain 'TESTDOM' > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >Finished processing child request 56 >Writing 3712 bytes to parent > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >SID 0: S-1-5-21-847837108-3999977653-1779688838-513 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] >find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) >calling find_our_domain > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >wb_request_done[1682:GETPWNAM]: NT_STATUS_OK >winbind_client_response_written[1682:GETPWNAM]: delivered response to client >process_request: Handling async request 1682:GETPWNAM >getpwnam TESTDOM\administrator > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >SID 0: S-1-5-21-847837108-3999977653-1779688838-500 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] >netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] > &r: struct netsamlogoncache_entry > timestamp : Fri Mar 23 05:20:37 AM 2018 EDT > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > logon_time : Fri Mar 23 05:09:15 AM 2018 EDT > logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > last_password_change : Mon Feb 12 09:15:04 AM 2018 EST > allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST > force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT > account_name: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'Administrator' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x009d (157) > bad_password_count : 0x0000 (0) > rid : 0x000001f4 (500) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000005 (5) > rids : * > rids: ARRAY(5) > rids: struct samr_RidWithAttribute > rid : 0x00000208 (520) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000206 (518) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000207 (519) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x001e (30) > size : 0x0020 (32) > string : * > string : 'WIN-NJ57UVUO8PC' > logon_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > domain_sid : * > domain_sid : S-1-5-21-847837108-3999977653-1779688838 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > sub_auth_status : 0x00000000 (0) > last_successful_logon : NTTIME(0) > last_failed_logon : NTTIME(0) > failed_logon_count : 0x00000000 (0) > reserved : 0x00000000 (0) > sidcount : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297-1130 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >Need to read 210 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >idmap_find_domain called for domain 'TESTDOM' > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >Finished processing child request 56 >Writing 3712 bytes to parent > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >SID 0: S-1-5-21-847837108-3999977653-1779688838-513 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] >find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) >calling find_our_domain > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >wb_request_done[1682:GETPWNAM]: NT_STATUS_OK >winbind_client_response_written[1682:GETPWNAM]: delivered response to client >process_request: Handling async request 1682:GETPWNAM >getpwnam TESTDOM\administrator > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >SID 0: S-1-5-21-847837108-3999977653-1779688838-500 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] >netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] > &r: struct netsamlogoncache_entry > timestamp : Fri Mar 23 05:20:37 AM 2018 EDT > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > logon_time : Fri Mar 23 05:09:15 AM 2018 EDT > logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > last_password_change : Mon Feb 12 09:15:04 AM 2018 EST > allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST > force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT > account_name: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'Administrator' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x009d (157) > bad_password_count : 0x0000 (0) > rid : 0x000001f4 (500) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000005 (5) > rids : * > rids: ARRAY(5) > rids: struct samr_RidWithAttribute > rid : 0x00000208 (520) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000206 (518) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000207 (519) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x001e (30) > size : 0x0020 (32) > string : * > string : 'WIN-NJ57UVUO8PC' > logon_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > domain_sid : * > domain_sid : S-1-5-21-847837108-3999977653-1779688838 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > sub_auth_status : 0x00000000 (0) > last_successful_logon : NTTIME(0) > last_failed_logon : NTTIME(0) > failed_logon_count : 0x00000000 (0) > reserved : 0x00000000 (0) > sidcount : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297-1130 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >Need to read 210 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >idmap_find_domain called for domain 'TESTDOM' > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >Finished processing child request 56 >Writing 3712 bytes to parent > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >SID 0: S-1-5-21-847837108-3999977653-1779688838-513 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] >find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) >calling find_our_domain > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >wb_request_done[1682:GETPWNAM]: NT_STATUS_OK >winbind_client_response_written[1682:GETPWNAM]: delivered response to client >accepted socket 25 >process_request: request fn INTERFACE_VERSION >[ 1682]: request interface version (version = 28) >winbind_client_response_written[1682:INTERFACE_VERSION]: delivered response to client >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 1682]: request location of privileged pipe >winbind_client_response_written[1682:WINBINDD_PRIV_PIPE_DIR]: delivered response to client >accepted socket 27 >closing socket 25, client exited >process_request: Handling async request 1682:PAM_AUTH >[ 1682]: pam auth TESTDOM\administrator >fork_domain_child called for domain 'TESTDOM' >Child process 1708 >msg_dgm_ref_destructor: refs=0x563e56a0d0c0 >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 861304241047392926 >Deregistering messaging pointer for type 33 - private_data=(nil) >Deregistering messaging pointer for type 13 - private_data=(nil) >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1029 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1033 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >Deregistering messaging pointer for type 1036 - private_data=(nil) >Deregistering messaging pointer for type 1035 - private_data=(nil) >Registering messaging pointer for type 1028 - private_data=(nil) >Registering messaging pointer for type 1027 - private_data=(nil) >Registering messaging pointer for type 1280 - private_data=(nil) >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 1034 - private_data=(nil) >Overriding messaging pointer for type 1034 - private_data=(nil) >set_domain_online_request: called for domain TESTDOM >set_domain_online_request: domain TESTDOM was globally offline. >set_domain_online_request: called for domain LAB >set_domain_online_request: domain LAB was globally offline. >child daemon request 13 >child_process_request: request fn PAM_AUTH >[ 1701]: dual pam auth TESTDOM\administrator >winbindd_dual_pam_auth: domain: TESTDOM offline and auth request in startup mode. >Searching cache keys with pattern NEG_CONN_CACHE/TESTDOM,* >Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) >Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) >Deleting cache entry (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net]) >Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >flush_negative_conn_cache_for_domain: flushed domain TESTDOM >Searching cache keys with pattern NEG_CONN_CACHE/testdom.net,* >Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) >Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:21:37 AM 2018 EDT]) >Deleting cache entry (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net]) >Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >flush_negative_conn_cache_for_domain: flushed domain testdom.net >connection_ok: Connection to (null) for domain TESTDOM is not connected >set_dc_type_and_flags_trustinfo: domain TESTDOM >connection_ok: Connection to (null) for domain LAB is not connected >set_dc_type_and_flags_trustinfo: No connection to our domain! >Adding cache entry with key=[SAFJOIN/DOMAIN/TESTDOM] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >Adding cache entry with key=[SAF/DOMAIN/TESTDOM] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >saf_fetch: failed to find server for "TESTDOM" domain >cm_open_connection: dcname is '' for domain TESTDOM >connection_ok: Connection to (null) for domain LAB is not connected >Adding cache entry with key=[SAFJOIN/DOMAIN/LAB] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >saf_fetch: Returning "dc1.lab.saferit.fr" for "LAB" domain >Adding cache entry with key=[NEG_CONN_CACHE/LAB,dc1.lab.saferit.fr] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr >cm_open_connection: saf_servername is 'dc1.lab.saferit.fr' for domain LAB >cm_open_connection: dcname is 'dc1.lab.saferit.fr' for domain LAB >check_negative_conn_cache returning result 0 for domain LAB server dc1.lab.saferit.fr >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Connecting to 10.0.3.10 at port 445 >cm_prepare_connection: connecting to DC dc1.lab.saferit.fr for domain LAB >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a20b10 > >ldb: Added timed event "ltdb_timeout": 0x563e56a20bd0 > >ldb: Running timer event 0x563e56a20b10 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a20bd0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a20b10 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a20ff0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a210b0 > >ldb: Running timer event 0x563e56a20ff0 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a210b0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a20ff0 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a21d90 > >ldb: Added timed event "ltdb_timeout": 0x563e56a21ec0 > >ldb: Running timer event 0x563e56a21d90 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a21ec0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a21d90 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >connecting to dc1.lab.saferit.fr (LAB, lab.saferit.fr) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] >got OID=1.3.6.1.4.1.311.2.2.30 >got OID=1.2.840.48018.1.2.2 >kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] >GENSEC backend 'gssapi_spnego' registered >GENSEC backend 'gssapi_krb5' registered >GENSEC backend 'gssapi_krb5_sasl' registered >GENSEC backend 'spnego' registered >GENSEC backend 'schannel' registered >GENSEC backend 'naclrpc_as_system' registered >GENSEC backend 'sasl-EXTERNAL' registered >GENSEC backend 'ntlmssp' registered >GENSEC backend 'ntlmssp_resume_ccache' registered >GENSEC backend 'http_basic' registered >GENSEC backend 'http_ntlm' registered >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >signed SMB2 message >signed SMB2 message >saf_store: domain = [LAB], server = [dc1.lab.saferit.fr], expire = [1521798052] >Did not store value for SAF/DOMAIN/LAB, we already got it >saf_store: domain = [lab.saferit.fr], server = [dc1.lab.saferit.fr], expire = [1521798052] >Did not store value for SAF/DOMAIN/LAB.SAFERIT.FR, we already got it >set_domain_online: called for domain LAB >Deregistering messaging pointer for type 1030 - private_data=(nil) >Deregistering messaging pointer for type 1031 - private_data=(nil) >messaging_dgm_send: Sending message to 1701 >Did not store value for CURRENT_DCNAME/LAB, we already got it >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a2b3c0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a2b480 > >ldb: Running timer event 0x563e56a2b3c0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a2b480 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a2b3c0 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a21f50 > >ldb: Added timed event "ltdb_timeout": 0x563e56a21cd0 > >ldb: Running timer event 0x563e56a21f50 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a21cd0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a21f50 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a1f400 > >ldb: Added timed event "ltdb_timeout": 0x563e56a1f4c0 > >ldb: Running timer event 0x563e56a1f400 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a1f4c0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a1f400 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >rpccli_setup_netlogon_creds: using cached netlogon_creds cli[CENTOS$/CENTOS] to dc1.lab.saferit.fr >signed SMB2 message >imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x40b >messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1708 >messaging_recv_cb: Received message 0x40b len 4 (num_fds:0) from 1708 >Domain LAB is marked as online now. >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a22b00 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >Starting GENSEC mechanism schannel >Bind RPC Pipe: host dc1.lab.saferit.fr auth_type 68, auth_level 6 >create_generic_auth_rpc_bind_req: generate first token > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=19 >[0000] 00 00 00 00 03 00 00 00 4C 41 42 00 43 45 4E 54 ........ LAB.CENT >[0010] 4F 53 00 OS. > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0063 (99) > auth_length : 0x0013 (19) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=27 >[0000] 44 06 00 00 01 00 00 00 00 00 00 00 03 00 00 00 D....... ........ >[0010] 4C 41 42 00 43 45 4E 54 4F 53 00 LAB.CENT OS. >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 72 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x07 (7) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x000c (12) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x0000075b (1883) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 >[0000] 00 00 .. > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) > reason : union dcerpc_bind_ack_reason(case 0) > value : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=20 >[0000] 44 06 00 00 01 00 00 00 01 00 00 00 00 00 00 00 D....... ........ >[0010] 00 00 00 00 .... >rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 88 bytes. >check_bind_response: accepted! >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 0 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a2b6a0 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a18540 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 > seed 6f57c7f4:3a1b7e78 > seed+time ca0c9014:3a1b7e78 > CLIENT 9c6ea864:c9b60df4 > seed+time+1 ca0c9015:3a1b7e78 > SERVER 97719b65:901f03bb > netr_LogonGetCapabilities: struct netr_LogonGetCapabilities > in: struct netr_LogonGetCapabilities > server_name : * > server_name : '\\dc1.lab.saferit.fr' > computer_name : * > computer_name : 'CENTOS' > credential : * > credential: struct netr_Authenticator > cred: struct netr_Credential > data : 64a86e9cf40db6c9 > timestamp : Fri Mar 23 05:25:52 AM 2018 EDT > return_authenticator : * > return_authenticator: struct netr_Authenticator > cred: struct netr_Credential > data : 0000000000000000 > timestamp : (time_t)0 > query_level : 0x00000001 (1) > t: struct dcerpc_sec_verification_trailer > _pad : DATA_BLOB length=0 > magic : 0000000000000000 > count: struct dcerpc_sec_vt_count > count : 0x0002 (2) > commands: ARRAY(2) > commands: struct dcerpc_sec_vt > command : 0x0001 (1) > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > 0: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union dcerpc_sec_vt_union(case 0x1) > bitmask1 : 0x00000001 (1) > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > commands: struct dcerpc_sec_vt > command : 0x4002 (16386) > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > 1: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union dcerpc_sec_vt_union(case 0x2) > pcontext: struct dcerpc_sec_vt_pcontext > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b0 (176) > context_id : 0x0000 (0) > opnum : 0x0015 (21) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x00 (0) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 104 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0078 (120) > auth_length : 0x0038 (56) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=96 >[0000] D1 E1 91 5E A1 34 C6 25 F8 40 5A A3 55 B8 7D FB ...^.4.% .@Z.U.}. >[0010] 5F AD 1D 45 50 FE 81 79 59 04 EE 32 B8 CA C7 20 _..EP..y Y..2... >[0020] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0030] E7 AE FE 70 E4 A5 04 B7 9A 39 77 AA 75 53 C3 0F ...p.... .9w.uS.. >[0040] 73 4A E6 EC 0F 07 0F 33 B0 A5 F9 01 9A 8F 41 8C sJ.....3 ......A. >[0050] 42 1A 9E 15 C0 95 0A 9D 9C F9 3A 36 73 5A 0A 45 B....... ..:6sZ.E >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 >GENSEC auth >Got pdu len 120, data_len 24 >rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 24 bytes. > netr_LogonGetCapabilities: struct netr_LogonGetCapabilities > out: struct netr_LogonGetCapabilities > return_authenticator : * > return_authenticator: struct netr_Authenticator > cred: struct netr_Credential > data : 659b7197bb031f90 > timestamp : (time_t)0 > capabilities : * > capabilities : union netr_Capabilities(case 1) > server_capabilities : 0x610fffff (1628438527) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 1: NETLOGON_NEG_GENERIC_PASSTHROUGH > 1: NETLOGON_NEG_CONCURRENT_RPC > 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_STRONG_KEYS > 1: NETLOGON_NEG_TRANSITIVE_TRUSTS > 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 1: NETLOGON_NEG_PASSWORD_SET2 > 1: NETLOGON_NEG_GETDOMAININFO > 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 > 1: NETLOGON_NEG_SUPPORTS_AES > 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_AUTHENTICATED_RPC > result : NT_STATUS_OK >check lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:/var/lib/samba/private/netlogon_creds_cli.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a2b320 >Unlocking key 434C495B43454E544F53 >release lock order 2 for /var/lib/samba/private/netlogon_creds_cli.tdb >lock order: 1:<none> 2:<none> 3:<none> >check lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/g_lock.tdb 3:<none> >Locking key 434C495B43454E544F53 >Allocated locked data 0x0x563e56a2b390 >release lock order 2 for /var/lib/samba/lock/g_lock.tdb >lock order: 1:<none> 2:<none> 3:<none> >Unlocking key 434C495B43454E544F53 >cli_rpc_pipe_open_schannel_with_creds: opened pipe netlogon to machine dc1.lab.saferit.fr for domain LAB and bound using schannel. > netr_DsRGetDCName: struct netr_DsRGetDCName > in: struct netr_DsRGetDCName > server_unc : * > server_unc : 'dc1.lab.saferit.fr' > domain_name : * > domain_name : 'TESTDOM' > domain_guid : NULL > site_guid : NULL > flags : 0x40000000 (1073741824) > 0: DS_FORCE_REDISCOVERY > 0: DS_DIRECTORY_SERVICE_REQUIRED > 0: DS_DIRECTORY_SERVICE_PREFERRED > 0: DS_GC_SERVER_REQUIRED > 0: DS_PDC_REQUIRED > 0: DS_BACKGROUND_ONLY > 0: DS_IP_REQUIRED > 0: DS_KDC_REQUIRED > 0: DS_TIMESERV_REQUIRED > 0: DS_WRITABLE_REQUIRED > 0: DS_GOOD_TIMESERV_PREFERRED > 0: DS_AVOID_SELF > 0: DS_ONLY_LDAP_NEEDED > 0: DS_IS_FLAT_NAME > 0: DS_IS_DNS_NAME > 0: DS_TRY_NEXTCLOSEST_SITE > 0: DS_DIRECTORY_SERVICE_6_REQUIRED > 0: DS_WEB_SERVICE_REQUIRED > 1: DS_RETURN_DNS_NAME > 0: DS_RETURN_FLAT_NAME > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000064 (100) > context_id : 0x0000 (0) > opnum : 0x0014 (20) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x0c (12) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 440 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x01c8 (456) > auth_length : 0x0038 (56) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000168 (360) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=432 >[0000] 28 AF 9D BE 68 D1 65 92 31 77 22 B7 D1 7E AE 3B (...h.e. 1w"..~.; >[0010] 4B 94 B8 9B 2A 4B 9E 3A 3D AA 7B 77 81 5F 64 D6 K...*K.: =.{w._d. >[0020] E9 1E 73 41 9F F8 A0 90 D0 90 1C 96 32 5E FC D7 ..sA.... ....2^.. >[0030] 36 A9 B7 8B 1C 1C 81 67 25 46 7A 8E 11 57 5A D7 6......g %Fz..WZ. >[0040] BB FF F7 97 71 14 75 7D D4 95 CF 31 E6 7D 79 04 ....q.u} ...1.}y. >[0050] A7 1F AA EB 73 5D 1A F3 0F F0 DA D0 D3 7A BF 07 ....s].. .....z.. >[0060] 31 65 B1 09 62 36 5A BE 21 D1 39 01 9C ED 98 43 1e..b6Z. !.9....C >[0070] 4F DA 9C 56 4C E8 69 7F 16 27 00 E6 15 B9 B8 9E O..VL.i. .'...... >[0080] 3E 7E C7 4C DC FE 0E 4B 35 9A 95 6B B4 D3 8E EF >~.L...K 5..k.... >[0090] 32 AF FD 69 77 E7 8F 4D 02 35 A4 05 6D 4E D9 E3 2..iw..M .5..mN.. >[00A0] D0 C2 4A 99 79 3E 3C 3D 00 E7 0D 8C A1 41 32 A9 ..J.y><= .....A2. >[00B0] 1D F0 77 F3 11 1A BF 24 6A 0E BA 13 BB C9 E3 4F ..w....$ j......O >[00C0] 67 93 E1 F8 0D E4 B2 A9 A2 C0 7C 5B 29 3E 88 1C g....... ..|[)>.. >[00D0] D2 04 CF 10 FF E5 A0 77 84 B0 60 B6 AC 37 9E 25 .......w ..`..7.% >[00E0] 74 54 6A D0 7B 81 B1 FC 3B FF A6 42 42 3D 84 51 tTj.{... ;..BB=.Q >[00F0] AE AE 8E 02 5B 53 90 3C A8 74 80 5A 42 32 97 BD ....[S.< .t.ZB2.. >[0100] 37 5B C8 F6 8D 32 47 05 70 B7 45 5B 4E B8 14 81 7[...2G. p.E[N... >[0110] EE CE 41 B8 F9 BA A8 EF 6F 9A 08 AE 48 03 6D 9E ..A..... o...H.m. >[0120] AF 04 4B 20 AA 12 C6 31 75 DD 25 FD 24 BB 6C 8C ..K ...1 u.%.$.l. >[0130] 9E B2 72 95 97 D8 26 F1 9C 52 A2 59 C9 14 99 A1 ..r...&. .R.Y.... >[0140] 36 9E EB DA E3 42 0B 2F 4C 02 2F 4C BD 66 50 46 6....B./ L./L.fPF >[0150] 71 66 C3 13 32 23 1F D9 FF F9 93 76 E6 A2 7F 07 qf..2#.. ...v.... >[0160] 4D CE 5A 96 DB F6 91 58 38 8D F4 BE 55 62 99 1B M.Z....X 8...Ub.. >[0170] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0180] 3D E9 79 F1 05 AE 87 A6 30 34 50 43 DD 0F 56 7D =.y..... 04PC..V} >[0190] AF 2C 54 BB 9A C1 CB D2 00 00 00 00 00 00 00 00 .,T..... ........ >[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 >GENSEC auth >Got pdu len 456, data_len 360 >rpc_api_pipe: got frag len of 456 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 360 bytes. > netr_DsRGetDCName: struct netr_DsRGetDCName > out: struct netr_DsRGetDCName > info : * > info : * > info: struct netr_DsRGetDCNameInfo > dc_unc : * > dc_unc : '\\WIN-NJ57UVUO8PC.testdom.net' > dc_address : * > dc_address : '\\10.0.3.110' > dc_address_type : DS_ADDRESS_TYPE_INET (1) > domain_guid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > domain_name : * > domain_name : 'testdom.net' > forest_name : * > forest_name : 'testdom.net' > dc_flags : 0xe00031fd (3758109181) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 1: DS_SERVER_WEBSERV > 0: DS_SERVER_DS_8 > 1: DS_DNS_CONTROLLER > 1: DS_DNS_DOMAIN > 1: DS_DNS_FOREST_ROOT > dc_site_name : * > dc_site_name : 'Default-First-Site-Name' > client_site_name : * > client_site_name : 'Default-First-Site-Name' > result : WERR_OK >dcerpc_netr_GetAnyDCName returned WIN-NJ57UVUO8PC.testdom.net >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up WIN-NJ57UVUO8PC.testdom.net#20 (sitename Default-First-Site-Name) >name WIN-NJ57UVUO8PC.testdom.net#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net >Retrieved DC WIN-NJ57UVUO8PC.testdom.net at 10.0.3.110 via netlogon >Connecting to 10.0.3.110 at port 445 >cm_prepare_connection: connecting to DC WIN-NJ57UVUO8PC.testdom.net for domain TESTDOM >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a24a70 > >ldb: Added timed event "ltdb_timeout": 0x563e56a24b30 > >ldb: Running timer event 0x563e56a24a70 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a24b30 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a24a70 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a24f50 > >ldb: Added timed event "ltdb_timeout": 0x563e56a25010 > >ldb: Running timer event 0x563e56a24f50 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a25010 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a24f50 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a25cf0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a25e20 > >ldb: Running timer event 0x563e56a25cf0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a25e20 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a25cf0 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >connecting to WIN-NJ57UVUO8PC.testdom.net (TESTDOM, testdom.net) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] >got OID=1.3.6.1.4.1.311.2.2.30 >got OID=1.2.840.48018.1.2.2 >kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >gse_get_client_auth_token: Server principal not found >SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/WIN-NJ57UVUO8PC.testdom.net failed (next[ntlmssp]): NT_STATUS_INVALID_PARAMETER >Starting GENSEC submechanism ntlmssp > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x62088215 (1644724757) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > WorkstationLen : 0x0000 (0) > WorkstationMaxLen : 0x0000 (0) > Workstation : * > Workstation : '' > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) > ProductBuild : 0x0000 (0) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >Got challenge flags: >Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >SPNEGO login failed: Logon failure >authenticated session setup to WIN-NJ57UVUO8PC.testdom.net using LAB\CENTOS$ failed with NT_STATUS_LOGON_FAILURE >cm_get_ipc_userpass: No auth-user defined >cm_get_ipc_userpass: No auth-user defined >Failed to prepare SMB connection to WIN-NJ57UVUO8PC.testdom.net: NT_STATUS_LOGON_FAILURE >Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Fri Mar 23 05:26:52 AM 2018 EDT] (60 seconds ahead) >add_failed_connection_entry: added domain TESTDOM (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache >Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM]) >Deleting cache entry (key=[SAF/DOMAIN/TESTDOM]) >Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Fri Mar 23 05:26:52 AM 2018 EDT] (60 seconds ahead) >add_failed_connection_entry: added domain testdom.net (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache >Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM.NET]) >Adding cache entry with key=[SAFJOIN/DOMAIN/TESTDOM.NET] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >Deleting cache entry (key=[SAF/DOMAIN/TESTDOM.NET]) >Adding cache entry with key=[SAF/DOMAIN/TESTDOM.NET] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >cm_open_connection: dcname is 'WIN-NJ57UVUO8PC.testdom.net' for domain TESTDOM >check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net > netr_DsRGetDCName: struct netr_DsRGetDCName > in: struct netr_DsRGetDCName > server_unc : * > server_unc : 'dc1.lab.saferit.fr' > domain_name : * > domain_name : 'TESTDOM' > domain_guid : NULL > site_guid : NULL > flags : 0x40000000 (1073741824) > 0: DS_FORCE_REDISCOVERY > 0: DS_DIRECTORY_SERVICE_REQUIRED > 0: DS_DIRECTORY_SERVICE_PREFERRED > 0: DS_GC_SERVER_REQUIRED > 0: DS_PDC_REQUIRED > 0: DS_BACKGROUND_ONLY > 0: DS_IP_REQUIRED > 0: DS_KDC_REQUIRED > 0: DS_TIMESERV_REQUIRED > 0: DS_WRITABLE_REQUIRED > 0: DS_GOOD_TIMESERV_PREFERRED > 0: DS_AVOID_SELF > 0: DS_ONLY_LDAP_NEEDED > 0: DS_IS_FLAT_NAME > 0: DS_IS_DNS_NAME > 0: DS_TRY_NEXTCLOSEST_SITE > 0: DS_DIRECTORY_SERVICE_6_REQUIRED > 0: DS_WEB_SERVICE_REQUIRED > 1: DS_RETURN_DNS_NAME > 0: DS_RETURN_FLAT_NAME > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000064 (100) > context_id : 0x0000 (0) > opnum : 0x0014 (20) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x0c (12) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 440 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x01c8 (456) > auth_length : 0x0038 (56) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000168 (360) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=432 >[0000] 0C 5B F8 45 BE 0E 11 4E 3A 53 D9 79 82 05 FC A1 .[.E...N :S.y.... >[0010] EB 5D 3E 99 A4 F5 D2 0B 55 FB AC C0 BA EA 9A AA .]>..... U....... >[0020] D8 75 BB F7 B1 04 B3 42 5C F9 22 18 9F A3 1C 9E .u.....B \."..... >[0030] DC AB F3 2C 4F DF C0 87 D7 48 14 1F C6 F7 1F 72 ...,O... .H.....r >[0040] 8B 85 37 7C 87 77 D1 34 3F 61 37 AF 4D 1D 16 23 ..7|.w.4 ?a7.M..# >[0050] FD FC 4C B9 81 BB 29 54 90 91 E7 CF 4E 0C 34 1A ..L...)T ....N.4. >[0060] E9 D6 CA 27 BE BC E5 5A 05 D5 0B 99 25 B6 B9 33 ...'...Z ....%..3 >[0070] DC EE 1C D1 93 A8 8A 69 58 6B BD 59 14 6B 41 3C .......i Xk.Y.kA< >[0080] 5C E2 67 C9 CF FE EB C3 FF E7 9A 0F 12 ED 97 27 \.g..... .......' >[0090] 78 F9 2E E3 C2 FC FD 51 C4 97 91 4E 63 69 DC E4 x......Q ...Nci.. >[00A0] 50 BE 26 98 6D F9 EF 9F 04 B6 47 8B FB 9F DB D1 P.&.m... ..G..... >[00B0] 65 B2 C7 EA 5E D7 B6 A1 56 FD EB 9E 28 0E A7 52 e...^... V...(..R >[00C0] 67 B7 5D EA 37 BC 37 63 6A B2 81 55 02 8A 17 A1 g.].7.7c j..U.... >[00D0] 04 28 CC 87 80 DB E6 B1 CE 3B 1A 42 83 DA 7A D0 .(...... .;.B..z. >[00E0] 64 0E 42 B4 83 21 F2 90 03 E9 C9 8F F1 65 93 93 d.B..!.. .....e.. >[00F0] 85 CC 99 41 0E 40 41 D0 D8 E4 99 B8 3A D0 15 32 ...A.@A. ....:..2 >[0100] 60 3D 1D 0C AA 64 29 E7 12 CA AA 55 40 79 8A EE `=...d). ...U@y.. >[0110] 8D 74 7A F2 5E 0B B0 F9 EA BD 8D C5 A0 2C 73 C8 .tz.^... .....,s. >[0120] 60 3A 5D D3 CE 20 11 CC 9D 30 14 73 D6 8A 5C 1D `:].. .. .0.s..\. >[0130] 50 5F 20 55 A9 B6 86 EE 2D 68 B2 42 1D 37 44 59 P_ U.... -h.B.7DY >[0140] B0 14 EA 6C 30 89 8E DD B2 88 2D C8 FC B2 77 86 ...l0... ..-...w. >[0150] 18 9D F1 A1 39 02 CC 0C B9 CA C0 86 10 87 05 96 ....9... ........ >[0160] CC B5 99 3A 1B B1 7B 55 18 79 37 0C 81 0E 23 55 ...:..{U .y7...#U >[0170] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0180] C9 FA C3 3A 44 24 38 2A 40 5F 42 38 9B 41 27 47 ...:D$8* @_B8.A'G >[0190] D7 8F 46 8A 34 B4 CD 1B 00 00 00 00 00 00 00 00 ..F.4... ........ >[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 >GENSEC auth >Got pdu len 456, data_len 360 >rpc_api_pipe: got frag len of 456 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 360 bytes. > netr_DsRGetDCName: struct netr_DsRGetDCName > out: struct netr_DsRGetDCName > info : * > info : * > info: struct netr_DsRGetDCNameInfo > dc_unc : * > dc_unc : '\\WIN-NJ57UVUO8PC.testdom.net' > dc_address : * > dc_address : '\\10.0.3.110' > dc_address_type : DS_ADDRESS_TYPE_INET (1) > domain_guid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > domain_name : * > domain_name : 'testdom.net' > forest_name : * > forest_name : 'testdom.net' > dc_flags : 0xe00031fd (3758109181) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 1: DS_SERVER_WEBSERV > 0: DS_SERVER_DS_8 > 1: DS_DNS_CONTROLLER > 1: DS_DNS_DOMAIN > 1: DS_DNS_FOREST_ROOT > dc_site_name : * > dc_site_name : 'Default-First-Site-Name' > client_site_name : * > client_site_name : 'Default-First-Site-Name' > result : WERR_OK >dcerpc_netr_GetAnyDCName returned WIN-NJ57UVUO8PC.testdom.net >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up WIN-NJ57UVUO8PC.testdom.net#20 (sitename Default-First-Site-Name) >name WIN-NJ57UVUO8PC.testdom.net#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net >DC WIN-NJ57UVUO8PC.testdom.net was in the negative conn cache >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >ads_dc_name: domain=TESTDOM >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >resolve_and_ping_dns: (cldap) looking for realm 'testdom.net' >get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) >saf_fetch: failed to find server for "testdom.net" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) >name testdom.net#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,10.0.3.110] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.110:389 >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000031fd (12797) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > forest : 'testdom.net' > dns_domain : 'testdom.net' > pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' > domain_name : 'TESTDOM' > pdc_name : 'WIN-NJ57UVUO8PC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it >sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it >Successfully contacted LDAP server 10.0.3.110 >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >ads_dc_name: using server='WIN-NJ57UVUO8PC.TESTDOM.NET' IP=10.0.3.110 >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) >saf_fetch: failed to find server for "testdom.net" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) >name testdom.net#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.110:389 >Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,10.0.3.110] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 >get_sorted_dc_list: attempting lookup for name testdom.net (sitename NULL) >saf_fetch: failed to find server for "testdom.net" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up testdom.net#1c (sitename (null)) >name testdom.net#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.110:389 >check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 >Connecting to 10.0.3.110 at port 445 >ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000031fd (12797) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > forest : 'testdom.net' > dns_domain : 'testdom.net' > pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' > domain_name : 'TESTDOM' > pdc_name : 'WIN-NJ57UVUO8PC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it >sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it >Successfully contacted LDAP server 10.0.3.110 >namecache_store: storing 1 address for WIN-NJ57UVUO8PC.testdom.net#20: 10.0.3.110 >Adding cache entry with key=[NBT/WIN-NJ57UVUO8PC.TESTDOM.NET#20] and timeout=[Fri Mar 23 05:36:52 AM 2018 EDT] (660 seconds ahead) >dcip_to_name: flags = 0x31fd >cm_prepare_connection: connecting to DC WIN-NJ57UVUO8PC.testdom.net for domain TESTDOM >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a278b0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a27970 > >ldb: Running timer event 0x563e56a278b0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a27970 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a278b0 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a27d90 > >ldb: Added timed event "ltdb_timeout": 0x563e56a27e50 > >ldb: Running timer event 0x563e56a27d90 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a27e50 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a27d90 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a25290 > >ldb: Added timed event "ltdb_timeout": 0x563e56a253c0 > >ldb: Running timer event 0x563e56a25290 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a253c0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a25290 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >connecting to WIN-NJ57UVUO8PC.testdom.net (TESTDOM, testdom.net) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] >got OID=1.3.6.1.4.1.311.2.2.30 >got OID=1.2.840.48018.1.2.2 >kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >gse_get_client_auth_token: Server principal not found >SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/WIN-NJ57UVUO8PC.testdom.net failed (next[ntlmssp]): NT_STATUS_INVALID_PARAMETER >Starting GENSEC submechanism ntlmssp > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x62088215 (1644724757) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > WorkstationLen : 0x0000 (0) > WorkstationMaxLen : 0x0000 (0) > Workstation : * > Workstation : '' > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) > ProductBuild : 0x0000 (0) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >Got challenge flags: >Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >SPNEGO login failed: Logon failure >authenticated session setup to WIN-NJ57UVUO8PC.testdom.net using LAB\CENTOS$ failed with NT_STATUS_LOGON_FAILURE >cm_get_ipc_userpass: No auth-user defined >cm_get_ipc_userpass: No auth-user defined >Failed to prepare SMB connection to WIN-NJ57UVUO8PC.testdom.net: NT_STATUS_LOGON_FAILURE >Did not store value for NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net, we already got it >add_failed_connection_entry: added domain TESTDOM (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache >Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM]) >Deleting cache entry (key=[SAF/DOMAIN/TESTDOM]) >Did not store value for NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net, we already got it >add_failed_connection_entry: added domain testdom.net (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache >Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM.NET]) >Deleting cache entry (key=[SAF/DOMAIN/TESTDOM.NET]) >cm_open_connection: dcname is 'WIN-NJ57UVUO8PC.testdom.net' for domain TESTDOM >check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net > netr_DsRGetDCName: struct netr_DsRGetDCName > in: struct netr_DsRGetDCName > server_unc : * > server_unc : 'dc1.lab.saferit.fr' > domain_name : * > domain_name : 'TESTDOM' > domain_guid : NULL > site_guid : NULL > flags : 0x40000000 (1073741824) > 0: DS_FORCE_REDISCOVERY > 0: DS_DIRECTORY_SERVICE_REQUIRED > 0: DS_DIRECTORY_SERVICE_PREFERRED > 0: DS_GC_SERVER_REQUIRED > 0: DS_PDC_REQUIRED > 0: DS_BACKGROUND_ONLY > 0: DS_IP_REQUIRED > 0: DS_KDC_REQUIRED > 0: DS_TIMESERV_REQUIRED > 0: DS_WRITABLE_REQUIRED > 0: DS_GOOD_TIMESERV_PREFERRED > 0: DS_AVOID_SELF > 0: DS_ONLY_LDAP_NEEDED > 0: DS_IS_FLAT_NAME > 0: DS_IS_DNS_NAME > 0: DS_TRY_NEXTCLOSEST_SITE > 0: DS_DIRECTORY_SERVICE_6_REQUIRED > 0: DS_WEB_SERVICE_REQUIRED > 1: DS_RETURN_DNS_NAME > 0: DS_RETURN_FLAT_NAME > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0038 (56) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000064 (100) > context_id : 0x0000 (0) > opnum : 0x0014 (20) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > stub_and_verifier : DATA_BLOB length=0 > &r: struct dcerpc_auth > auth_type : DCERPC_AUTH_TYPE_SCHANNEL (68) > auth_level : DCERPC_AUTH_LEVEL_PRIVACY (6) > auth_pad_length : 0x0c (12) > auth_reserved : 0x00 (0) > auth_context_id : 0x00000001 (1) > credentials : DATA_BLOB length=0 >rpc_api_pipe: host dc1.lab.saferit.fr >signed SMB2 message >rpc_read_send: data_to_read: 440 > state->pkt: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > 1: DCERPC_PFC_FLAG_FIRST > 1: DCERPC_PFC_FLAG_LAST > 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING > 0: DCERPC_PFC_FLAG_CONC_MPX > 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE > 0: DCERPC_PFC_FLAG_MAYBE > 0: DCERPC_PFC_FLAG_OBJECT_UUID > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x01c8 (456) > auth_length : 0x0038 (56) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000168 (360) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > reserved : 0x00 (0) > stub_and_verifier : DATA_BLOB length=432 >[0000] 55 20 64 9B 38 01 37 A5 C6 A8 95 66 D1 57 0D 42 U d.8.7. ...f.W.B >[0010] 1B 0C FF B2 00 A8 BA EE DB 2F 14 5B 8C C2 49 74 ........ ./.[..It >[0020] E3 30 13 9E 13 B5 83 0C 3F 68 56 AF BE 38 6E 79 .0...... ?hV..8ny >[0030] A4 29 BD D5 17 26 96 52 B0 9F 85 9E 60 61 CD B6 .)...&.R ....`a.. >[0040] 76 B8 BC 7D B6 FF 29 52 68 A3 F9 2A B7 76 68 B7 v..}..)R h..*.vh. >[0050] D0 EB 07 EA 41 31 B1 63 FD 70 43 F7 70 2B 64 7F ....A1.c .pC.p+d. >[0060] CD CC AD A1 12 00 BE B4 8F 63 92 51 6B DF FF F5 ........ .c.Qk... >[0070] 51 3B 1E DE A5 43 0D 98 B9 3E 8F 75 B0 C4 54 DC Q;...C.. .>.u..T. >[0080] AA 21 AF F8 14 71 73 60 2A E6 0E 3E 9D F9 57 27 .!...qs` *..>..W' >[0090] FE BD 5C 9B FD D9 88 34 75 7B CE 11 3B AB B9 D8 ..\....4 u{..;... >[00A0] 36 7D BA 9E 99 99 3F 12 E3 19 02 DE 58 F5 0F B4 6}....?. ....X... >[00B0] 17 72 53 41 D2 08 CB CF D8 79 B8 24 9C CC A0 4A .rSA.... .y.$...J >[00C0] 42 FD B4 47 68 17 20 49 FF E7 83 7B DD 86 86 42 B..Gh. I ...{...B >[00D0] A5 83 2D BB 0B 8B A9 3F 71 C7 6C A4 08 08 01 18 ..-....? q.l..... >[00E0] F4 C2 49 47 6B 4F 73 53 2E 86 CA 06 80 09 63 85 ..IGkOsS ......c. >[00F0] 91 D5 C7 14 A6 78 45 C5 F2 3B 70 CB F8 70 DA 3E .....xE. .;p..p.> >[0100] 99 D1 6F 36 C8 AF 89 3D F8 E9 83 02 A0 EF 38 E7 ..o6...= ......8. >[0110] AB D7 9C 53 AB 0D 28 BD 7C 5E E7 D0 DF 43 56 0B ...S..(. |^...CV. >[0120] 60 4B D5 43 24 6C 2C DE 90 CF 17 F4 D4 32 78 7F `K.C$l,. .....2x. >[0130] 9B 8B 92 42 47 5E A2 32 58 F1 D8 53 A4 7D AD 8F ...BG^.2 X..S.}.. >[0140] 77 C3 3B 81 86 80 89 29 92 27 01 9D 94 A0 5F BA w.;....) .'...._. >[0150] 45 7C 7E 35 B8 F2 9E 78 BA 8F BE 4C 68 99 10 3F E|~5...x ...Lh..? >[0160] 2F 81 B7 37 A0 56 CC 8A EE 31 D5 D7 03 5D 70 66 /..7.V.. .1...]pf >[0170] 44 06 08 00 01 00 00 00 13 00 1A 00 FF FF 00 00 D....... ........ >[0180] 1F 56 8D D2 8C F1 78 58 E3 CD A6 44 05 D7 BC 7B .V....xX ...D...{ >[0190] 26 0A 3B 53 94 90 5B E2 00 00 00 00 00 00 00 00 &.;S..[. ........ >[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >Requested Privacy. >../librpc/rpc/dcerpc_util.c:271: auth_pad_length 8 >GENSEC auth >Got pdu len 456, data_len 360 >rpc_api_pipe: got frag len of 456 at offset 0: NT_STATUS_OK >rpc_api_pipe: host dc1.lab.saferit.fr returned 360 bytes. > netr_DsRGetDCName: struct netr_DsRGetDCName > out: struct netr_DsRGetDCName > info : * > info : * > info: struct netr_DsRGetDCNameInfo > dc_unc : * > dc_unc : '\\WIN-NJ57UVUO8PC.testdom.net' > dc_address : * > dc_address : '\\10.0.3.110' > dc_address_type : DS_ADDRESS_TYPE_INET (1) > domain_guid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > domain_name : * > domain_name : 'testdom.net' > forest_name : * > forest_name : 'testdom.net' > dc_flags : 0xe00031fd (3758109181) > 1: DS_SERVER_PDC > 1: DS_SERVER_GC > 1: DS_SERVER_LDAP > 1: DS_SERVER_DS > 1: DS_SERVER_KDC > 1: DS_SERVER_TIMESERV > 1: DS_SERVER_CLOSEST > 1: DS_SERVER_WRITABLE > 0: DS_SERVER_GOOD_TIMESERV > 0: DS_SERVER_NDNC > 0: DS_SERVER_SELECT_SECRET_DOMAIN_6 > 1: DS_SERVER_FULL_SECRET_DOMAIN_6 > 1: DS_SERVER_WEBSERV > 0: DS_SERVER_DS_8 > 1: DS_DNS_CONTROLLER > 1: DS_DNS_DOMAIN > 1: DS_DNS_FOREST_ROOT > dc_site_name : * > dc_site_name : 'Default-First-Site-Name' > client_site_name : * > client_site_name : 'Default-First-Site-Name' > result : WERR_OK >dcerpc_netr_GetAnyDCName returned WIN-NJ57UVUO8PC.testdom.net >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up WIN-NJ57UVUO8PC.testdom.net#20 (sitename Default-First-Site-Name) >name WIN-NJ57UVUO8PC.testdom.net#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result -1073741715 for domain TESTDOM server WIN-NJ57UVUO8PC.testdom.net >DC WIN-NJ57UVUO8PC.testdom.net was in the negative conn cache >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >ads_dc_name: domain=TESTDOM >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >resolve_and_ping_dns: (cldap) looking for realm 'testdom.net' >get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) >saf_fetch: failed to find server for "testdom.net" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) >name testdom.net#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.110:389 >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000031fd (12797) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > forest : 'testdom.net' > dns_domain : 'testdom.net' > pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' > domain_name : 'TESTDOM' > pdc_name : 'WIN-NJ57UVUO8PC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it >sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it >Successfully contacted LDAP server 10.0.3.110 >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >ads_dc_name: using server='WIN-NJ57UVUO8PC.TESTDOM.NET' IP=10.0.3.110 >sitename_fetch: Returning sitename for realm 'testdom.net': "Default-First-Site-Name" >get_sorted_dc_list: attempting lookup for name testdom.net (sitename Default-First-Site-Name) >saf_fetch: failed to find server for "testdom.net" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up testdom.net#1c (sitename Default-First-Site-Name) >name testdom.net#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.110:389 >check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 >get_sorted_dc_list: attempting lookup for name testdom.net (sitename NULL) >saf_fetch: failed to find server for "testdom.net" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up testdom.net#1c (sitename (null)) >name testdom.net#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain testdom.net server 10.0.3.110 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.110:389 >check_negative_conn_cache returning result 0 for domain TESTDOM server 10.0.3.110 >Connecting to 10.0.3.110 at port 445 >ads_try_connect: sending CLDAP request to 10.0.3.110 (realm: testdom.net) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000031fd (12797) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : d07a1caa-e2ff-42cb-a3ec-c759b35284ef > forest : 'testdom.net' > dns_domain : 'testdom.net' > pdc_dns_name : 'WIN-NJ57UVUO8PC.testdom.net' > domain_name : 'TESTDOM' > pdc_name : 'WIN-NJ57UVUO8PC' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [TESTDOM], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM, we already got it >sitename_store: realm = [testdom.net], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/TESTDOM.NET, we already got it >Successfully contacted LDAP server 10.0.3.110 >namecache_store: storing 1 address for WIN-NJ57UVUO8PC.testdom.net#20: 10.0.3.110 >Did not store value for NBT/WIN-NJ57UVUO8PC.TESTDOM.NET#20, we already got it >dcip_to_name: flags = 0x31fd >cm_prepare_connection: connecting to DC WIN-NJ57UVUO8PC.testdom.net for domain TESTDOM >Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 367360 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 >ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a29ae0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a29ba0 > >ldb: Running timer event 0x563e56a29ae0 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a29ba0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a29ae0 "ltdb_callback" > >ldb: no modules required by the db >ldb: No modules specified for this database >ldb: ldb_trace_request: REGISTER_CONTROL >1.2.840.113556.1.4.1413 > control: <NONE> > >ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request >ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a248e0 > >ldb: Added timed event "ltdb_timeout": 0x563e56a249a0 > >ldb: Running timer event 0x563e56a248e0 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search >ldb: Destroying timer event 0x563e56a249a0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a248e0 "ltdb_callback" > >ldb_wrap open of secrets.ldb >ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=LAB)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > >ldb: ldb_trace_request: (tdb)->search >ldb: Added timed event "ltdb_callback": 0x563e56a29980 > >ldb: Added timed event "ltdb_timeout": 0x563e56a294e0 > >ldb: Running timer event 0x563e56a29980 "ltdb_callback" > >ldb: Destroying timer event 0x563e56a294e0 "ltdb_timeout" > >ldb: Ending timer event 0x563e56a29980 "ltdb_callback" > >ldb: ldb_asprintf/set_errstring: dsdb_search at ../source4/dsdb/common/util.c:4576 >connecting to WIN-NJ57UVUO8PC.testdom.net (TESTDOM, testdom.net) with account [LAB\CENTOS$] principal [CENTOS$@LAB.SAFERIT.FR] and realm [LAB.SAFERIT.FR] >got OID=1.3.6.1.4.1.311.2.2.30 >got OID=1.2.840.48018.1.2.2 >kerberos_kinit_password: as CENTOS$@LAB.SAFERIT.FR using [MEMORY:cliconnect] as ccache and config [(null)] >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >gse_get_client_auth_token: Server principal not found >SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/WIN-NJ57UVUO8PC.testdom.net failed (next[ntlmssp]): NT_STATUS_INVALID_PARAMETER >Starting GENSEC submechanism ntlmssp > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x62088215 (1644724757) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > WorkstationLen : 0x0000 (0) > WorkstationMaxLen : 0x0000 (0) > Workstation : * > Workstation : '' > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) > ProductBuild : 0x0000 (0) > Reserved: ARRAY(3) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) >Got challenge flags: >Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_TARGET_TYPE_DOMAIN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP: Set final flags: >Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >NTLMSSP Sign/Seal - Initialising with flags: >Got NTLMSSP neg_flags=0x62088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >SPNEGO login failed: Logon failure >authenticated session setup to WIN-NJ57UVUO8PC.testdom.net using LAB\CENTOS$ failed with NT_STATUS_LOGON_FAILURE >cm_get_ipc_userpass: No auth-user defined >cm_get_ipc_userpass: No auth-user defined >Failed to prepare SMB connection to WIN-NJ57UVUO8PC.testdom.net: NT_STATUS_LOGON_FAILURE >Did not store value for NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net, we already got it >add_failed_connection_entry: added domain TESTDOM (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache >Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM]) >Deleting cache entry (key=[SAF/DOMAIN/TESTDOM]) >Did not store value for NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net, we already got it >add_failed_connection_entry: added domain testdom.net (WIN-NJ57UVUO8PC.testdom.net) to failed conn cache >Deleting cache entry (key=[SAFJOIN/DOMAIN/TESTDOM.NET]) >Deleting cache entry (key=[SAF/DOMAIN/TESTDOM.NET]) >set_domain_offline: called for domain TESTDOM >set_domain_offline: added event handler for domain TESTDOM >messaging_dgm_send: Sending message to 1701 >winbindd_dual_pam_auth: domain: TESTDOM last was offline >Plain-text authentication for user TESTDOM\administrator returned NT_STATUS_LOGON_FAILURE (PAM: 7) >Finished processing child request 13 >Writing 3496 bytes to parent >imessaging_dgm_recv: dst 1701 matches my id: 1701, type=0x40c >messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from 1708 >messaging_recv_cb: Received message 0x40c len 8 (num_fds:0) from 1708 >Domain TESTDOM is marked as offline now. >child daemon request 48 >child_process_request: request fn INIT_CONNECTION >Finished processing child request 48 >Writing 3496 bytes to parent >child daemon request 13 >child_process_request: request fn PAM_AUTH >[ 1701]: dual pam auth TESTDOM\administrator >winbindd_dual_pam_auth: domain: TESTDOM offline and auth request in startup mode. >Searching cache keys with pattern NEG_CONN_CACHE/TESTDOM,* >Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) >Calling function with arguments (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) >Deleting cache entry (key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net]) >Adding cache entry with key=[NEG_CONN_CACHE/TESTDOM,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >flush_negative_conn_cache_for_domain: flushed domain TESTDOM >Searching cache keys with pattern NEG_CONN_CACHE/testdom.net,* >Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) >Calling function with arguments (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net], value=[c000006d], timeout=[Fri Mar 23 05:26:52 AM 2018 EDT]) >Deleting cache entry (key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net]) >Adding cache entry with key=[NEG_CONN_CACHE/testdom.net,WIN-NJ57UVUO8PC.testdom.net] and timeout=[Wed Dec 31 07:00:00 PM 1969 EST] (-1521797152 seconds in the past) >flush_negative_conn_cache_for_domain: flushed domain testdom.net >winbindd_dual_pam_auth: domain: TESTDOM last was offline >Plain-text authentication for user TESTDOM\administrator returned NT_STATUS_NO_LOGON_SERVERS (PAM: 9) >Finished processing child request 13 >Writing 3496 bytes to parent >wb_request_done[1682:PAM_AUTH]: NT_STATUS_NO_LOGON_SERVERS >winbind_client_response_written[1682:PAM_AUTH]: delivered response to client >closing socket 27, client exited >check_domain_online_handler: called for domain LAB (online = True) >Registering messaging pointer for type 1030 - private_data=(nil) >Overriding messaging pointer for type 1030 - private_data=(nil) >Registering messaging pointer for type 1031 - private_data=(nil) >Overriding messaging pointer for type 1031 - private_data=(nil) >msg_dgm_ref_destructor: refs=0x563e56a0d0c0 >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 9440874404573255484 >Deregistering messaging pointer for type 1028 - private_data=(nil) >Deregistering messaging pointer for type 1027 - private_data=(nil) >Deregistering messaging pointer for type 1280 - private_data=(nil) >Deregistering messaging pointer for type 1 - private_data=(nil) >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_dc_name: domain=LAB >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >resolve_and_ping_dns: (cldap) looking for realm 'lab.saferit.fr' >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >ads_try_connect: sending CLDAP request to 10.0.3.10 (realm: lab.saferit.fr) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000f1fd (61949) > 1: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 1: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0b6ead65-ab6b-4ae6-ba6c-bbf010e7545d > forest : 'lab.saferit.fr' > dns_domain : 'lab.saferit.fr' > pdc_dns_name : 'dc1.lab.saferit.fr' > domain_name : 'LAB' > pdc_name : 'DC1' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >sitename_store: realm = [LAB], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB, we already got it >sitename_store: realm = [lab.saferit.fr], sitename = [Default-First-Site-Name], expire = [2085923199] >Did not store value for AD_SITENAME/DOMAIN/LAB.SAFERIT.FR, we already got it >Successfully contacted LDAP server 10.0.3.10 >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >ads_closest_dc: NBT_SERVER_CLOSEST flag set >create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/lock/smb_krb5/krb5.conf.LAB, realm = lab.saferit.fr, domain = LAB >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename Default-First-Site-Name) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site Default-First-Site-Name search >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#dcdc (sitename (null)) >resolve_ads: Attempting to resolve KDCs for lab.saferit.fr using DNS >ads_dns_lookup_srv: 1 records returned in the answer section. >ads_dns_parse_rr_srv: Parsed dc1.lab.saferit.fr [0, 100, 88] >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.0.3.10:88 >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:88 >got 1 addresses from site-less search >0 additional KDCs to test >get_kdc_ip_string: Returning kdc = 10.0.3.10 > >create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/lock/smb_krb5/krb5.conf.LAB with realm LAB.SAFERIT.FR KDC list = kdc = 10.0.3.10 > >ads_dc_name: using server='DC1.LAB.SAFERIT.FR' IP=10.0.3.10 >sitename_fetch: Returning sitename for realm 'lab.saferit.fr': "Default-First-Site-Name" >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename Default-First-Site-Name) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename Default-First-Site-Name) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 >get_sorted_dc_list: attempting lookup for name lab.saferit.fr (sitename NULL) >saf_fetch: Returning "dc1.lab.saferit.fr" for "lab.saferit.fr" domain >get_dc_list: preferred server list: "dc1.lab.saferit.fr, *" >internal_resolve_name: looking up lab.saferit.fr#1c (sitename (null)) >name lab.saferit.fr#1C found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >Adding 1 DC's from auto lookup >sitename_fetch: Returning sitename for realm 'LAB.SAFERIT.FR': "Default-First-Site-Name" >internal_resolve_name: looking up dc1.lab.saferit.fr#20 (sitename Default-First-Site-Name) >name dc1.lab.saferit.fr#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >check_negative_conn_cache returning result 0 for domain lab.saferit.fr server 10.0.3.10 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.0.3.10:389 >check_negative_conn_cache returning result 0 for domain LAB server 10.0.3.10 >messaging_dgm_send: Sending message to 1707 >messaging_recv_cb: Received message 0x406 len 4 (num_fds:0) from 1709 >msg_try_to_go_online: received for domain LAB. >msg_try_to_go_online: domain LAB already online. >process_request: Handling async request 1682:GETPWNAM >getpwnam TESTDOM\administrator > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'TESTDOM' > name : * > name : 'ADMINISTRATOR' > flags : 0x00000008 (8) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USER (1) > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-500 > result : NT_STATUS_OK >SID 0: S-1-5-21-847837108-3999977653-1779688838-500 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: value=[10500:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-500]: id=[10500], endptr=[:B] >netsamlogon_cache_get: SID [S-1-5-21-847837108-3999977653-1779688838-500] > &r: struct netsamlogoncache_entry > timestamp : Fri Mar 23 05:20:37 AM 2018 EDT > info3: struct netr_SamInfo3 > base: struct netr_SamBaseInfo > logon_time : Fri Mar 23 05:09:15 AM 2018 EDT > logoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > kickoff_time : Wed Sep 13 10:48:05 PM 30828 EDT > last_password_change : Mon Feb 12 09:15:04 AM 2018 EST > allow_password_change : Tue Feb 13 09:15:04 AM 2018 EST > force_password_change : Mon Mar 26 10:15:04 AM 2018 EDT > account_name: struct lsa_String > length : 0x001a (26) > size : 0x001a (26) > string : * > string : 'Administrator' > full_name: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : '' > logon_script: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > profile_path: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_directory: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > home_drive: struct lsa_String > length : 0x0000 (0) > size : 0x0000 (0) > string : NULL > logon_count : 0x009d (157) > bad_password_count : 0x0000 (0) > rid : 0x000001f4 (500) > primary_gid : 0x00000201 (513) > groups: struct samr_RidWithAttributeArray > count : 0x00000005 (5) > rids : * > rids: ARRAY(5) > rids: struct samr_RidWithAttribute > rid : 0x00000208 (520) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000200 (512) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000201 (513) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000206 (518) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > rids: struct samr_RidWithAttribute > rid : 0x00000207 (519) > attributes : 0x00000007 (7) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 0: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > user_flags : 0x00000120 (288) > 0: NETLOGON_GUEST > 0: NETLOGON_NOENCRYPTION > 0: NETLOGON_CACHED_ACCOUNT > 0: NETLOGON_USED_LM_PASSWORD > 1: NETLOGON_EXTRA_SIDS > 0: NETLOGON_SUBAUTH_SESSION_KEY > 0: NETLOGON_SERVER_TRUST_ACCOUNT > 1: NETLOGON_NTLMV2_ENABLED > 0: NETLOGON_RESOURCE_GROUPS > 0: NETLOGON_PROFILE_PATH_RETURNED > 0: NETLOGON_GRACE_LOGON > key: struct netr_UserSessionKey > key : 00000000000000000000000000000000 > logon_server: struct lsa_StringLarge > length : 0x001e (30) > size : 0x0020 (32) > string : * > string : 'WIN-NJ57UVUO8PC' > logon_domain: struct lsa_StringLarge > length : 0x000e (14) > size : 0x0010 (16) > string : * > string : 'TESTDOM' > domain_sid : * > domain_sid : S-1-5-21-847837108-3999977653-1779688838 > LMSessKey: struct netr_LMSessionKey > key : 0000000000000000 > acct_flags : 0x00000010 (16) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 1: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > sub_auth_status : 0x00000000 (0) > last_successful_logon : NTTIME(0) > last_failed_logon : NTTIME(0) > failed_logon_count : 0x00000000 (0) > reserved : 0x00000000 (0) > sidcount : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct netr_SidAttr > sid : * > sid : S-1-5-21-546099636-1453775275-3712789297-1130 > attributes : 0x20000007 (536870919) > 1: SE_GROUP_MANDATORY > 1: SE_GROUP_ENABLED_BY_DEFAULT > 1: SE_GROUP_ENABLED > 0: SE_GROUP_OWNER > 0: SE_GROUP_USE_FOR_DENY_ONLY > 1: SE_GROUP_RESOURCE > 0x00: SE_GROUP_LOGON_ID (0) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >Need to read 210 extra bytes >child daemon request 56 >child_process_request: request fn NDRCMD >winbindd_dual_ndrcmd: Running command WBINT_GETNSSINFO (no domain) > wbint_GetNssInfo: struct wbint_GetNssInfo > in: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 >idmap_find_domain called for domain 'TESTDOM' > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >Finished processing child request 56 >Writing 3712 bytes to parent > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'TESTDOM' > acct_name : * > acct_name : 'Administrator' > full_name : * > full_name : '' > homedir : * > homedir : '/home/%u.%D' > shell : * > shell : '/bin/bash' > uid : 0x0000000000002904 (10500) > primary_gid : 0x00000000ffffffff (4294967295) > primary_group_name : NULL > user_sid : S-1-5-21-847837108-3999977653-1779688838-500 > group_sid : S-1-5-21-847837108-3999977653-1779688838-513 > result : NT_STATUS_REQUEST_NOT_ACCEPTED >SID 0: S-1-5-21-847837108-3999977653-1779688838-513 >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: value=[10513:B] >Parsing value for key [IDMAP/SID2XID/S-1-5-21-847837108-3999977653-1779688838-513]: id=[10513], endptr=[:B] >find_lookup_domain_from_sid(S-1-5-21-847837108-3999977653-1779688838-513) >calling find_our_domain > wbint_LookupSid: struct wbint_LookupSid > in: struct wbint_LookupSid > sid : * > sid : S-1-5-21-847837108-3999977653-1779688838-513 > wbint_LookupSid: struct wbint_LookupSid > out: struct wbint_LookupSid > type : * > type : SID_NAME_DOM_GRP (2) > domain : * > domain : * > domain : 'TESTDOM' > name : * > name : * > name : 'Domain Users' > result : NT_STATUS_OK >wb_request_done[1682:GETPWNAM]: NT_STATUS_OK >winbind_client_response_written[1682:GETPWNAM]: delivered response to client >Got sig[2] terminate (is_parent=0) >Got sig[2] terminate (is_parent=0) >Got sig[2] terminate (is_parent=0) >Got sig[2] terminate (is_parent=1) >check lock order 2 for /var/lib/samba/lock/serverid.tdb >lock order: 1:<none> 2:/var/lib/samba/lock/serverid.tdb 3:<none> >Locking key A506000000000000FFFF >Allocated locked data 0x0x563e56a16920 >Unlocking key A506000000000000FFFF >release lock order 2 for /var/lib/samba/lock/serverid.tdb >lock order: 1:<none> 2:<none> 3:<none>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14079">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13346
:
14063
| 14079