Started with winbindd -d 10 -i ============================== winbindd version 3.0.20-3-devel-SUSE started. Copyright The Samba Team 2000-2004 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter utmp = yes doing parameter workgroup = BIOWISDOM doing parameter server string = SAMBA doing parameter time server = yes doing parameter interfaces = 127.0.0.1 eth0 doing parameter bind interfaces only = true doing parameter log file = /var/log/samba/log.%m doing parameter security = ads doing parameter realm = INTERNAL.BIOWISDOM.COM doing parameter password server = * doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter local master = no doing parameter dns proxy = yes doing parameter encrypt passwords = yes doing parameter client plaintext auth = no doing parameter client lanman auth = no doing parameter client ntlmv2 auth = yes doing parameter idmap backend = ldap:ldap://ls-ukdevel01.internal.biowisdom.com doing parameter idmap uid = 10000-20000 doing parameter idmap gid = 10000-20000 doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind use default domain = yes doing parameter winbind cache time = 600 doing parameter template homedir = /home/%U doing parameter template shell = /bin/bash doing parameter ldap suffix = dc=internal,dc=biowisdom,dc=com doing parameter ldap idmap suffix = ou=Idmap doing parameter ldap group suffix = ou=Groups doing parameter ldap user suffix = ou=People doing parameter ldap admin dn = cn=smbadmin,dc=internal,dc=biowisdom,dc=com pm_process() returned Yes lp_servicenumber: couldn't find homes add_a_service: Creating snum = 0 for IPC$ adding IPC service add_a_service: Creating snum = 1 for ADMIN$ adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=192.168.1.17 bcast=192.168.1.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="LS-UKDBASE03" added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 added interface ip=192.168.1.17 bcast=192.168.1.255 nmask=255.255.255.0 Opening cache file at /var/lib/samba/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds smb_register_idmap: Successfully added idmap backend 'ldap' smb_register_idmap: Successfully added idmap backend 'tdb' db_idmap_init: Opening tdbfile /var/lib/samba/winbindd_idmap.tdb idmap_init: using 'ldap' as remote backend smbldap_search_ext: base => [ou=Idmap,dc=internal,dc=biowisdom,dc=com], filter => [(objectclass=sambaUnixIdPool)], scope => [2] The connection to the LDAP server was closed smbldap_open_connection: ldap://ls-ukdevel01.internal.biowisdom.com smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://ls-ukdevel01.internal.biowisdom.com as "cn=smbadmin,dc=internal,dc=biowisdom,dc=com" ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results The LDAP server is succesfully connected fcntl_lock 8 6 0 1 1 fcntl_lock: Lock call successful Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Added domain BIOWISDOM INTERNAL.BIOWISDOM.COM S-1-5-21-73586283-1645522239-682003330 Added domain BUILTIN S-1-5-32 Added domain LS-UKDBASE03 S-1-5-21-3893962149-402388542-230415780 open_winbindd_socket: opened socket fd 11 open_winbindd_priv_socket: opened socket fd 13 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 40 process_request: request fn INIT_CONNECTION Connection to for domain BIOWISDOM has NULL cli! Using cleartext machine password get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] internal_resolve_name: looking up BIOWISDOM#1c Returning valid cache entry: key = NBT/BIOWISDOM#1C, value = 192.168.1.21:0,192.168.1.22:0, timeout = Sat Sep 10 11:12:44 2005 name BIOWISDOM#1C found. Adding 2 DC's from auto lookup remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 2 ip addresses in an unordered list get_dc_list: 192.168.1.21:0 192.168.1.22:0 fcntl_lock 13 6 0 1 0 fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource temporarily unavailable) send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from LS-UKDBASE03<00> to BIOWISDOM<1c> IP 192.168.1.21 Received packet for \MAILSLOT\NET\GETDC1501A8C0 GetDC gave name WS-UKCOMMS for domain BIOWISDOM cm_get_ipc_userpass: No auth-user defined secrets_named_mutex: got mutex for WS-UKCOMMS write_socket(12,183) write_socket(12,183) wrote 183 got smb length of 191 size=191 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=16878 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]= 6784 (0x1A80) smb_vwv[12]=29532 (0x735C) smb_vwv[13]=61113 (0xEEB9) smb_vwv[14]=50613 (0xC5B5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=122 [000] 84 B3 15 0D 4F 3A B6 47 B1 AA 92 8D 93 0E 84 20 ....O:.G ....... [010] 60 68 06 06 2B 06 01 05 05 02 A0 5E 30 5C A0 30 `h..+... ...^0\.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 28 30 26 A0 24 1B 22 77 73 2D 75 6B 63 6F 6D .(0&.$." ws-ukcom [060] 6D 73 24 40 49 4E 54 45 52 4E 41 4C 2E 42 49 4F ms$@INTE RNAL.BIO [070] 57 49 53 44 4F 4D 2E 43 4F 4D WISDOM.C OM size=191 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55297 smb_tid=0 smb_pid=16878 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]= 243 (0xF3) smb_vwv[11]= 6784 (0x1A80) smb_vwv[12]=29532 (0x735C) smb_vwv[13]=61113 (0xEEB9) smb_vwv[14]=50613 (0xC5B5) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=122 [000] 84 B3 15 0D 4F 3A B6 47 B1 AA 92 8D 93 0E 84 20 ....O:.G ....... [010] 60 68 06 06 2B 06 01 05 05 02 A0 5E 30 5C A0 30 `h..+... ...^0\.0 [020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* [030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... [040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... [050] A3 28 30 26 A0 24 1B 22 77 73 2D 75 6B 63 6F 6D .(0&.$." ws-ukcom [060] 6D 73 24 40 49 4E 54 45 52 4E 41 4C 2E 42 49 4F ms$@INTE RNAL.BIO [070] 57 49 53 44 4F 4D 2E 43 4F 4D WISDOM.C OM Serverzone is -3600 connecting to WS-UKCOMMS from LS-UKDBASE03 with kerberos principal [LS-UKDBASE03$@INTERNAL.BIOWISDOM.COM] Doing spnego session setup (blob length=122) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got principal=ws-ukcomms$@INTERNAL.BIOWISDOM.COM Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Sat, 10 Sep 2005 21:02:16 GMT ads_krb5_mk_req: Ticket (ws-ukcomms$@INTERNAL.BIOWISDOM.COM) in ccache (MEMORY:cliconnect) is valid until: (Sat, 10 Sep 2005 21:02:16 GMT - 1126382536) Got KRB5 session key of length 16 SMB signing enabled! cli_simple_set_signing: user_session_key [000] 24 64 15 16 7E 17 15 BB 9F 2D A9 AB 1E 10 B4 A8 $d..~... .-...... cli_simple_set_signing: NULL response_data simple_packet_signature: sequence number 0 client_sign_outgoing_message: sent SMB signature of [000] DB 8A 13 11 82 25 5D DC .....%]. store_sequence_for_reply: stored seq = 1 mid = 2 write_socket(12,1332) write_socket(12,1332) wrote 1332 got smb length of 143 size=143 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=16878 smb_uid=45056 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 143 (0x8F) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=100 [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 [030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A [050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e [060] 00 72 00 00 .r.. get_sequence_for_reply: found seq = 1 mid = 2 simple_packet_signature: sequence number 1 client_check_incoming_message: seq 1: got good SMB signature of [000] 04 EA 8A F7 37 A6 75 5B ....7.u[ size=143 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=0 smb_pid=16878 smb_uid=45056 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 143 (0x8F) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 26 (0x1A) smb_bcc=100 [000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H [010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n [020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 [030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A [050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e [060] 00 72 00 00 .r.. simple_packet_signature: sequence number 2 client_sign_outgoing_message: sent SMB signature of [000] 04 31 2C FB BB FE CE D2 .1,..... store_sequence_for_reply: stored seq = 3 mid = 3 write_socket(12,88) write_socket(12,88) wrote 88 got smb length of 48 size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... get_sequence_for_reply: found seq = 3 mid = 3 simple_packet_signature: sequence number 3 client_check_incoming_message: seq 3: got good SMB signature of [000] EE 07 CE 7D 05 BF 88 D3 ...}.... secrets_named_mutex: released mutex for WS-UKCOMMS simple_packet_signature: sequence number 4 client_sign_outgoing_message: sent SMB signature of [000] 2B 87 F2 C0 DA 33 27 62 +....3'b store_sequence_for_reply: stored seq = 5 mid = 4 write_socket(12,104) write_socket(12,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=4 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 768 (0x300) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 get_sequence_for_reply: found seq = 5 mid = 4 simple_packet_signature: sequence number 5 client_check_incoming_message: seq 5: got good SMB signature of [000] 59 6D 33 45 F0 4C 62 6A Ym3E.Lbj Bind RPC Pipe[4003]: \PIPE\lsarpc Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 3919286a 0024 data : b10c 0026 data : 11d0 0028 data : 9b a8 002a data : 00 c0 4f d9 2e f5 0030 version: 00000000 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:4003 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=5 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... simple_packet_signature: sequence number 6 client_sign_outgoing_message: sent SMB signature of [000] F2 AA 4F 90 67 05 2C EB ..O.g.,. store_sequence_for_reply: stored seq = 7 mid = 5 write_socket(12,158) write_socket(12,158) wrote 158 get_sequence_for_reply: found seq = 7 mid = 5 cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 56 86 02 00 0C 00 5C 50 49 50 45 .....V.. ...\PIPE [020] 5C 6C 73 61 73 73 00 47 82 01 00 00 00 00 00 00 \lsass.G ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... simple_packet_signature: sequence number 7 client_check_incoming_message: seq 7: got good SMB signature of [000] 53 FF 27 AC F1 68 17 42 S.'..h.B size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... [010] 00 B8 10 B8 10 56 86 02 00 0C 00 5C 50 49 50 45 .....V.. ...\PIPE [020] 5C 6C 73 61 73 73 00 47 82 01 00 00 00 00 00 00 \lsass.G ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00028656 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! 000000 ds_io_q_getprimdominfo 0000 level: 0001 create_rpc_request: opnum: 0x0 data_len: 0x1a create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001a 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000000a 0014 context_id: 0000 0016 opnum : 0000 rpc_api_pipe: fnum:4003 size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16387 (0x4003) smb_bcc=41 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . simple_packet_signature: sequence number 8 client_sign_outgoing_message: sent SMB signature of [000] C4 86 B0 0F D9 5E AD CB .....^.. store_sequence_for_reply: stored seq = 9 mid = 6 write_socket(12,112) write_socket(12,112) wrote 112 get_sequence_for_reply: found seq = 9 mid = 6 cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 got smb length of 280 size=280 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 224 (0xE0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=225 [000] 1A 05 00 02 03 10 00 00 00 E0 00 00 00 02 00 00 ........ ........ [010] 00 C8 00 00 00 00 00 00 00 68 72 31 0D 01 00 00 ........ .hr1.... [020] 00 04 00 00 00 01 00 00 01 C0 5F 25 0D 20 46 2F ........ .._%. F/ [030] 0D 30 F0 12 00 11 45 71 7C F4 DD 62 45 BF F8 51 .0....Eq |..bE..Q [040] A0 2A DB B0 EB 0A 00 00 00 00 00 00 00 0A 00 00 .*...... ........ [050] 00 42 00 49 00 4F 00 57 00 49 00 53 00 44 00 4F .B.I.O.W .I.S.D.O [060] 00 4D 00 00 00 17 00 00 00 00 00 00 00 17 00 00 .M...... ........ [070] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l [080] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d [090] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.m...c .o.m.... [0A0] 00 17 00 00 00 00 00 00 00 17 00 00 00 69 00 6E ........ .....i.n [0B0] 00 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 62 .t.e.r.n .a.l...b [0C0] 00 69 00 6F 00 77 00 69 00 73 00 64 00 6F 00 6D .i.o.w.i .s.d.o.m [0D0] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 00 00 ...c.o.m ........ [0E0] 00 . simple_packet_signature: sequence number 9 client_check_incoming_message: seq 9: got good SMB signature of [000] E5 2B 31 BD D8 F6 EA 38 .+1....8 size=280 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 224 (0xE0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 224 (0xE0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=225 [000] 1A 05 00 02 03 10 00 00 00 E0 00 00 00 02 00 00 ........ ........ [010] 00 C8 00 00 00 00 00 00 00 68 72 31 0D 01 00 00 ........ .hr1.... [020] 00 04 00 00 00 01 00 00 01 C0 5F 25 0D 20 46 2F ........ .._%. F/ [030] 0D 30 F0 12 00 11 45 71 7C F4 DD 62 45 BF F8 51 .0....Eq |..bE..Q [040] A0 2A DB B0 EB 0A 00 00 00 00 00 00 00 0A 00 00 .*...... ........ [050] 00 42 00 49 00 4F 00 57 00 49 00 53 00 44 00 4F .B.I.O.W .I.S.D.O [060] 00 4D 00 00 00 17 00 00 00 00 00 00 00 17 00 00 .M...... ........ [070] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l [080] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d [090] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.m...c .o.m.... [0A0] 00 17 00 00 00 00 00 00 00 17 00 00 00 69 00 6E ........ .....i.n [0B0] 00 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 62 .t.e.r.n .a.l...b [0C0] 00 69 00 6F 00 77 00 69 00 73 00 64 00 6F 00 6D .i.o.w.i .s.d.o.m [0D0] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 00 00 ...c.o.m ........ [0E0] 00 . cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 rpc_check_hdr: rdata->data_size = 224 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00e0 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 000000c8 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 224 rpc_api_pipe: fragment first and last both set 000018 ds_io_r_getprimdominfo 0018 ptr: 0d317268 001c level: 0001 001e unknown0: 0000 0020 machine_role: 0004 0022 unknown: 0000 0024 flags: 01000001 0028 netbios_ptr: 0d255fc0 002c dnsname_ptr: 0d2f4620 0030 forestname_ptr: 0012f030 000034 smb_io_uuid domain_guid 0034 data : 7c714511 0038 data : ddf4 003a data : 4562 003c data : bf f8 003e data : 51 a0 2a db b0 eb 000044 smb_io_unistr2 netbios_domain 0044 uni_max_len: 0000000a 0048 offset : 00000000 004c uni_str_len: 0000000a 0050 buffer : B.I.O.W.I.S.D.O.M... 000064 smb_io_unistr2 dns_domain 0064 uni_max_len: 00000017 0068 offset : 00000000 006c uni_str_len: 00000017 0070 buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m... 0000a0 smb_io_unistr2 forest_domain 00a0 uni_max_len: 00000017 00a4 offset : 00000000 00a8 uni_str_len: 00000017 00ac buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m... 00dc status: NT_STATUS_OK simple_packet_signature: sequence number 10 client_sign_outgoing_message: sent SMB signature of [000] 4A 25 B6 31 58 DA 53 4E J%.1X.SN store_sequence_for_reply: stored seq = 11 mid = 7 write_socket(12,45) write_socket(12,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=7 smt_wct=0 smb_bcc=0 get_sequence_for_reply: found seq = 11 mid = 7 simple_packet_signature: sequence number 11 client_check_incoming_message: seq 11: got good SMB signature of [000] 96 CE 75 62 25 64 8A 8B ..ub%d.. simple_packet_signature: sequence number 12 client_sign_outgoing_message: sent SMB signature of [000] 54 57 39 28 ED 75 42 08 TW9(.uB. store_sequence_for_reply: stored seq = 13 mid = 8 write_socket(12,104) write_socket(12,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=8 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 get_sequence_for_reply: found seq = 13 mid = 8 simple_packet_signature: sequence number 13 client_check_incoming_message: seq 13: got good SMB signature of [000] 6D 3C 60 1A 02 DD D8 C4 m<`..... Bind RPC Pipe[400e]: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 00000000 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:400e size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... simple_packet_signature: sequence number 14 client_sign_outgoing_message: sent SMB signature of [000] B9 16 36 61 C9 7A 14 05 ..6a.z.. store_sequence_for_reply: stored seq = 15 mid = 9 write_socket(12,158) write_socket(12,158) wrote 158 get_sequence_for_reply: found seq = 15 mid = 9 cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... [010] 00 B8 10 B8 10 57 86 02 00 0C 00 5C 50 49 50 45 .....W.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... simple_packet_signature: sequence number 15 client_check_incoming_message: seq 15: got good SMB signature of [000] 38 38 20 92 63 AE 48 3C 88 .c.H< size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... [010] 00 B8 10 B8 10 57 86 02 00 0C 00 5C 50 49 50 45 .....W.. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000003 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00028657 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! init_lsa_sec_qos init_q_open_pol2: attr:0 da:33554432 init_lsa_obj_attr 000000 lsa_io_q_open_pol2 0000 ptr : 00000001 000004 smb_io_unistr2 0004 uni_max_len: 00000001 0008 offset : 00000000 000c uni_str_len: 00000001 0010 buffer : .. 000012 lsa_io_obj_attr 0014 len : 00000018 0018 ptr_root_dir: 00000000 001c ptr_obj_name: 00000000 0020 attributes : 00000000 0024 ptr_sec_desc: 00000000 0028 ptr_sec_qos : 00000001 00002c lsa_io_obj_qos sec_qos 002c len : 0000000c 0030 sec_imp_level : 0002 0032 sec_ctxt_mode : 01 0033 effective_only: 00 lsa_io_sec_qos: length c does not match size 8 0034 des_access: 02000000 create_rpc_request: opnum: 0x2c data_len: 0x50 create_rpc_request: data_len: 50 auth_len: 0 alloc_hint: 40 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0050 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000040 0014 context_id: 0000 0016 opnum : 002c rpc_api_pipe: fnum:400e size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=95 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 40 .......P .......@ [020] 00 00 00 00 00 2C 00 01 00 00 00 01 00 00 00 00 .....,.. ........ [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ........ ........ [050] 00 00 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... simple_packet_signature: sequence number 16 client_sign_outgoing_message: sent SMB signature of [000] 56 80 5C 9F 49 14 F3 25 V.\.I..% store_sequence_for_reply: stored seq = 17 mid = 10 write_socket(12,166) write_socket(12,166) wrote 166 get_sequence_for_reply: found seq = 17 mid = 10 cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 got smb length of 104 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 EE 55 CF ........ ......U. [020] 59 D8 58 D7 4C 85 78 FF 29 15 AA B1 B2 00 00 00 Y.X.L.x. )....... [030] 00 . simple_packet_signature: sequence number 17 client_check_incoming_message: seq 17: got good SMB signature of [000] E9 EF 0B 83 51 84 EF B8 ....Q... size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 EE 55 CF ........ ......U. [020] 59 D8 58 D7 4C 85 78 FF 29 15 AA B1 B2 00 00 00 Y.X.L.x. )....... [030] 00 . cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 rpc_check_hdr: rdata->data_size = 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 48 rpc_api_pipe: fragment first and last both set 000018 lsa_io_r_open_pol2 000018 smb_io_pol_hnd 0018 data1: 00000000 001c data2: 59cf55ee 0020 data3: 58d8 0022 data4: 4cd7 0024 data5: 85 78 ff 29 15 aa b1 b2 002c status: NT_STATUS_OK init_q_query2 000000 lsa_io_q_query_info2 000000 smb_io_pol_hnd pol 0000 data1: 00000000 0004 data2: 59cf55ee 0008 data3: 58d8 000a data4: 4cd7 000c data5: 85 78 ff 29 15 aa b1 b2 0014 info_class: 000c create_rpc_request: opnum: 0x2e data_len: 0x2e create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000001e 0014 context_id: 0000 0016 opnum : 002e rpc_api_pipe: fnum:400e size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16398 (0x400E) smb_bcc=61 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 1E ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 EE 55 CF 59 D8 ........ ....U.Y. [030] 58 D7 4C 85 78 FF 29 15 AA B1 B2 0C 00 X.L.x.). ..... simple_packet_signature: sequence number 18 client_sign_outgoing_message: sent SMB signature of [000] 61 84 D8 2D 68 73 F0 CE a..-hs.. store_sequence_for_reply: stored seq = 19 mid = 11 write_socket(12,132) write_socket(12,132) wrote 132 get_sequence_for_reply: found seq = 19 mid = 11 cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 got smb length of 308 size=308 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 252 (0xFC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 252 (0xFC) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=253 [000] 2E 05 00 02 03 10 00 00 00 FC 00 00 00 05 00 00 ........ ........ [010] 00 E4 00 00 00 00 00 00 00 30 F0 12 00 0C 00 00 ........ .0...... [020] 00 12 00 14 00 D8 D5 2C 0D 2C 00 2E 00 20 46 2F ......., .,... F/ [030] 0D 2C 00 2E 00 00 96 15 00 11 45 71 7C F4 DD 62 .,...... ..Eq|..b [040] 45 BF F8 51 A0 2A DB B0 EB 20 5F 2C 0D 0A 00 00 E..Q.*.. . _,.... [050] 00 00 00 00 00 09 00 00 00 42 00 49 00 4F 00 57 ........ .B.I.O.W [060] 00 49 00 53 00 44 00 4F 00 4D 00 00 00 17 00 00 .I.S.D.O .M...... [070] 00 00 00 00 00 16 00 00 00 69 00 6E 00 74 00 65 ........ .i.n.t.e [080] 00 72 00 6E 00 61 00 6C 00 2E 00 62 00 69 00 6F .r.n.a.l ...b.i.o [090] 00 77 00 69 00 73 00 64 00 6F 00 6D 00 2E 00 63 .w.i.s.d .o.m...c [0A0] 00 6F 00 6D 00 17 00 00 00 00 00 00 00 16 00 00 .o.m.... ........ [0B0] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l [0C0] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d [0D0] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 04 00 00 .o.m...c .o.m.... [0E0] 00 01 04 00 00 00 00 00 05 15 00 00 00 6B D6 62 ........ .....k.b [0F0] 04 3F AD 14 62 82 8B A6 28 00 00 00 00 .?..b... (.... simple_packet_signature: sequence number 19 client_check_incoming_message: seq 19: got good SMB signature of [000] F9 D8 AF 9A 57 63 3D A5 ....Wc=. size=308 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 252 (0xFC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 252 (0xFC) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=253 [000] 2E 05 00 02 03 10 00 00 00 FC 00 00 00 05 00 00 ........ ........ [010] 00 E4 00 00 00 00 00 00 00 30 F0 12 00 0C 00 00 ........ .0...... [020] 00 12 00 14 00 D8 D5 2C 0D 2C 00 2E 00 20 46 2F ......., .,... F/ [030] 0D 2C 00 2E 00 00 96 15 00 11 45 71 7C F4 DD 62 .,...... ..Eq|..b [040] 45 BF F8 51 A0 2A DB B0 EB 20 5F 2C 0D 0A 00 00 E..Q.*.. . _,.... [050] 00 00 00 00 00 09 00 00 00 42 00 49 00 4F 00 57 ........ .B.I.O.W [060] 00 49 00 53 00 44 00 4F 00 4D 00 00 00 17 00 00 .I.S.D.O .M...... [070] 00 00 00 00 00 16 00 00 00 69 00 6E 00 74 00 65 ........ .i.n.t.e [080] 00 72 00 6E 00 61 00 6C 00 2E 00 62 00 69 00 6F .r.n.a.l ...b.i.o [090] 00 77 00 69 00 73 00 64 00 6F 00 6D 00 2E 00 63 .w.i.s.d .o.m...c [0A0] 00 6F 00 6D 00 17 00 00 00 00 00 00 00 16 00 00 .o.m.... ........ [0B0] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l [0C0] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d [0D0] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 04 00 00 .o.m...c .o.m.... [0E0] 00 01 04 00 00 00 00 00 05 15 00 00 00 6B D6 62 ........ .....k.b [0F0] 04 3F AD 14 62 82 8B A6 28 00 00 00 00 .?..b... (.... cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 rpc_check_hdr: rdata->data_size = 252 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00fc 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 000000e4 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 252 rpc_api_pipe: fragment first and last both set 000018 lsa_io_r_query_info2 0018 ptr: 0012f030 001c info_class: 000c 00001e lsa_io_dns_dom_info info12 000020 smb_io_unihdr nb_name 0020 uni_str_len: 0012 0022 uni_max_len: 0014 0024 buffer : 0d2cd5d8 000028 smb_io_unihdr dns_name 0028 uni_str_len: 002c 002a uni_max_len: 002e 002c buffer : 0d2f4620 000030 smb_io_unihdr forest 0030 uni_str_len: 002c 0032 uni_max_len: 002e 0034 buffer : 00159600 000038 smb_io_uuid dom_guid 0038 data : 7c714511 003c data : ddf4 003e data : 4562 0040 data : bf f8 0042 data : 51 a0 2a db b0 eb 0048 dom_sid: 0d2c5f20 00004c smb_io_unistr2 nb_name 004c uni_max_len: 0000000a 0050 offset : 00000000 0054 uni_str_len: 00000009 0058 buffer : B.I.O.W.I.S.D.O.M. 00006a smb_io_unistr2 dns_name 006c uni_max_len: 00000017 0070 offset : 00000000 0074 uni_str_len: 00000016 0078 buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m. 0000a4 smb_io_unistr2 forest 00a4 uni_max_len: 00000017 00a8 offset : 00000000 00ac uni_str_len: 00000016 00b0 buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m. 0000dc smb_io_dom_sid2 dom_sid 00dc num_auths: 00000004 0000e0 smb_io_dom_sid sid 00e0 sid_rev_num: 01 00e1 num_auths : 04 00e2 id_auth[0] : 00 00e3 id_auth[1] : 00 00e4 id_auth[2] : 00 00e5 id_auth[3] : 00 00e6 id_auth[4] : 00 00e7 id_auth[5] : 05 00e8 sub_auths : 00000015 0462d66b 6214ad3f 28a68b82 00f8 status: NT_STATUS_OK simple_packet_signature: sequence number 20 client_sign_outgoing_message: sent SMB signature of [000] 73 D7 01 26 85 49 15 9E s..&.I.. store_sequence_for_reply: stored seq = 21 mid = 12 write_socket(12,45) write_socket(12,45) wrote 45 got smb length of 35 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=12 smt_wct=0 smb_bcc=0 get_sequence_for_reply: found seq = 21 mid = 12 simple_packet_signature: sequence number 21 client_check_incoming_message: seq 21: got good SMB signature of [000] CD E8 FE 69 DF B4 91 F1 ...i.... Storing response for pid 16878, len 1304 Retrieving response for pid 16878 Received child initialization response for domain BIOWISDOM client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 17 process_request: request fn LIST_TRUSTDOM [16876]: list trusted domains trusted_domains: [Cached] - doing backend query for info for domain BIOWISDOM ads: trusted_domains Using cleartext machine password simple_packet_signature: sequence number 22 client_sign_outgoing_message: sent SMB signature of [000] E6 89 DF 98 54 E3 07 FC ....T... store_sequence_for_reply: stored seq = 23 mid = 13 write_socket(12,108) write_socket(12,108) wrote 108 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=13 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 get_sequence_for_reply: found seq = 23 mid = 13 simple_packet_signature: sequence number 23 client_check_incoming_message: seq 23: got good SMB signature of [000] C2 95 77 79 6C 2D EB 04 ..wyl-.. Bind RPC Pipe[400c]: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 cf fb 0030 version: 00000001 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:400c size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16396 (0x400C) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... simple_packet_signature: sequence number 24 client_sign_outgoing_message: sent SMB signature of [000] 31 46 33 A8 C6 D0 0A A9 1F3..... store_sequence_for_reply: stored seq = 25 mid = 14 write_socket(12,158) write_socket(12,158) wrote 158 get_sequence_for_reply: found seq = 25 mid = 14 cli_signing_trans_start: storing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... [010] 00 B8 10 B8 10 58 86 02 00 0C 00 5C 50 49 50 45 .....X.. ...\PIPE [020] 5C 6C 73 61 73 73 00 2C 0D 01 00 00 00 00 00 00 \lsass., ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... simple_packet_signature: sequence number 25 client_check_incoming_message: seq 25: got good SMB signature of [000] 2D FA 4E BE 5F 08 FA 57 -.N._..W size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... [010] 00 B8 10 B8 10 58 86 02 00 0C 00 5C 50 49 50 45 .....X.. ...\PIPE [020] 5C 6C 73 61 73 73 00 2C 0D 01 00 00 00 00 00 00 \lsass., ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... cli_signing_trans_stop: freeing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000006 rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00028658 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! cli_net_req_chal: LSA Request Challenge from LS-UKDBASE03 to \\WS-UKCOMMS init_q_req_chal: 676 init_q_req_chal: 685 000000 net_io_q_req_chal 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 0004 uni_max_len: 0000000d 0008 offset : 00000000 000c uni_str_len: 0000000d 0010 buffer : \.\.W.S.-.U.K.C.O.M.M.S... 00002a smb_io_unistr2 002c uni_max_len: 0000000d 0030 offset : 00000000 0034 uni_str_len: 0000000d 0038 buffer : L.S.-.U.K.D.B.A.S.E.0.3... 000052 smb_io_chal 0052 data: ee b1 34 aa 45 75 63 17 create_rpc_request: opnum: 0x4 data_len: 0x72 create_rpc_request: data_len: 72 auth_len: 0 alloc_hint: 62 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0072 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000062 0014 context_id: 0000 0016 opnum : 0004 rpc_api_pipe: fnum:400c size=196 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 114 (0x72) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 114 (0x72) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16396 (0x400C) smb_bcc=129 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 72 00 00 00 07 00 00 00 62 .......r .......b [020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ [030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 53 00 2D .......\ .\.W.S.- [040] 00 55 00 4B 00 43 00 4F 00 4D 00 4D 00 53 00 00 .U.K.C.O .M.M.S.. [050] 00 00 00 0D 00 00 00 00 00 00 00 0D 00 00 00 4C ........ .......L [060] 00 53 00 2D 00 55 00 4B 00 44 00 42 00 41 00 53 .S.-.U.K .D.B.A.S [070] 00 45 00 30 00 33 00 00 00 EE B1 34 AA 45 75 63 .E.0.3.. ...4.Euc [080] 17 . simple_packet_signature: sequence number 26 client_sign_outgoing_message: sent SMB signature of [000] B2 41 19 A0 74 31 B6 14 .A..t1.. store_sequence_for_reply: stored seq = 27 mid = 15 write_socket(12,200) write_socket(12,200) wrote 200 get_sequence_for_reply: found seq = 27 mid = 15 cli_signing_trans_start: storing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 got smb length of 92 size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [000] 72 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 r....... .$...... [010] 00 0C 00 00 00 00 00 00 00 62 F8 03 5E EE E1 DE ........ .b..^... [020] 5F 00 00 00 00 _.... simple_packet_signature: sequence number 27 client_check_incoming_message: seq 27: got good SMB signature of [000] 91 47 7F BE EA 04 1D 46 .G.....F size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [000] 72 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 r....... .$...... [010] 00 0C 00 00 00 00 00 00 00 62 F8 03 5E EE E1 DE ........ .b..^... [020] 5F 00 00 00 00 _.... cli_signing_trans_stop: freeing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 rpc_check_hdr: rdata->data_size = 36 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 36 rpc_api_pipe: fragment first and last both set 000018 net_io_r_req_chal 000018 smb_io_chal 0018 data: 62 f8 03 5e ee e1 de 5f 0020 status: NT_STATUS_OK cred_session_key clnt_chal: EEB134AA45756317 srv_chal : 62F8035EEEE1DE5F clnt+srv : 50AA380833574277 sess_key : FFDA6F1B668321CD cred_create sess_key : FFDA6F1B668321CD stor_cred: EEB134AA45756317 timestamp: 0 timecred : EEB134AA45756317 calc_cred: 5711D96F35DE9DCB cli_net_auth2: srv:\\WS-UKCOMMS acct:LS-UKDBASE03$ sc:2 mc: LS-UKDBASE03 neg: 400701ff init_q_auth_2: 797 make_log_info 1407 init_q_auth_2: 803 000000 net_io_q_auth_2 000000 smb_io_log_info 0000 undoc_buffer: 00000001 000004 smb_io_unistr2 unistr2 0004 uni_max_len: 0000000d 0008 offset : 00000000 000c uni_str_len: 0000000d 0010 buffer : \.\.W.S.-.U.K.C.O.M.M.S... 00002a smb_io_unistr2 unistr2 002c uni_max_len: 0000000e 0030 offset : 00000000 0034 uni_str_len: 0000000e 0038 buffer : L.S.-.U.K.D.B.A.S.E.0.3.$... 0054 sec_chan: 0002 000056 smb_io_unistr2 unistr2 0058 uni_max_len: 0000000d 005c offset : 00000000 0060 uni_str_len: 0000000d 0064 buffer : L.S.-.U.K.D.B.A.S.E.0.3... 00007e smb_io_chal 007e data: 57 11 d9 6f 35 de 9d cb 000086 net_io_neg_flags 0088 neg_flags: 400701ff create_rpc_request: opnum: 0xf data_len: 0xa4 create_rpc_request: data_len: a4 auth_len: 0 alloc_hint: 94 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a4 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000094 0014 context_id: 0000 0016 opnum : 000f rpc_api_pipe: fnum:400c size=246 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 164 (0xA4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 164 (0xA4) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16396 (0x400C) smb_bcc=179 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 A4 00 00 00 08 00 00 00 94 ........ ........ [020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ [030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 53 00 2D .......\ .\.W.S.- [040] 00 55 00 4B 00 43 00 4F 00 4D 00 4D 00 53 00 00 .U.K.C.O .M.M.S.. [050] 00 00 00 0E 00 00 00 00 00 00 00 0E 00 00 00 4C ........ .......L [060] 00 53 00 2D 00 55 00 4B 00 44 00 42 00 41 00 53 .S.-.U.K .D.B.A.S [070] 00 45 00 30 00 33 00 24 00 00 00 02 00 00 00 0D .E.0.3.$ ........ [080] 00 00 00 00 00 00 00 0D 00 00 00 4C 00 53 00 2D ........ ...L.S.- [090] 00 55 00 4B 00 44 00 42 00 41 00 53 00 45 00 30 .U.K.D.B .A.S.E.0 [0A0] 00 33 00 00 00 57 11 D9 6F 35 DE 9D CB 00 00 FF .3...W.. o5...... [0B0] 01 07 40 ..@ simple_packet_signature: sequence number 28 client_sign_outgoing_message: sent SMB signature of [000] D9 F5 9F 98 68 9F 3A 6F ....h.:o store_sequence_for_reply: stored seq = 29 mid = 16 write_socket(12,250) write_socket(12,250) wrote 250 get_sequence_for_reply: found seq = 29 mid = 16 cli_signing_trans_start: storing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 got smb length of 96 size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [000] A4 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 7C 2E 58 75 E2 FD F2 ........ .|.Xu... [020] C2 FF 01 07 40 00 00 00 00 ....@... . simple_packet_signature: sequence number 29 client_check_incoming_message: seq 29: got good SMB signature of [000] 2E E1 AA A6 E8 BD 45 86 ......E. size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [000] A4 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 7C 2E 58 75 E2 FD F2 ........ .|.Xu... [020] C2 FF 01 07 40 00 00 00 00 ....@... . cli_signing_trans_stop: freeing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 rpc_check_hdr: rdata->data_size = 40 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 40 rpc_api_pipe: fragment first and last both set 000018 net_io_r_auth_2 000018 smb_io_chal 0018 data: 7c 2e 58 75 e2 fd f2 c2 000020 net_io_neg_flags 0020 neg_flags: 400701ff 0024 status: NT_STATUS_OK cred_create sess_key : FFDA6F1B668321CD stor_cred: 62F8035EEEE1DE5F timestamp: 0 timecred : 62F8035EEEE1DE5F calc_cred: 7C2E5875E2FDF2C2 cred_assert challenge : 7C2E5875E2FDF2C2 calculated: 7C2E5875E2FDF2C2 credentials check ok simple_packet_signature: sequence number 30 client_sign_outgoing_message: sent SMB signature of [000] EC DA B3 86 12 61 B9 70 .....a.p store_sequence_for_reply: stored seq = 31 mid = 17 write_socket(12,108) write_socket(12,108) wrote 108 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=17 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 320 (0x140) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 get_sequence_for_reply: found seq = 31 mid = 17 simple_packet_signature: sequence number 31 client_check_incoming_message: seq 31: got good SMB signature of [000] 4A BB 83 04 18 22 43 38 J...."C8 Bind RPC Pipe[4001]: \PIPE\NETLOGON Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. [010] 01 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr_auth hdr_auth 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_neg netsec_neg 0008 type1: 00000000 000c type2: 00000003 [000] 42 49 4F 57 49 53 44 4F 4D BIOWISDO M [000] 4C 53 2D 55 4B 44 42 41 53 45 30 33 LS-UKDBA SE03 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006f 000a auth_len : 001f 000c call_id : 00000009 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 cf fb 0030 version: 00000001 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:4001 size=193 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 111 (0x6F) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 111 (0x6F) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=126 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 6F 00 1F 00 09 00 00 00 B8 .......o ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 42 49 4F 57 49 53 44 4F 4D .......B IOWISDOM [070] 00 4C 53 2D 55 4B 44 42 41 53 45 30 33 00 .LS-UKDB ASE03. simple_packet_signature: sequence number 32 client_sign_outgoing_message: sent SMB signature of [000] 2A CB 92 07 51 C0 B5 51 *...Q..Q store_sequence_for_reply: stored seq = 33 mid = 18 write_socket(12,197) write_socket(12,197) wrote 197 get_sequence_for_reply: found seq = 33 mid = 18 cli_signing_trans_start: storing mid = 18, reply_seq_num = 33, send_seq_num = 32 data->send_seq_num = 34 got smb length of 144 size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [000] 6F 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 o....... .X...... [010] 00 B8 10 B8 10 59 86 02 00 0C 00 5C 50 49 50 45 .....Y.. ...\PIPE [020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . simple_packet_signature: sequence number 33 client_check_incoming_message: seq 33: got good SMB signature of [000] C2 A9 4A B4 02 1E 42 D7 ..J...B. size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 88 (0x58) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=89 [000] 6F 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 o....... .X...... [010] 00 B8 10 B8 10 59 86 02 00 0C 00 5C 50 49 50 45 .....Y.. ...\PIPE [020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ [050] 00 00 00 00 00 00 00 00 00 ........ . cli_signing_trans_stop: freeing mid = 18, reply_seq_num = 33, send_seq_num = 32 data->send_seq_num = 34 rpc_check_hdr: rdata->data_size = 88 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 000c 000c call_id : 00000009 rpc_api_pipe: len left: 0 smbtrans read: 88 rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 00 0003 auth_reserved: 00 0004 auth_context_id: 00000001 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00028659 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! 000000 ds_io_q_enum_domain_trusts 0000 server_ptr: 00000001 000004 smb_io_unistr2 server 0004 uni_max_len: 0000000b 0008 offset : 00000000 000c uni_str_len: 0000000b 0010 buffer : W.S.-.U.K.C.O.M.M.S... 0028 flags: 00000003 000030 smb_io_rpc_hdr_auth hdr_auth 0030 auth_type : 44 0031 auth_level : 06 0032 auth_pad_len : 04 0033 auth_reserved: 00 0034 auth_context_id: 00000001 SCHANNEL seq_num=0 SCHANNEL: netsec_encode seq_num=0 data_len=48 000038 smb_io_rpc_auth_netsec_chk 0038 sig : 77 00 7a 00 ff ff 00 00 0040 seq_num: 8b 67 51 9a 22 20 f6 80 0048 packet_digest: 2d 18 bc 53 7a da 97 41 0050 confounder: fb d6 3d 4c a4 c9 04 9b create_rpc_request: opnum: 0x28 data_len: 0x70 create_rpc_request: data_len: 70 auth_len: 20 alloc_hint: 38 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0070 000a auth_len : 0020 000c call_id : 0000000a 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000038 0014 context_id: 0000 0016 opnum : 0028 rpc_api_pipe: fnum:4001 size=194 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=16385 (0x4001) smb_bcc=127 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 70 00 20 00 0A 00 00 00 38 .......p . .....8 [020] 00 00 00 00 00 28 00 B7 31 1C 0E 02 5F C8 44 A4 .....(.. 1..._.D. [030] D5 DD 60 F9 F6 ED 57 04 EB 0C 83 EC 7A 1C 3B 5E ..`...W. ....z.;^ [040] 65 B0 B3 A5 A1 AC 1D 37 8A 2A 54 B4 B5 24 2F BC e......7 .*T..$/. [050] 0F 58 5A 25 14 6A BF 44 06 04 00 01 00 00 00 77 .XZ%.j.D .......w [060] 00 7A 00 FF FF 00 00 8B 67 51 9A 22 20 F6 80 2D .z...... gQ." ..- [070] 18 BC 53 7A DA 97 41 FB D6 3D 4C A4 C9 04 9B ..Sz..A. .=L.... simple_packet_signature: sequence number 34 client_sign_outgoing_message: sent SMB signature of [000] 2D 86 C0 A2 5F 67 A7 46 -..._g.F store_sequence_for_reply: stored seq = 35 mid = 19 write_socket(12,198) write_socket(12,198) wrote 198 get_sequence_for_reply: found seq = 35 mid = 19 cli_signing_trans_start: storing mid = 19, reply_seq_num = 35, send_seq_num = 34 data->send_seq_num = 36 got smb length of 312 size=312 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 256 (0x100) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=257 [000] 70 05 00 02 03 10 00 00 00 00 01 20 00 0A 00 00 p....... ... .... [010] 00 B4 00 00 00 00 00 00 00 C8 C1 37 C6 1D CC F0 ........ ...7.... [020] 2A 06 B2 7C 85 95 F0 02 CD 34 96 E7 00 5D BD 4D *..|.... .4...].M [030] 6F FE CD BB A5 D3 79 3B 59 67 8F 5B F3 28 87 48 o.....y; Yg.[.(.H [040] 9D 78 01 DD 59 75 4F 2B 50 B6 34 2E BC 23 61 B5 .x..YuO+ P.4..#a. [050] DF F9 C7 B6 2F 09 19 B9 29 12 39 9F 5F E7 6E 27 ..../... ).9._.n' [060] 13 10 5E 14 A4 D6 B6 57 28 4D 30 74 5A AB D2 05 ..^....W (M0tZ... [070] BC 13 6C 07 ED 9F 16 FF 95 FD 32 41 94 A8 63 62 ..l..... ..2A..cb [080] F9 19 6A 2A 51 D6 57 CD 63 E6 3D 5A 7B 13 7B 03 ..j*Q.W. c.=Z{.{. [090] C6 6E FA 02 A2 51 22 49 16 4A 24 88 9F 00 79 3F .n...Q"I .J$...y? [0A0] 66 C0 65 23 A9 F8 0D DD 0D A1 D4 71 E3 FB A1 00 f.e#.... ...q.... [0B0] 3A 91 C4 69 A4 50 50 D6 03 EB FB 5B 93 12 2C 58 :..i.PP. ...[..,X [0C0] C1 76 3E 1A 13 A8 03 CA 3A 8F EC 65 A1 B9 97 C1 .v>..... :..e.... [0D0] 64 72 F6 BF 6F B1 C4 D8 EE 44 06 0C 00 01 00 00 dr..o... .D...... [0E0] 00 77 00 7A 00 FF FF 00 00 77 9E 9B AF 4D EF 6E .w.z.... .w...M.n [0F0] 75 85 37 21 CE 25 E2 B8 07 91 0C 2B 60 45 17 3E u.7!.%.. ...+`E.> [100] F6 . simple_packet_signature: sequence number 35 client_check_incoming_message: seq 35: got good SMB signature of [000] EB D9 74 87 E7 EE E8 B8 ..t..... size=312 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 256 (0x100) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=257 [000] 70 05 00 02 03 10 00 00 00 00 01 20 00 0A 00 00 p....... ... .... [010] 00 B4 00 00 00 00 00 00 00 C8 C1 37 C6 1D CC F0 ........ ...7.... [020] 2A 06 B2 7C 85 95 F0 02 CD 34 96 E7 00 5D BD 4D *..|.... .4...].M [030] 6F FE CD BB A5 D3 79 3B 59 67 8F 5B F3 28 87 48 o.....y; Yg.[.(.H [040] 9D 78 01 DD 59 75 4F 2B 50 B6 34 2E BC 23 61 B5 .x..YuO+ P.4..#a. [050] DF F9 C7 B6 2F 09 19 B9 29 12 39 9F 5F E7 6E 27 ..../... ).9._.n' [060] 13 10 5E 14 A4 D6 B6 57 28 4D 30 74 5A AB D2 05 ..^....W (M0tZ... [070] BC 13 6C 07 ED 9F 16 FF 95 FD 32 41 94 A8 63 62 ..l..... ..2A..cb [080] F9 19 6A 2A 51 D6 57 CD 63 E6 3D 5A 7B 13 7B 03 ..j*Q.W. c.=Z{.{. [090] C6 6E FA 02 A2 51 22 49 16 4A 24 88 9F 00 79 3F .n...Q"I .J$...y? [0A0] 66 C0 65 23 A9 F8 0D DD 0D A1 D4 71 E3 FB A1 00 f.e#.... ...q.... [0B0] 3A 91 C4 69 A4 50 50 D6 03 EB FB 5B 93 12 2C 58 :..i.PP. ...[..,X [0C0] C1 76 3E 1A 13 A8 03 CA 3A 8F EC 65 A1 B9 97 C1 .v>..... :..e.... [0D0] 64 72 F6 BF 6F B1 C4 D8 EE 44 06 0C 00 01 00 00 dr..o... .D...... [0E0] 00 77 00 7A 00 FF FF 00 00 77 9E 9B AF 4D EF 6E .w.z.... .w...M.n [0F0] 75 85 37 21 CE 25 E2 B8 07 91 0C 2B 60 45 17 3E u.7!.%.. ...+`E.> [100] F6 . cli_signing_trans_stop: freeing mid = 19, reply_seq_num = 35, send_seq_num = 34 data->send_seq_num = 36 rpc_check_hdr: rdata->data_size = 256 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0100 000a auth_len : 0020 000c call_id : 0000000a 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 000000b4 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 256 rpc_auth_pipe: pkt_type: 2 len: 256 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes rpc_auth_pipe: packet: 000000 smb_io_rpc_hdr_auth auth_hdr 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 0c 0003 auth_reserved: 00 0004 auth_context_id: 00000001 000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign 0008 sig : 77 00 7a 00 ff ff 00 00 0010 seq_num: 77 9e 9b af 4d ef 6e 75 0018 packet_digest: 85 37 21 ce 25 e2 b8 07 0020 confounder: 91 0c 2b 60 45 17 3e f6 SCHANNEL: netsec_encode seq_num=1 data_len=192 SCHANNEL: netsec_decode seq_num=1 data_len=192 rpc_api_pipe: fragment first and last both set 000018 ds_io_r_enum_domain_trusts 0018 num_domains: 00000001 00001c ds_io_dom_trusts_ctr domains 001c ptr: 0d2cfab0 0020 max_count: 00000001 000024 ds_io_dom_trusts_ctr domain_trusts 0024 netbios_ptr: 0d2cfaf4 0028 dns_ptr: 0d2cfb08 002c flags: 0000001d 0030 parent_index: 00000000 0034 trust_type: 00000002 0038 trust_attributes: 00000000 003c sid_ptr: 0d2cfadc 000040 smb_io_uuid guid 0040 data : 7c714511 0044 data : ddf4 0046 data : 4562 0048 data : bf f8 004a data : 51 a0 2a db b0 eb 000050 smb_io_unistr2 netbios_domain 0050 uni_max_len: 0000000a 0054 offset : 00000000 0058 uni_str_len: 0000000a 005c buffer : B.I.O.W.I.S.D.O.M... 000070 smb_io_unistr2 dns_domain 0070 uni_max_len: 00000017 0074 offset : 00000000 0078 uni_str_len: 00000017 007c buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m... 0000ac smb_io_dom_sid2 sid 00ac num_auths: 00000004 0000b0 smb_io_dom_sid sid 00b0 sid_rev_num: 01 00b1 num_auths : 04 00b2 id_auth[0] : 00 00b3 id_auth[1] : 00 00b4 id_auth[2] : 00 00b5 id_auth[3] : 00 00b6 id_auth[4] : 00 00b7 id_auth[5] : 05 00b8 sub_auths : 00000015 0462d66b 6214ad3f 28a68b82 00c8 status: NT_STATUS_OK Storing response for pid 16878, len 1376 Storing extra data: len=72 Retrieving response for pid 16878 Retrieving extra data length=72 accepted socket 17 process_request: request fn INTERFACE_VERSION [ 0]: request interface version process_request: request fn WINBINDD_PRIV_PIPE_DIR [ 0]: request location of privileged pipe accepted socket 18 process_request: request fn GETGROUPS [ 0]: getgroups guest client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 19 process_request: request fn LOOKUPNAME [16876]: lookupname BIOWISDOM\guest fetch_cache_seqnum: invalid data size key [SEQNUM/BIOWISDOM] ads: fetch sequence_number for BIOWISDOM ads_find_dc: looking for realm 'internal.biowisdom.com' get_sorted_dc_list: attempting lookup using [ads] internal_resolve_name: looking up internal.biowisdom.com#1c Returning expired cache entry: key = NBT/INTERNAL.BIOWISDOM.COM#1C, value = 192.168.1.22:389,192.168.1.21:389, timeout = Sat Sep 10 07:03:01 2005 no entry for internal.biowisdom.com#1C found. Deleting cache entry (key = NBT/INTERNAL.BIOWISDOM.COM#1C) resolve_hosts: Attempting to resolve DC's for internal.biowisdom.com using DNS remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 2 addresses for internal.biowisdom.com#1c: 192.168.1.22:389,192.168.1.21:389 Adding cache entry with key = NBT/INTERNAL.BIOWISDOM.COM#1C; value = 192.168.1.22:389,192.168.1.21:389 and timeout = Sat Sep 10 11:13:30 2005 (660 seconds ahead) internal_resolve_name: returning 2 addresses: 192.168.1.22:389 192.168.1.21:389 Adding 2 DC's from auto lookup remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 2 ip addresses in an unordered list get_dc_list: 192.168.1.22:389 192.168.1.21:389 ads_try_connect: trying ldap server '192.168.1.22' port 389 Connected to LDAP server 192.168.1.22 got ldap server name ws-ukdatastore@INTERNAL.BIOWISDOM.COM, using bind path: dc=INTERNAL,dc=BIOWISDOM,dc=COM time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 ads_sasl_spnego_bind: got server principal name =ws-ukdatastore$@INTERNAL.BIOWISDOM.COM ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) Ticket in ccache[MEMORY:winbind_ccache] expiration Sat, 10 Sep 2005 21:02:30 GMT ads_krb5_mk_req: Ticket (ws-ukdatastore$@INTERNAL.BIOWISDOM.COM) in ccache (MEMORY:winbind_ccache) is valid until: (Sat, 10 Sep 2005 21:02:30 GMT - 1126382550) Got KRB5 session key of length 16 Search for (objectclass=*) gave 1 replies store_cache_seqnum: success [BIOWISDOM][4740154 @ 1126346550] refresh_sequence_number: BIOWISDOM seq number is now 4740154 name_to_sid: [Cached] - doing backend query for name for domain BIOWISDOM rpc: name_to_sid name=BIOWISDOM\guest name_to_sid [rpc] guest for domain BIOWISDOM simple_packet_signature: sequence number 36 client_sign_outgoing_message: sent SMB signature of [000] A6 F7 05 94 BD 45 16 3B .....E.; store_sequence_for_reply: stored seq = 37 mid = 20 write_socket(12,104) write_socket(12,104) wrote 104 got smb length of 103 size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=20 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 103 (0x67) smb_vwv[ 2]= 1536 (0x600) smb_vwv[ 3]= 448 (0x1C0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 16 (0x10) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 get_sequence_for_reply: found seq = 37 mid = 20 simple_packet_signature: sequence number 37 client_check_incoming_message: seq 37: got good SMB signature of [000] A0 40 FF 51 87 A4 E0 29 .@.Q...) Bind RPC Pipe[c006]: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 0000000b 000010 smb_io_rpc_hdr_rb 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 00001f smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 00000000 000034 smb_io_rpc_iface 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 rpc_api_pipe: fnum:c006 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49158 (0xC006) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0B 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... simple_packet_signature: sequence number 38 client_sign_outgoing_message: sent SMB signature of [000] E0 03 1C 59 E5 82 6B 95 ...Y..k. store_sequence_for_reply: stored seq = 39 mid = 21 write_socket(12,158) write_socket(12,158) wrote 158 get_sequence_for_reply: found seq = 39 mid = 21 cli_signing_trans_start: storing mid = 21, reply_seq_num = 39, send_seq_num = 38 data->send_seq_num = 40 got smb length of 124 size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 H....... .D...... [010] 00 B8 10 B8 10 5D 86 02 00 0C 00 5C 50 49 50 45 .....].. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... simple_packet_signature: sequence number 39 client_check_incoming_message: seq 39: got good SMB signature of [000] 8D 73 D5 0E 19 5F D5 F5 .s..._.. size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 H....... .D...... [010] 00 B8 10 B8 10 5D 86 02 00 0C 00 5C 50 49 50 45 .....].. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... cli_signing_trans_stop: freeing mid = 21, reply_seq_num = 39, send_seq_num = 38 data->send_seq_num = 40 rpc_check_hdr: rdata->data_size = 68 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 0000000b rpc_api_pipe: len left: 0 smbtrans read: 68 rpc_api_pipe: fragment first and last both set rpc_pipe_bind: rpc_api_pipe returned OK. 000010 smb_io_rpc_hdr_ba 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 0002865d 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \PIPE\lsass. 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 000030 smb_io_rpc_iface 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 bind_rpc_pipe: accepted! init_lsa_sec_qos init_open_pol: attr:0 da:33554432 init_lsa_obj_attr 000000 lsa_io_q_open_pol 0000 ptr : 00000001 0004 system_name: 005c 000008 lsa_io_obj_attr 0008 len : 00000018 000c ptr_root_dir: 00000000 0010 ptr_obj_name: 00000000 0014 attributes : 00000000 0018 ptr_sec_desc: 00000000 001c ptr_sec_qos : 00000001 000020 lsa_io_obj_qos sec_qos 0020 len : 0000000c 0024 sec_imp_level : 0002 0026 sec_ctxt_mode : 01 0027 effective_only: 00 lsa_io_sec_qos: length c does not match size 8 0028 des_access: 02000000 create_rpc_request: opnum: 0x6 data_len: 0x44 create_rpc_request: data_len: 44 auth_len: 0 alloc_hint: 34 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 0000000c 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000034 0014 context_id: 0000 0016 opnum : 0006 rpc_api_pipe: fnum:c006 size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49158 (0xC006) smb_bcc=83 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 0C 00 00 00 34 .......D .......4 [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... simple_packet_signature: sequence number 40 client_sign_outgoing_message: sent SMB signature of [000] 25 42 84 0C 10 64 05 AE %B...d.. store_sequence_for_reply: stored seq = 41 mid = 22 write_socket(12,154) write_socket(12,154) wrote 154 get_sequence_for_reply: found seq = 41 mid = 22 cli_signing_trans_start: storing mid = 22, reply_seq_num = 41, send_seq_num = 40 data->send_seq_num = 42 got smb length of 104 size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 44 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 D....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 D7 1B ........ ........ [020] 37 3F A9 9A 49 A7 7D AF EA E9 27 A4 7F 00 00 00 7?..I.}. ..'..... [030] 00 . simple_packet_signature: sequence number 41 client_check_incoming_message: seq 41: got good SMB signature of [000] 34 32 E4 A6 F1 3B 6E 9A 42...;n. size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [000] 44 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 D....... .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 D7 1B ........ ........ [020] 37 3F A9 9A 49 A7 7D AF EA E9 27 A4 7F 00 00 00 7?..I.}. ..'..... [030] 00 . cli_signing_trans_stop: freeing mid = 22, reply_seq_num = 41, send_seq_num = 40 data->send_seq_num = 42 rpc_check_hdr: rdata->data_size = 48 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000c 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 48 rpc_api_pipe: fragment first and last both set 000018 lsa_io_r_open_pol 000018 smb_io_pol_hnd 0018 data1: 00000000 001c data2: 371bd707 0020 data3: a93f 0022 data4: 499a 0024 data5: a7 7d af ea e9 27 a4 7f 002c status: NT_STATUS_OK init_q_lookup_names 000000 lsa_io_q_lookup_names 000000 smb_io_pol_hnd 0000 data1: 00000000 0004 data2: 371bd707 0008 data3: a93f 000a data4: 499a 000c data5: a7 7d af ea e9 27 a4 7f 0014 num_entries : 00000001 0018 num_entries2 : 00000001 00001c smb_io_unihdr hdr_name 001c uni_str_len: 001e 001e uni_max_len: 001e 0020 buffer : 00000001 000024 smb_io_unistr2 dom_name 0024 uni_max_len: 0000000f 0028 offset : 00000000 002c uni_str_len: 0000000f 0030 buffer : B.I.O.W.I.S.D.O.M.\.g.u.e.s.t. 0050 num_trans_entries : 00000000 0054 ptr_trans_sids : 00000000 0058 lookup_level : 00000001 005c mapped_count : 00000000 create_rpc_request: opnum: 0xe data_len: 0x78 create_rpc_request: data_len: 78 auth_len: 0 alloc_hint: 68 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0078 000a auth_len : 0000 000c call_id : 0000000d 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 00000068 0014 context_id: 0000 0016 opnum : 000e rpc_api_pipe: fnum:c006 size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=55297 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=49158 (0xC006) smb_bcc=135 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 00 00 0D 00 00 00 68 .......x .......h [020] 00 00 00 00 00 0E 00 00 00 00 00 07 D7 1B 37 3F ........ ......7? [030] A9 9A 49 A7 7D AF EA E9 27 A4 7F 01 00 00 00 01 ..I.}... '....... [040] 00 00 00 1E 00 1E 00 01 00 00 00 0F 00 00 00 00 ........ ........ [050] 00 00 00 0F 00 00 00 42 00 49 00 4F 00 57 00 49 .......B .I.O.W.I [060] 00 53 00 44 00 4F 00 4D 00 5C 00 67 00 75 00 65 .S.D.O.M .\.g.u.e [070] 00 73 00 74 00 00 00 00 00 00 00 00 00 00 00 01 .s.t.... ........ [080] 00 00 00 00 00 00 00 ....... simple_packet_signature: sequence number 42 client_sign_outgoing_message: sent SMB signature of [000] 25 9F 15 E6 5F 58 10 92 %..._X.. store_sequence_for_reply: stored seq = 43 mid = 23 write_socket(12,206) write_socket(12,206) wrote 206 get_sequence_for_reply: found seq = 43 mid = 23 cli_signing_trans_start: storing mid = 23, reply_seq_num = 43, send_seq_num = 42 data->send_seq_num = 44 got smb length of 204 size=204 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 148 (0x94) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=149 [000] 78 05 00 02 03 10 00 00 00 94 00 00 00 0D 00 00 x....... ........ [010] 00 7C 00 00 00 00 00 00 00 20 AA 28 0D 01 00 00 .|...... . .(.... [020] 00 38 76 14 00 20 00 00 00 01 00 00 00 12 00 14 .8v.. .. ........ [030] 00 68 92 29 0D 70 05 9D 01 0A 00 00 00 00 00 00 .h.).p.. ........ [040] 00 09 00 00 00 42 00 49 00 4F 00 57 00 49 00 53 .....B.I .O.W.I.S [050] 00 44 00 4F 00 4D 00 00 00 04 00 00 00 01 04 00 .D.O.M.. ........ [060] 00 00 00 00 05 15 00 00 00 6B D6 62 04 3F AD 14 ........ .k.b.?.. [070] 62 82 8B A6 28 01 00 00 00 D8 7E 26 0D 01 00 00 b...(... ..~&.... [080] 00 01 00 6E 00 F5 01 00 00 00 00 00 00 01 00 00 ...n.... ........ [090] 00 00 00 00 00 ..... simple_packet_signature: sequence number 43 client_check_incoming_message: seq 43: got good SMB signature of [000] DF 90 73 42 99 7F 5B 55 ..sB..[U size=204 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=55301 smb_tid=59397 smb_pid=16878 smb_uid=45056 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 148 (0x94) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=149 [000] 78 05 00 02 03 10 00 00 00 94 00 00 00 0D 00 00 x....... ........ [010] 00 7C 00 00 00 00 00 00 00 20 AA 28 0D 01 00 00 .|...... . .(.... [020] 00 38 76 14 00 20 00 00 00 01 00 00 00 12 00 14 .8v.. .. ........ [030] 00 68 92 29 0D 70 05 9D 01 0A 00 00 00 00 00 00 .h.).p.. ........ [040] 00 09 00 00 00 42 00 49 00 4F 00 57 00 49 00 53 .....B.I .O.W.I.S [050] 00 44 00 4F 00 4D 00 00 00 04 00 00 00 01 04 00 .D.O.M.. ........ [060] 00 00 00 00 05 15 00 00 00 6B D6 62 04 3F AD 14 ........ .k.b.?.. [070] 62 82 8B A6 28 01 00 00 00 D8 7E 26 0D 01 00 00 b...(... ..~&.... [080] 00 01 00 6E 00 F5 01 00 00 00 00 00 00 01 00 00 ...n.... ........ [090] 00 00 00 00 00 ..... cli_signing_trans_stop: freeing mid = 23, reply_seq_num = 43, send_seq_num = 42 data->send_seq_num = 44 rpc_check_hdr: rdata->data_size = 148 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0094 000a auth_len : 0000 000c call_id : 0000000d 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0000007c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 148 rpc_api_pipe: fragment first and last both set 000018 lsa_io_r_lookup_names 0018 ptr_dom_ref: 0d28aa20 00001c lsa_io_dom_r_ref 001c num_ref_doms_1: 00000001 0020 ptr_ref_dom : 00147638 0024 max_entries : 00000020 0028 num_ref_doms_2: 00000001 00002c smb_io_unihdr dom_ref[0] 002c uni_str_len: 0012 002e uni_max_len: 0014 0030 buffer : 0d299268 0034 sid_ptr[0] : 019d0570 000038 smb_io_unistr2 dom_ref[0] 0038 uni_max_len: 0000000a 003c offset : 00000000 0040 uni_str_len: 00000009 0044 buffer : B.I.O.W.I.S.D.O.M. 000058 smb_io_dom_sid2 sid_ptr[0] 0058 num_auths: 00000004 00005c smb_io_dom_sid sid 005c sid_rev_num: 01 005d num_auths : 04 005e id_auth[0] : 00 005f id_auth[1] : 00 0060 id_auth[2] : 00 0061 id_auth[3] : 00 0062 id_auth[4] : 00 0063 id_auth[5] : 05 0064 sub_auths : 00000015 0462d66b 6214ad3f 28a68b82 0074 num_entries: 00000001 0078 ptr_entries: 0d267ed8 007c num_entries2: 00000001 000080 smb_io_dom_rid2 0080 type : 01 0084 rid : 000001f5 0088 rid_idx: 00000000 008c mapped_count: 00000001 0090 status : NT_STATUS_OK wcache_save_name_to_sid: GUEST -> S-1-5-21-73586283-1645522239-682003330-501 Storing response for pid 16878, len 1304 Retrieving response for pid 16878 client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 39 process_request: request fn GETUSERDOMGROUPS refresh_sequence_number: BIOWISDOM time ok refresh_sequence_number: BIOWISDOM seq number is now 4740154 lookup_usergroups: [Cached] - doing backend query for info for domain BIOWISDOM ads: lookup_usergroups Current tickets expire at 1126382550, time is now 1126346550 Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\6B\D6\62\04\3F\AD\14\62\82\8B\A6\28\F5\01\00\00) gave 1 replies ads sid_to_dn mapped CN=Guest,CN=Users,DC=internal,DC=biowisdom,DC=com Search for (objectclass=*) gave 1 replies pulling SID: S-1-5-32-545 pulling SID: S-1-5-32-546 pulling SID: S-1-5-21-73586283-1645522239-682003330-514 pulling SID: S-1-5-21-73586283-1645522239-682003330-513 ads lookup_usergroups for sid=S-1-5-21-73586283-1645522239-682003330-501 refresh_sequence_number: BIOWISDOM time ok refresh_sequence_number: BIOWISDOM seq number is now 4740154 Storing response for pid 16878, len 1417 Storing extra data: len=113 =============================================================== INTERNAL ERROR: Signal 6 in pid 16878 (3.0.20-3-devel-SUSE) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== smb_panic: clobber_region() last called from [sprintf_append(2206)] PANIC: internal error BACKTRACE: 15 stack frames: #0 winbindd(smb_panic2+0x108) [0x495438] #1 winbindd [0x4831b6] #2 /lib64/tls/libc.so.6 [0x2aaaab95ff00] #3 /lib64/tls/libc.so.6(gsignal+0x39) [0x2aaaab95fe79] #4 /lib64/tls/libc.so.6(abort+0x13f) [0x2aaaab96148f] #5 /lib64/tls/libc.so.6 [0x2aaaab9945d3] #6 /lib64/tls/libc.so.6 [0x2aaaab999153] #7 /lib64/tls/libc.so.6(__libc_free+0x77) [0x2aaaab99a8a7] #8 winbindd [0x44db5d] #9 winbindd(async_request+0x9a) [0x44e1fa] #10 winbindd(init_child_connection+0x148) [0x43b9f8] #11 winbindd(rescan_trusted_domains+0xee) [0x43c18e] #12 winbindd(main+0x415) [0x434235] #13 /lib64/tls/libc.so.6(__libc_start_main+0xea) [0x2aaaab94e54a] #14 winbindd [0x432eaa] Could not receive async reply client_read: read 1828 bytes. Need 0 more for a full request. child daemon request 39 process_request: request fn GETUSERDOMGROUPS fetch_cache_seqnum: success [BIOWISDOM][4740154 @ 1126346550] refresh_sequence_number: BIOWISDOM seq number is now 4740154 centry_expired: Key UG/S-1-5-21-73586283-1645522239-682003330-501 for domain BIOWISDOM is good. wcache_fetch: returning entry UG/S-1-5-21-73586283-1645522239-682003330-501 for domain BIOWISDOM lookup_usergroups: [Cached] - cached info for domain BIOWISDOM status Success Storing response for pid 16881, len 1417 Storing extra data: len=113 =============================================================== INTERNAL ERROR: Signal 6 in pid 16881 (3.0.20-3-devel-SUSE) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== smb_panic: clobber_region() last called from [sprintf_append(2206)] PANIC: internal error BACKTRACE: 12 stack frames: #0 winbindd(smb_panic2+0x108) [0x495438] #1 winbindd [0x4831b6] #2 /lib64/tls/libc.so.6 [0x2aaaab95ff00] #3 /lib64/tls/libc.so.6(gsignal+0x39) [0x2aaaab95fe79] #4 /lib64/tls/libc.so.6(abort+0x13f) [0x2aaaab96148f] #5 /lib64/tls/libc.so.6 [0x2aaaab9945d3] #6 /lib64/tls/libc.so.6 [0x2aaaab999153] #7 /lib64/tls/libc.so.6(__libc_free+0x77) [0x2aaaab99a8a7] #8 winbindd [0x44db5d] #9 winbindd(main+0x8dc) [0x4346fc] #10 /lib64/tls/libc.so.6(__libc_start_main+0xea) [0x2aaaab94e54a] #11 winbindd [0x432eaa] Could not receive async reply