The Samba-Bugzilla – Attachment 1430 Details for
Bug 3082
Winbindd internal error doing group lookup on x86_64
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Winbindd debug output (winbindd -d 10 -i)
winbindd.log (text/plain), 112.03 KB, created by
Robin Hill
on 2005-09-10 03:15:52 UTC
(
hide
)
Description:
Winbindd debug output (winbindd -d 10 -i)
Filename:
MIME Type:
Creator:
Robin Hill
Created:
2005-09-10 03:15:52 UTC
Size:
112.03 KB
patch
obsolete
>Started with winbindd -d 10 -i >============================== > >winbindd version 3.0.20-3-devel-SUSE started. >Copyright The Samba Team 2000-2004 >lp_load: refreshing parameters >Initialising global parameters >params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >Processing section "[global]" >doing parameter utmp = yes >doing parameter workgroup = BIOWISDOM >doing parameter server string = SAMBA >doing parameter time server = yes >doing parameter interfaces = 127.0.0.1 eth0 >doing parameter bind interfaces only = true >doing parameter log file = /var/log/samba/log.%m >doing parameter security = ads >doing parameter realm = INTERNAL.BIOWISDOM.COM >doing parameter password server = * >doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >doing parameter local master = no >doing parameter dns proxy = yes >doing parameter encrypt passwords = yes >doing parameter client plaintext auth = no >doing parameter client lanman auth = no >doing parameter client ntlmv2 auth = yes >doing parameter idmap backend = ldap:ldap://ls-ukdevel01.internal.biowisdom.com >doing parameter idmap uid = 10000-20000 >doing parameter idmap gid = 10000-20000 >doing parameter winbind enum users = yes >doing parameter winbind enum groups = yes >doing parameter winbind use default domain = yes >doing parameter winbind cache time = 600 >doing parameter template homedir = /home/%U >doing parameter template shell = /bin/bash >doing parameter ldap suffix = dc=internal,dc=biowisdom,dc=com >doing parameter ldap idmap suffix = ou=Idmap >doing parameter ldap group suffix = ou=Groups >doing parameter ldap user suffix = ou=People >doing parameter ldap admin dn = cn=smbadmin,dc=internal,dc=biowisdom,dc=com >pm_process() returned Yes >lp_servicenumber: couldn't find homes >add_a_service: Creating snum = 0 for IPC$ >adding IPC service >add_a_service: Creating snum = 1 for ADMIN$ >adding IPC service >set_server_role: role = ROLE_DOMAIN_MEMBER >Attempting to register new charset UCS-2LE >Registered charset UCS-2LE >Attempting to register new charset UTF-16LE >Registered charset UTF-16LE >Attempting to register new charset UCS-2BE >Registered charset UCS-2BE >Attempting to register new charset UTF-16BE >Registered charset UTF-16BE >Attempting to register new charset UTF8 >Registered charset UTF8 >Attempting to register new charset UTF-8 >Registered charset UTF-8 >Attempting to register new charset ASCII >Registered charset ASCII >Attempting to register new charset 646 >Registered charset 646 >Attempting to register new charset ISO-8859-1 >Registered charset ISO-8859-1 >Attempting to register new charset UCS2-HEX >Registered charset UCS2-HEX >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >Substituting charset 'UTF-8' for LOCALE >added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 >added interface ip=192.168.1.17 bcast=192.168.1.255 nmask=255.255.255.0 >Netbios name list:- >my_netbios_names[0]="LS-UKDBASE03" >added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 >added interface ip=192.168.1.17 bcast=192.168.1.255 nmask=255.255.255.0 >Opening cache file at /var/lib/samba/gencache.tdb >namecache_enable: enabling netbios namecache, timeout 660 seconds >smb_register_idmap: Successfully added idmap backend 'ldap' >smb_register_idmap: Successfully added idmap backend 'tdb' >db_idmap_init: Opening tdbfile /var/lib/samba/winbindd_idmap.tdb >idmap_init: using 'ldap' as remote backend >smbldap_search_ext: base => [ou=Idmap,dc=internal,dc=biowisdom,dc=com], filter => [(objectclass=sambaUnixIdPool)], scope => [2] >The connection to the LDAP server was closed >smbldap_open_connection: ldap://ls-ukdevel01.internal.biowisdom.com >smbldap_open_connection: connection opened >ldap_connect_system: Binding to ldap server ldap://ls-ukdevel01.internal.biowisdom.com as "cn=smbadmin,dc=internal,dc=biowisdom,dc=com" >ldap_connect_system: succesful connection to the LDAP server >ldap_connect_system: LDAP server does support paged results >The LDAP server is succesfully connected >fcntl_lock 8 6 0 1 1 >fcntl_lock: Lock call successful >Registered MSG_REQ_POOL_USAGE >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Added domain BIOWISDOM INTERNAL.BIOWISDOM.COM S-1-5-21-73586283-1645522239-682003330 >Added domain BUILTIN S-1-5-32 >Added domain LS-UKDBASE03 S-1-5-21-3893962149-402388542-230415780 >open_winbindd_socket: opened socket fd 11 >open_winbindd_priv_socket: opened socket fd 13 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 40 >process_request: request fn INIT_CONNECTION >Connection to for domain BIOWISDOM has NULL cli! >Using cleartext machine password >get_sorted_dc_list: attempting lookup using [lmhosts wins host bcast] >internal_resolve_name: looking up BIOWISDOM#1c >Returning valid cache entry: key = NBT/BIOWISDOM#1C, value = 192.168.1.21:0,192.168.1.22:0, timeout = Sat Sep 10 11:12:44 2005 > >name BIOWISDOM#1C found. >Adding 2 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 2 ip addresses in an unordered list >get_dc_list: 192.168.1.21:0 192.168.1.22:0 >fcntl_lock 13 6 0 1 0 >fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) >fcntl_lock: lock failed at offset 0 count 1 op 6 type 0 (Resource temporarily unavailable) >send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from LS-UKDBASE03<00> to BIOWISDOM<1c> IP 192.168.1.21 >Received packet for \MAILSLOT\NET\GETDC1501A8C0 >GetDC gave name WS-UKCOMMS for domain BIOWISDOM >cm_get_ipc_userpass: No auth-user defined >secrets_named_mutex: got mutex for WS-UKCOMMS >write_socket(12,183) >write_socket(12,183) wrote 183 >got smb length of 191 >size=191 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55297 >smb_tid=0 >smb_pid=16878 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]= 6784 (0x1A80) >smb_vwv[12]=29532 (0x735C) >smb_vwv[13]=61113 (0xEEB9) >smb_vwv[14]=50613 (0xC5B5) >smb_vwv[15]=50177 (0xC401) >smb_vwv[16]= 255 (0xFF) >smb_bcc=122 >[000] 84 B3 15 0D 4F 3A B6 47 B1 AA 92 8D 93 0E 84 20 ....O:.G ....... >[010] 60 68 06 06 2B 06 01 05 05 02 A0 5E 30 5C A0 30 `h..+... ...^0\.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 28 30 26 A0 24 1B 22 77 73 2D 75 6B 63 6F 6D .(0&.$." ws-ukcom >[060] 6D 73 24 40 49 4E 54 45 52 4E 41 4C 2E 42 49 4F ms$@INTE RNAL.BIO >[070] 57 49 53 44 4F 4D 2E 43 4F 4D WISDOM.C OM >size=191 >smb_com=0x72 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55297 >smb_tid=0 >smb_pid=16878 >smb_uid=0 >smb_mid=1 >smt_wct=17 >smb_vwv[ 0]= 8 (0x8) >smb_vwv[ 1]=12807 (0x3207) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 65 (0x41) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]=64768 (0xFD00) >smb_vwv[10]= 243 (0xF3) >smb_vwv[11]= 6784 (0x1A80) >smb_vwv[12]=29532 (0x735C) >smb_vwv[13]=61113 (0xEEB9) >smb_vwv[14]=50613 (0xC5B5) >smb_vwv[15]=50177 (0xC401) >smb_vwv[16]= 255 (0xFF) >smb_bcc=122 >[000] 84 B3 15 0D 4F 3A B6 47 B1 AA 92 8D 93 0E 84 20 ....O:.G ....... >[010] 60 68 06 06 2B 06 01 05 05 02 A0 5E 30 5C A0 30 `h..+... ...^0\.0 >[020] 30 2E 06 09 2A 86 48 82 F7 12 01 02 02 06 09 2A 0...*.H. .......* >[030] 86 48 86 F7 12 01 02 02 06 0A 2A 86 48 86 F7 12 .H...... ..*.H... >[040] 01 02 02 03 06 0A 2B 06 01 04 01 82 37 02 02 0A ......+. ....7... >[050] A3 28 30 26 A0 24 1B 22 77 73 2D 75 6B 63 6F 6D .(0&.$." ws-ukcom >[060] 6D 73 24 40 49 4E 54 45 52 4E 41 4C 2E 42 49 4F ms$@INTE RNAL.BIO >[070] 57 49 53 44 4F 4D 2E 43 4F 4D WISDOM.C OM >Serverzone is -3600 >connecting to WS-UKCOMMS from LS-UKDBASE03 with kerberos principal [LS-UKDBASE03$@INTERNAL.BIOWISDOM.COM] >Doing spnego session setup (blob length=122) >got OID=1 2 840 48018 1 2 2 >got OID=1 2 840 113554 1 2 2 >got OID=1 2 840 113554 1 2 2 3 >got OID=1 3 6 1 4 1 311 2 2 10 >got principal=ws-ukcomms$@INTERNAL.BIOWISDOM.COM >Doing kerberos session setup >Ticket in ccache[MEMORY:cliconnect] expiration Sat, 10 Sep 2005 21:02:16 GMT >ads_krb5_mk_req: Ticket (ws-ukcomms$@INTERNAL.BIOWISDOM.COM) in ccache (MEMORY:cliconnect) is valid until: (Sat, 10 Sep 2005 21:02:16 GMT - 1126382536) >Got KRB5 session key of length 16 >SMB signing enabled! >cli_simple_set_signing: user_session_key >[000] 24 64 15 16 7E 17 15 BB 9F 2D A9 AB 1E 10 B4 A8 $d..~... .-...... >cli_simple_set_signing: NULL response_data >simple_packet_signature: sequence number 0 >client_sign_outgoing_message: sent SMB signature of >[000] DB 8A 13 11 82 25 5D DC .....%]. >store_sequence_for_reply: stored seq = 1 mid = 2 >write_socket(12,1332) >write_socket(12,1332) wrote 1332 >got smb length of 143 >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=0 >smb_pid=16878 >smb_uid=45056 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >get_sequence_for_reply: found seq = 1 mid = 2 >simple_packet_signature: sequence number 1 >client_check_incoming_message: seq 1: got good SMB signature of >[000] 04 EA 8A F7 37 A6 75 5B ....7.u[ >size=143 >smb_com=0x73 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=0 >smb_pid=16878 >smb_uid=45056 >smb_mid=2 >smt_wct=4 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 143 (0x8F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 26 (0x1A) >smb_bcc=100 >[000] A1 18 30 16 A0 03 0A 01 00 A1 0B 06 09 2A 86 48 ..0..... .....*.H >[010] 82 F7 12 01 02 02 A2 02 04 00 00 57 00 69 00 6E ........ ...W.i.n >[020] 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 .d.o.w.s . .5...0 >[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s >[040] 00 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 . .2.0.0 .0. .L.A >[050] 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 .N. .M.a .n.a.g.e >[060] 00 72 00 00 .r.. >simple_packet_signature: sequence number 2 >client_sign_outgoing_message: sent SMB signature of >[000] 04 31 2C FB BB FE CE D2 .1,..... >store_sequence_for_reply: stored seq = 3 mid = 3 >write_socket(12,88) >write_socket(12,88) wrote 88 >got smb length of 48 >size=48 >smb_com=0x75 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=3 >smt_wct=3 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 1 (0x1) >smb_bcc=7 >[000] 49 50 43 00 00 00 00 IPC.... >get_sequence_for_reply: found seq = 3 mid = 3 >simple_packet_signature: sequence number 3 >client_check_incoming_message: seq 3: got good SMB signature of >[000] EE 07 CE 7D 05 BF 88 D3 ...}.... >secrets_named_mutex: released mutex for WS-UKCOMMS >simple_packet_signature: sequence number 4 >client_sign_outgoing_message: sent SMB signature of >[000] 2B 87 F2 C0 DA 33 27 62 +....3'b >store_sequence_for_reply: stored seq = 5 mid = 4 >write_socket(12,104) >write_socket(12,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=4 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 768 (0x300) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 5 mid = 4 >simple_packet_signature: sequence number 5 >client_check_incoming_message: seq 5: got good SMB signature of >[000] 59 6D 33 45 F0 4C 62 6A Ym3E.Lbj >Bind RPC Pipe[4003]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 j(.9.... ....O... >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000001 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 3919286a > 0024 data : b10c > 0026 data : 11d0 > 0028 data : 9b a8 > 002a data : 00 c0 4f d9 2e f5 > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:4003 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=5 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16387 (0x4003) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j >[030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 6 >client_sign_outgoing_message: sent SMB signature of >[000] F2 AA 4F 90 67 05 2C EB ..O.g.,. >store_sequence_for_reply: stored seq = 7 mid = 5 >write_socket(12,158) >write_socket(12,158) wrote 158 >get_sequence_for_reply: found seq = 7 mid = 5 >cli_signing_trans_start: storing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... >[010] 00 B8 10 B8 10 56 86 02 00 0C 00 5C 50 49 50 45 .....V.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 47 82 01 00 00 00 00 00 00 \lsass.G ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 7 >client_check_incoming_message: seq 7: got good SMB signature of >[000] 53 FF 27 AC F1 68 17 42 S.'..h.B >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=5 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 H....... .D...... >[010] 00 B8 10 B8 10 56 86 02 00 0C 00 5C 50 49 50 45 .....V.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 47 82 01 00 00 00 00 00 00 \lsass.G ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 7, send_seq_num = 6 data->send_seq_num = 8 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000001 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00028656 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_getprimdominfo > 0000 level: 0001 >create_rpc_request: opnum: 0x0 data_len: 0x1a >create_rpc_request: data_len: 1a auth_len: 0 alloc_hint: a >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001a > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000000a > 0014 context_id: 0000 > 0016 opnum : 0000 >rpc_api_pipe: fnum:4003 >size=108 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=6 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 26 (0x1A) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 26 (0x1A) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16387 (0x4003) >smb_bcc=41 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 0A ........ ........ >[020] 00 00 00 00 00 00 00 01 00 ........ . >simple_packet_signature: sequence number 8 >client_sign_outgoing_message: sent SMB signature of >[000] C4 86 B0 0F D9 5E AD CB .....^.. >store_sequence_for_reply: stored seq = 9 mid = 6 >write_socket(12,112) >write_socket(12,112) wrote 112 >get_sequence_for_reply: found seq = 9 mid = 6 >cli_signing_trans_start: storing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >got smb length of 280 >size=280 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 224 (0xE0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 224 (0xE0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=225 >[000] 1A 05 00 02 03 10 00 00 00 E0 00 00 00 02 00 00 ........ ........ >[010] 00 C8 00 00 00 00 00 00 00 68 72 31 0D 01 00 00 ........ .hr1.... >[020] 00 04 00 00 00 01 00 00 01 C0 5F 25 0D 20 46 2F ........ .._%. F/ >[030] 0D 30 F0 12 00 11 45 71 7C F4 DD 62 45 BF F8 51 .0....Eq |..bE..Q >[040] A0 2A DB B0 EB 0A 00 00 00 00 00 00 00 0A 00 00 .*...... ........ >[050] 00 42 00 49 00 4F 00 57 00 49 00 53 00 44 00 4F .B.I.O.W .I.S.D.O >[060] 00 4D 00 00 00 17 00 00 00 00 00 00 00 17 00 00 .M...... ........ >[070] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l >[080] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d >[090] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.m...c .o.m.... >[0A0] 00 17 00 00 00 00 00 00 00 17 00 00 00 69 00 6E ........ .....i.n >[0B0] 00 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 62 .t.e.r.n .a.l...b >[0C0] 00 69 00 6F 00 77 00 69 00 73 00 64 00 6F 00 6D .i.o.w.i .s.d.o.m >[0D0] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 00 00 ...c.o.m ........ >[0E0] 00 . >simple_packet_signature: sequence number 9 >client_check_incoming_message: seq 9: got good SMB signature of >[000] E5 2B 31 BD D8 F6 EA 38 .+1....8 >size=280 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=6 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 224 (0xE0) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 224 (0xE0) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=225 >[000] 1A 05 00 02 03 10 00 00 00 E0 00 00 00 02 00 00 ........ ........ >[010] 00 C8 00 00 00 00 00 00 00 68 72 31 0D 01 00 00 ........ .hr1.... >[020] 00 04 00 00 00 01 00 00 01 C0 5F 25 0D 20 46 2F ........ .._%. F/ >[030] 0D 30 F0 12 00 11 45 71 7C F4 DD 62 45 BF F8 51 .0....Eq |..bE..Q >[040] A0 2A DB B0 EB 0A 00 00 00 00 00 00 00 0A 00 00 .*...... ........ >[050] 00 42 00 49 00 4F 00 57 00 49 00 53 00 44 00 4F .B.I.O.W .I.S.D.O >[060] 00 4D 00 00 00 17 00 00 00 00 00 00 00 17 00 00 .M...... ........ >[070] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l >[080] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d >[090] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 00 00 00 .o.m...c .o.m.... >[0A0] 00 17 00 00 00 00 00 00 00 17 00 00 00 69 00 6E ........ .....i.n >[0B0] 00 74 00 65 00 72 00 6E 00 61 00 6C 00 2E 00 62 .t.e.r.n .a.l...b >[0C0] 00 69 00 6F 00 77 00 69 00 73 00 64 00 6F 00 6D .i.o.w.i .s.d.o.m >[0D0] 00 2E 00 63 00 6F 00 6D 00 00 00 00 00 00 00 00 ...c.o.m ........ >[0E0] 00 . >cli_signing_trans_stop: freeing mid = 6, reply_seq_num = 9, send_seq_num = 8 data->send_seq_num = 10 >rpc_check_hdr: rdata->data_size = 224 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00e0 > 000a auth_len : 0000 > 000c call_id : 00000002 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000c8 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 224 >rpc_api_pipe: fragment first and last both set >000018 ds_io_r_getprimdominfo > 0018 ptr: 0d317268 > 001c level: 0001 > 001e unknown0: 0000 > 0020 machine_role: 0004 > 0022 unknown: 0000 > 0024 flags: 01000001 > 0028 netbios_ptr: 0d255fc0 > 002c dnsname_ptr: 0d2f4620 > 0030 forestname_ptr: 0012f030 > 000034 smb_io_uuid domain_guid > 0034 data : 7c714511 > 0038 data : ddf4 > 003a data : 4562 > 003c data : bf f8 > 003e data : 51 a0 2a db b0 eb > 000044 smb_io_unistr2 netbios_domain > 0044 uni_max_len: 0000000a > 0048 offset : 00000000 > 004c uni_str_len: 0000000a > 0050 buffer : B.I.O.W.I.S.D.O.M... > 000064 smb_io_unistr2 dns_domain > 0064 uni_max_len: 00000017 > 0068 offset : 00000000 > 006c uni_str_len: 00000017 > 0070 buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m... > 0000a0 smb_io_unistr2 forest_domain > 00a0 uni_max_len: 00000017 > 00a4 offset : 00000000 > 00a8 uni_str_len: 00000017 > 00ac buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m... > 00dc status: NT_STATUS_OK >simple_packet_signature: sequence number 10 >client_sign_outgoing_message: sent SMB signature of >[000] 4A 25 B6 31 58 DA 53 4E J%.1X.SN >store_sequence_for_reply: stored seq = 11 mid = 7 >write_socket(12,45) >write_socket(12,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=7 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 11 mid = 7 >simple_packet_signature: sequence number 11 >client_check_incoming_message: seq 11: got good SMB signature of >[000] 96 CE 75 62 25 64 8A 8B ..ub%d.. >simple_packet_signature: sequence number 12 >client_sign_outgoing_message: sent SMB signature of >[000] 54 57 39 28 ED 75 42 08 TW9(.uB. >store_sequence_for_reply: stored seq = 13 mid = 8 >write_socket(12,104) >write_socket(12,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=8 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3584 (0xE00) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 13 mid = 8 >simple_packet_signature: sequence number 13 >client_check_incoming_message: seq 13: got good SMB signature of >[000] 6D 3C 60 1A 02 DD D8 C4 m<`..... >Bind RPC Pipe[400e]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000003 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:400e >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=9 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16398 (0x400E) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 14 >client_sign_outgoing_message: sent SMB signature of >[000] B9 16 36 61 C9 7A 14 05 ..6a.z.. >store_sequence_for_reply: stored seq = 15 mid = 9 >write_socket(12,158) >write_socket(12,158) wrote 158 >get_sequence_for_reply: found seq = 15 mid = 9 >cli_signing_trans_start: storing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... >[010] 00 B8 10 B8 10 57 86 02 00 0C 00 5C 50 49 50 45 .....W.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 15 >client_check_incoming_message: seq 15: got good SMB signature of >[000] 38 38 20 92 63 AE 48 3C 88 .c.H< >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=9 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 H....... .D...... >[010] 00 B8 10 B8 10 57 86 02 00 0C 00 5C 50 49 50 45 .....W.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 01 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 9, reply_seq_num = 15, send_seq_num = 14 data->send_seq_num = 16 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000003 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00028657 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >init_lsa_sec_qos >init_q_open_pol2: attr:0 da:33554432 >init_lsa_obj_attr >000000 lsa_io_q_open_pol2 > 0000 ptr : 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 00000001 > 0008 offset : 00000000 > 000c uni_str_len: 00000001 > 0010 buffer : .. > 000012 lsa_io_obj_attr > 0014 len : 00000018 > 0018 ptr_root_dir: 00000000 > 001c ptr_obj_name: 00000000 > 0020 attributes : 00000000 > 0024 ptr_sec_desc: 00000000 > 0028 ptr_sec_qos : 00000001 > 00002c lsa_io_obj_qos sec_qos > 002c len : 0000000c > 0030 sec_imp_level : 0002 > 0032 sec_ctxt_mode : 01 > 0033 effective_only: 00 >lsa_io_sec_qos: length c does not match size 8 > 0034 des_access: 02000000 >create_rpc_request: opnum: 0x2c data_len: 0x50 >create_rpc_request: data_len: 50 auth_len: 0 alloc_hint: 40 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000040 > 0014 context_id: 0000 > 0016 opnum : 002c >rpc_api_pipe: fnum:400e >size=162 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=10 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 80 (0x50) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 80 (0x50) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16398 (0x400E) >smb_bcc=95 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 40 .......P .......@ >[020] 00 00 00 00 00 2C 00 01 00 00 00 01 00 00 00 00 .....,.. ........ >[030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ >[040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ........ ........ >[050] 00 00 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... >simple_packet_signature: sequence number 16 >client_sign_outgoing_message: sent SMB signature of >[000] 56 80 5C 9F 49 14 F3 25 V.\.I..% >store_sequence_for_reply: stored seq = 17 mid = 10 >write_socket(12,166) >write_socket(12,166) wrote 166 >get_sequence_for_reply: found seq = 17 mid = 10 >cli_signing_trans_start: storing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 EE 55 CF ........ ......U. >[020] 59 D8 58 D7 4C 85 78 FF 29 15 AA B1 B2 00 00 00 Y.X.L.x. )....... >[030] 00 . >simple_packet_signature: sequence number 17 >client_check_incoming_message: seq 17: got good SMB signature of >[000] E9 EF 0B 83 51 84 EF B8 ....Q... >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=10 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 50 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 P....... .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 EE 55 CF ........ ......U. >[020] 59 D8 58 D7 4C 85 78 FF 29 15 AA B1 B2 00 00 00 Y.X.L.x. )....... >[030] 00 . >cli_signing_trans_stop: freeing mid = 10, reply_seq_num = 17, send_seq_num = 16 data->send_seq_num = 18 >rpc_check_hdr: rdata->data_size = 48 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 48 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_open_pol2 > 000018 smb_io_pol_hnd > 0018 data1: 00000000 > 001c data2: 59cf55ee > 0020 data3: 58d8 > 0022 data4: 4cd7 > 0024 data5: 85 78 ff 29 15 aa b1 b2 > 002c status: NT_STATUS_OK >init_q_query2 >000000 lsa_io_q_query_info2 > 000000 smb_io_pol_hnd pol > 0000 data1: 00000000 > 0004 data2: 59cf55ee > 0008 data3: 58d8 > 000a data4: 4cd7 > 000c data5: 85 78 ff 29 15 aa b1 b2 > 0014 info_class: 000c >create_rpc_request: opnum: 0x2e data_len: 0x2e >create_rpc_request: data_len: 2e auth_len: 0 alloc_hint: 1e >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 0000001e > 0014 context_id: 0000 > 0016 opnum : 002e >rpc_api_pipe: fnum:400e >size=128 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=11 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 46 (0x2E) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 46 (0x2E) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16398 (0x400E) >smb_bcc=61 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 1E ........ ........ >[020] 00 00 00 00 00 2E 00 00 00 00 00 EE 55 CF 59 D8 ........ ....U.Y. >[030] 58 D7 4C 85 78 FF 29 15 AA B1 B2 0C 00 X.L.x.). ..... >simple_packet_signature: sequence number 18 >client_sign_outgoing_message: sent SMB signature of >[000] 61 84 D8 2D 68 73 F0 CE a..-hs.. >store_sequence_for_reply: stored seq = 19 mid = 11 >write_socket(12,132) >write_socket(12,132) wrote 132 >get_sequence_for_reply: found seq = 19 mid = 11 >cli_signing_trans_start: storing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >got smb length of 308 >size=308 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 252 (0xFC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 252 (0xFC) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=253 >[000] 2E 05 00 02 03 10 00 00 00 FC 00 00 00 05 00 00 ........ ........ >[010] 00 E4 00 00 00 00 00 00 00 30 F0 12 00 0C 00 00 ........ .0...... >[020] 00 12 00 14 00 D8 D5 2C 0D 2C 00 2E 00 20 46 2F ......., .,... F/ >[030] 0D 2C 00 2E 00 00 96 15 00 11 45 71 7C F4 DD 62 .,...... ..Eq|..b >[040] 45 BF F8 51 A0 2A DB B0 EB 20 5F 2C 0D 0A 00 00 E..Q.*.. . _,.... >[050] 00 00 00 00 00 09 00 00 00 42 00 49 00 4F 00 57 ........ .B.I.O.W >[060] 00 49 00 53 00 44 00 4F 00 4D 00 00 00 17 00 00 .I.S.D.O .M...... >[070] 00 00 00 00 00 16 00 00 00 69 00 6E 00 74 00 65 ........ .i.n.t.e >[080] 00 72 00 6E 00 61 00 6C 00 2E 00 62 00 69 00 6F .r.n.a.l ...b.i.o >[090] 00 77 00 69 00 73 00 64 00 6F 00 6D 00 2E 00 63 .w.i.s.d .o.m...c >[0A0] 00 6F 00 6D 00 17 00 00 00 00 00 00 00 16 00 00 .o.m.... ........ >[0B0] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l >[0C0] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d >[0D0] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 04 00 00 .o.m...c .o.m.... >[0E0] 00 01 04 00 00 00 00 00 05 15 00 00 00 6B D6 62 ........ .....k.b >[0F0] 04 3F AD 14 62 82 8B A6 28 00 00 00 00 .?..b... (.... >simple_packet_signature: sequence number 19 >client_check_incoming_message: seq 19: got good SMB signature of >[000] F9 D8 AF 9A 57 63 3D A5 ....Wc=. >size=308 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=11 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 252 (0xFC) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 252 (0xFC) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=253 >[000] 2E 05 00 02 03 10 00 00 00 FC 00 00 00 05 00 00 ........ ........ >[010] 00 E4 00 00 00 00 00 00 00 30 F0 12 00 0C 00 00 ........ .0...... >[020] 00 12 00 14 00 D8 D5 2C 0D 2C 00 2E 00 20 46 2F ......., .,... F/ >[030] 0D 2C 00 2E 00 00 96 15 00 11 45 71 7C F4 DD 62 .,...... ..Eq|..b >[040] 45 BF F8 51 A0 2A DB B0 EB 20 5F 2C 0D 0A 00 00 E..Q.*.. . _,.... >[050] 00 00 00 00 00 09 00 00 00 42 00 49 00 4F 00 57 ........ .B.I.O.W >[060] 00 49 00 53 00 44 00 4F 00 4D 00 00 00 17 00 00 .I.S.D.O .M...... >[070] 00 00 00 00 00 16 00 00 00 69 00 6E 00 74 00 65 ........ .i.n.t.e >[080] 00 72 00 6E 00 61 00 6C 00 2E 00 62 00 69 00 6F .r.n.a.l ...b.i.o >[090] 00 77 00 69 00 73 00 64 00 6F 00 6D 00 2E 00 63 .w.i.s.d .o.m...c >[0A0] 00 6F 00 6D 00 17 00 00 00 00 00 00 00 16 00 00 .o.m.... ........ >[0B0] 00 69 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C .i.n.t.e .r.n.a.l >[0C0] 00 2E 00 62 00 69 00 6F 00 77 00 69 00 73 00 64 ...b.i.o .w.i.s.d >[0D0] 00 6F 00 6D 00 2E 00 63 00 6F 00 6D 00 04 00 00 .o.m...c .o.m.... >[0E0] 00 01 04 00 00 00 00 00 05 15 00 00 00 6B D6 62 ........ .....k.b >[0F0] 04 3F AD 14 62 82 8B A6 28 00 00 00 00 .?..b... (.... >cli_signing_trans_stop: freeing mid = 11, reply_seq_num = 19, send_seq_num = 18 data->send_seq_num = 20 >rpc_check_hdr: rdata->data_size = 252 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00fc > 000a auth_len : 0000 > 000c call_id : 00000005 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000e4 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 252 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_query_info2 > 0018 ptr: 0012f030 > 001c info_class: 000c > 00001e lsa_io_dns_dom_info info12 > 000020 smb_io_unihdr nb_name > 0020 uni_str_len: 0012 > 0022 uni_max_len: 0014 > 0024 buffer : 0d2cd5d8 > 000028 smb_io_unihdr dns_name > 0028 uni_str_len: 002c > 002a uni_max_len: 002e > 002c buffer : 0d2f4620 > 000030 smb_io_unihdr forest > 0030 uni_str_len: 002c > 0032 uni_max_len: 002e > 0034 buffer : 00159600 > 000038 smb_io_uuid dom_guid > 0038 data : 7c714511 > 003c data : ddf4 > 003e data : 4562 > 0040 data : bf f8 > 0042 data : 51 a0 2a db b0 eb > 0048 dom_sid: 0d2c5f20 > 00004c smb_io_unistr2 nb_name > 004c uni_max_len: 0000000a > 0050 offset : 00000000 > 0054 uni_str_len: 00000009 > 0058 buffer : B.I.O.W.I.S.D.O.M. > 00006a smb_io_unistr2 dns_name > 006c uni_max_len: 00000017 > 0070 offset : 00000000 > 0074 uni_str_len: 00000016 > 0078 buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m. > 0000a4 smb_io_unistr2 forest > 00a4 uni_max_len: 00000017 > 00a8 offset : 00000000 > 00ac uni_str_len: 00000016 > 00b0 buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m. > 0000dc smb_io_dom_sid2 dom_sid > 00dc num_auths: 00000004 > 0000e0 smb_io_dom_sid sid > 00e0 sid_rev_num: 01 > 00e1 num_auths : 04 > 00e2 id_auth[0] : 00 > 00e3 id_auth[1] : 00 > 00e4 id_auth[2] : 00 > 00e5 id_auth[3] : 00 > 00e6 id_auth[4] : 00 > 00e7 id_auth[5] : 05 > 00e8 sub_auths : 00000015 0462d66b 6214ad3f 28a68b82 > 00f8 status: NT_STATUS_OK >simple_packet_signature: sequence number 20 >client_sign_outgoing_message: sent SMB signature of >[000] 73 D7 01 26 85 49 15 9E s..&.I.. >store_sequence_for_reply: stored seq = 21 mid = 12 >write_socket(12,45) >write_socket(12,45) wrote 45 >got smb length of 35 >size=35 >smb_com=0x4 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=12 >smt_wct=0 >smb_bcc=0 >get_sequence_for_reply: found seq = 21 mid = 12 >simple_packet_signature: sequence number 21 >client_check_incoming_message: seq 21: got good SMB signature of >[000] CD E8 FE 69 DF B4 91 F1 ...i.... >Storing response for pid 16878, len 1304 >Retrieving response for pid 16878 >Received child initialization response for domain BIOWISDOM >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 17 >process_request: request fn LIST_TRUSTDOM >[16876]: list trusted domains >trusted_domains: [Cached] - doing backend query for info for domain BIOWISDOM >ads: trusted_domains >Using cleartext machine password >simple_packet_signature: sequence number 22 >client_sign_outgoing_message: sent SMB signature of >[000] E6 89 DF 98 54 E3 07 FC ....T... >store_sequence_for_reply: stored seq = 23 mid = 13 >write_socket(12,108) >write_socket(12,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=13 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 3072 (0xC00) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 23 mid = 13 >simple_packet_signature: sequence number 23 >client_check_incoming_message: seq 23: got good SMB signature of >[000] C2 95 77 79 6C 2D EB 04 ..wyl-.. >Bind RPC Pipe[400c]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000006 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:400c >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=14 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16396 (0x400C) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 24 >client_sign_outgoing_message: sent SMB signature of >[000] 31 46 33 A8 C6 D0 0A A9 1F3..... >store_sequence_for_reply: stored seq = 25 mid = 14 >write_socket(12,158) >write_socket(12,158) wrote 158 >get_sequence_for_reply: found seq = 25 mid = 14 >cli_signing_trans_start: storing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... >[010] 00 B8 10 B8 10 58 86 02 00 0C 00 5C 50 49 50 45 .....X.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 2C 0D 01 00 00 00 00 00 00 \lsass., ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 25 >client_check_incoming_message: seq 25: got good SMB signature of >[000] 2D FA 4E BE 5F 08 FA 57 -.N._..W >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=14 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 H....... .D...... >[010] 00 B8 10 B8 10 58 86 02 00 0C 00 5C 50 49 50 45 .....X.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 2C 0D 01 00 00 00 00 00 00 \lsass., ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 14, reply_seq_num = 25, send_seq_num = 24 data->send_seq_num = 26 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000006 >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00028658 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >cli_net_req_chal: LSA Request Challenge from LS-UKDBASE03 to \\WS-UKCOMMS >init_q_req_chal: 676 >init_q_req_chal: 685 >000000 net_io_q_req_chal > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.S.-.U.K.C.O.M.M.S... > 00002a smb_io_unistr2 > 002c uni_max_len: 0000000d > 0030 offset : 00000000 > 0034 uni_str_len: 0000000d > 0038 buffer : L.S.-.U.K.D.B.A.S.E.0.3... > 000052 smb_io_chal > 0052 data: ee b1 34 aa 45 75 63 17 >create_rpc_request: opnum: 0x4 data_len: 0x72 >create_rpc_request: data_len: 72 auth_len: 0 alloc_hint: 62 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0072 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000062 > 0014 context_id: 0000 > 0016 opnum : 0004 >rpc_api_pipe: fnum:400c >size=196 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=15 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 114 (0x72) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 114 (0x72) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16396 (0x400C) >smb_bcc=129 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 72 00 00 00 07 00 00 00 62 .......r .......b >[020] 00 00 00 00 00 04 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 53 00 2D .......\ .\.W.S.- >[040] 00 55 00 4B 00 43 00 4F 00 4D 00 4D 00 53 00 00 .U.K.C.O .M.M.S.. >[050] 00 00 00 0D 00 00 00 00 00 00 00 0D 00 00 00 4C ........ .......L >[060] 00 53 00 2D 00 55 00 4B 00 44 00 42 00 41 00 53 .S.-.U.K .D.B.A.S >[070] 00 45 00 30 00 33 00 00 00 EE B1 34 AA 45 75 63 .E.0.3.. ...4.Euc >[080] 17 . >simple_packet_signature: sequence number 26 >client_sign_outgoing_message: sent SMB signature of >[000] B2 41 19 A0 74 31 B6 14 .A..t1.. >store_sequence_for_reply: stored seq = 27 mid = 15 >write_socket(12,200) >write_socket(12,200) wrote 200 >get_sequence_for_reply: found seq = 27 mid = 15 >cli_signing_trans_start: storing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 >got smb length of 92 >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 72 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 r....... .$...... >[010] 00 0C 00 00 00 00 00 00 00 62 F8 03 5E EE E1 DE ........ .b..^... >[020] 5F 00 00 00 00 _.... >simple_packet_signature: sequence number 27 >client_check_incoming_message: seq 27: got good SMB signature of >[000] 91 47 7F BE EA 04 1D 46 .G.....F >size=92 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=15 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 36 (0x24) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 36 (0x24) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=37 >[000] 72 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 r....... .$...... >[010] 00 0C 00 00 00 00 00 00 00 62 F8 03 5E EE E1 DE ........ .b..^... >[020] 5F 00 00 00 00 _.... >cli_signing_trans_stop: freeing mid = 15, reply_seq_num = 27, send_seq_num = 26 data->send_seq_num = 28 >rpc_check_hdr: rdata->data_size = 36 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000007 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 36 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_req_chal > 000018 smb_io_chal > 0018 data: 62 f8 03 5e ee e1 de 5f > 0020 status: NT_STATUS_OK >cred_session_key > clnt_chal: EEB134AA45756317 > srv_chal : 62F8035EEEE1DE5F > clnt+srv : 50AA380833574277 > sess_key : FFDA6F1B668321CD >cred_create > sess_key : FFDA6F1B668321CD > stor_cred: EEB134AA45756317 > timestamp: 0 > timecred : EEB134AA45756317 > calc_cred: 5711D96F35DE9DCB >cli_net_auth2: srv:\\WS-UKCOMMS acct:LS-UKDBASE03$ sc:2 mc: LS-UKDBASE03 neg: 400701ff >init_q_auth_2: 797 >make_log_info 1407 >init_q_auth_2: 803 >000000 net_io_q_auth_2 > 000000 smb_io_log_info > 0000 undoc_buffer: 00000001 > 000004 smb_io_unistr2 unistr2 > 0004 uni_max_len: 0000000d > 0008 offset : 00000000 > 000c uni_str_len: 0000000d > 0010 buffer : \.\.W.S.-.U.K.C.O.M.M.S... > 00002a smb_io_unistr2 unistr2 > 002c uni_max_len: 0000000e > 0030 offset : 00000000 > 0034 uni_str_len: 0000000e > 0038 buffer : L.S.-.U.K.D.B.A.S.E.0.3.$... > 0054 sec_chan: 0002 > 000056 smb_io_unistr2 unistr2 > 0058 uni_max_len: 0000000d > 005c offset : 00000000 > 0060 uni_str_len: 0000000d > 0064 buffer : L.S.-.U.K.D.B.A.S.E.0.3... > 00007e smb_io_chal > 007e data: 57 11 d9 6f 35 de 9d cb > 000086 net_io_neg_flags > 0088 neg_flags: 400701ff >create_rpc_request: opnum: 0xf data_len: 0xa4 >create_rpc_request: data_len: a4 auth_len: 0 alloc_hint: 94 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a4 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000094 > 0014 context_id: 0000 > 0016 opnum : 000f >rpc_api_pipe: fnum:400c >size=246 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=16 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 164 (0xA4) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 164 (0xA4) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16396 (0x400C) >smb_bcc=179 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 A4 00 00 00 08 00 00 00 94 ........ ........ >[020] 00 00 00 00 00 0F 00 01 00 00 00 0D 00 00 00 00 ........ ........ >[030] 00 00 00 0D 00 00 00 5C 00 5C 00 57 00 53 00 2D .......\ .\.W.S.- >[040] 00 55 00 4B 00 43 00 4F 00 4D 00 4D 00 53 00 00 .U.K.C.O .M.M.S.. >[050] 00 00 00 0E 00 00 00 00 00 00 00 0E 00 00 00 4C ........ .......L >[060] 00 53 00 2D 00 55 00 4B 00 44 00 42 00 41 00 53 .S.-.U.K .D.B.A.S >[070] 00 45 00 30 00 33 00 24 00 00 00 02 00 00 00 0D .E.0.3.$ ........ >[080] 00 00 00 00 00 00 00 0D 00 00 00 4C 00 53 00 2D ........ ...L.S.- >[090] 00 55 00 4B 00 44 00 42 00 41 00 53 00 45 00 30 .U.K.D.B .A.S.E.0 >[0A0] 00 33 00 00 00 57 11 D9 6F 35 DE 9D CB 00 00 FF .3...W.. o5...... >[0B0] 01 07 40 ..@ >simple_packet_signature: sequence number 28 >client_sign_outgoing_message: sent SMB signature of >[000] D9 F5 9F 98 68 9F 3A 6F ....h.:o >store_sequence_for_reply: stored seq = 29 mid = 16 >write_socket(12,250) >write_socket(12,250) wrote 250 >get_sequence_for_reply: found seq = 29 mid = 16 >cli_signing_trans_start: storing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 >got smb length of 96 >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] A4 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 7C 2E 58 75 E2 FD F2 ........ .|.Xu... >[020] C2 FF 01 07 40 00 00 00 00 ....@... . >simple_packet_signature: sequence number 29 >client_check_incoming_message: seq 29: got good SMB signature of >[000] 2E E1 AA A6 E8 BD 45 86 ......E. >size=96 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=16 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 40 (0x28) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 40 (0x28) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=41 >[000] A4 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... >[010] 00 10 00 00 00 00 00 00 00 7C 2E 58 75 E2 FD F2 ........ .|.Xu... >[020] C2 FF 01 07 40 00 00 00 00 ....@... . >cli_signing_trans_stop: freeing mid = 16, reply_seq_num = 29, send_seq_num = 28 data->send_seq_num = 30 >rpc_check_hdr: rdata->data_size = 40 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000008 >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 40 >rpc_api_pipe: fragment first and last both set >000018 net_io_r_auth_2 > 000018 smb_io_chal > 0018 data: 7c 2e 58 75 e2 fd f2 c2 > 000020 net_io_neg_flags > 0020 neg_flags: 400701ff > 0024 status: NT_STATUS_OK >cred_create > sess_key : FFDA6F1B668321CD > stor_cred: 62F8035EEEE1DE5F > timestamp: 0 > timecred : 62F8035EEEE1DE5F > calc_cred: 7C2E5875E2FDF2C2 >cred_assert > challenge : 7C2E5875E2FDF2C2 > calculated: 7C2E5875E2FDF2C2 >credentials check ok >simple_packet_signature: sequence number 30 >client_sign_outgoing_message: sent SMB signature of >[000] EC DA B3 86 12 61 B9 70 .....a.p >store_sequence_for_reply: stored seq = 31 mid = 17 >write_socket(12,108) >write_socket(12,108) wrote 108 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=17 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 256 (0x100) >smb_vwv[ 3]= 320 (0x140) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 31 mid = 17 >simple_packet_signature: sequence number 31 >client_check_incoming_message: seq 31: got good SMB signature of >[000] 4A BB 83 04 18 22 43 38 J...."C8 >Bind RPC Pipe[4001]: \PIPE\NETLOGON >Bind Abstract Syntax: [000] 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB xV4.4... ...#Eg.. >[010] 01 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr_auth hdr_auth > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_neg netsec_neg > 0008 type1: 00000000 > 000c type2: 00000003 >[000] 42 49 4F 57 49 53 44 4F 4D BIOWISDO M >[000] 4C 53 2D 55 4B 44 42 41 53 45 30 33 LS-UKDBA SE03 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006f > 000a auth_len : 001f > 000c call_id : 00000009 >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345678 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 cf fb > 0030 version: 00000001 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:4001 >size=193 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=18 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 111 (0x6F) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 111 (0x6F) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16385 (0x4001) >smb_bcc=126 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 6F 00 1F 00 09 00 00 00 B8 .......o ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ >[060] 00 00 00 03 00 00 00 42 49 4F 57 49 53 44 4F 4D .......B IOWISDOM >[070] 00 4C 53 2D 55 4B 44 42 41 53 45 30 33 00 .LS-UKDB ASE03. >simple_packet_signature: sequence number 32 >client_sign_outgoing_message: sent SMB signature of >[000] 2A CB 92 07 51 C0 B5 51 *...Q..Q >store_sequence_for_reply: stored seq = 33 mid = 18 >write_socket(12,197) >write_socket(12,197) wrote 197 >get_sequence_for_reply: found seq = 33 mid = 18 >cli_signing_trans_start: storing mid = 18, reply_seq_num = 33, send_seq_num = 32 data->send_seq_num = 34 >got smb length of 144 >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 6F 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 o....... .X...... >[010] 00 B8 10 B8 10 59 86 02 00 0C 00 5C 50 49 50 45 .....Y.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 00 00 ........ . >simple_packet_signature: sequence number 33 >client_check_incoming_message: seq 33: got good SMB signature of >[000] C2 A9 4A B4 02 1E 42 D7 ..J...B. >size=144 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=18 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 88 (0x58) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 88 (0x58) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=89 >[000] 6F 05 00 0C 03 10 00 00 00 58 00 0C 00 09 00 00 o....... .X...... >[010] 00 B8 10 B8 10 59 86 02 00 0C 00 5C 50 49 50 45 .....Y.. ...\PIPE >[020] 5C 6C 73 61 73 73 00 CD AB 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 44 06 00 00 01 00 00 00 01 00 00 `....D.. ........ >[050] 00 00 00 00 00 00 00 00 00 ........ . >cli_signing_trans_stop: freeing mid = 18, reply_seq_num = 33, send_seq_num = 32 data->send_seq_num = 34 >rpc_check_hdr: rdata->data_size = 88 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 000c > 000c call_id : 00000009 >rpc_api_pipe: len left: 0 smbtrans read: 88 >rpc_auth_pipe: pkt_type: 12 len: 88 auth_len: 12 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 00 > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00028659 > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >000000 ds_io_q_enum_domain_trusts > 0000 server_ptr: 00000001 > 000004 smb_io_unistr2 server > 0004 uni_max_len: 0000000b > 0008 offset : 00000000 > 000c uni_str_len: 0000000b > 0010 buffer : W.S.-.U.K.C.O.M.M.S... > 0028 flags: 00000003 >000030 smb_io_rpc_hdr_auth hdr_auth > 0030 auth_type : 44 > 0031 auth_level : 06 > 0032 auth_pad_len : 04 > 0033 auth_reserved: 00 > 0034 auth_context_id: 00000001 >SCHANNEL seq_num=0 >SCHANNEL: netsec_encode seq_num=0 data_len=48 >000038 smb_io_rpc_auth_netsec_chk > 0038 sig : 77 00 7a 00 ff ff 00 00 > 0040 seq_num: 8b 67 51 9a 22 20 f6 80 > 0048 packet_digest: 2d 18 bc 53 7a da 97 41 > 0050 confounder: fb d6 3d 4c a4 c9 04 9b >create_rpc_request: opnum: 0x28 data_len: 0x70 >create_rpc_request: data_len: 70 auth_len: 20 alloc_hint: 38 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0070 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000038 > 0014 context_id: 0000 > 0016 opnum : 0028 >rpc_api_pipe: fnum:4001 >size=194 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=19 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 112 (0x70) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 112 (0x70) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=16385 (0x4001) >smb_bcc=127 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 70 00 20 00 0A 00 00 00 38 .......p . .....8 >[020] 00 00 00 00 00 28 00 B7 31 1C 0E 02 5F C8 44 A4 .....(.. 1..._.D. >[030] D5 DD 60 F9 F6 ED 57 04 EB 0C 83 EC 7A 1C 3B 5E ..`...W. ....z.;^ >[040] 65 B0 B3 A5 A1 AC 1D 37 8A 2A 54 B4 B5 24 2F BC e......7 .*T..$/. >[050] 0F 58 5A 25 14 6A BF 44 06 04 00 01 00 00 00 77 .XZ%.j.D .......w >[060] 00 7A 00 FF FF 00 00 8B 67 51 9A 22 20 F6 80 2D .z...... gQ." ..- >[070] 18 BC 53 7A DA 97 41 FB D6 3D 4C A4 C9 04 9B ..Sz..A. .=L.... >simple_packet_signature: sequence number 34 >client_sign_outgoing_message: sent SMB signature of >[000] 2D 86 C0 A2 5F 67 A7 46 -..._g.F >store_sequence_for_reply: stored seq = 35 mid = 19 >write_socket(12,198) >write_socket(12,198) wrote 198 >get_sequence_for_reply: found seq = 35 mid = 19 >cli_signing_trans_start: storing mid = 19, reply_seq_num = 35, send_seq_num = 34 data->send_seq_num = 36 >got smb length of 312 >size=312 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=19 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 256 (0x100) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=257 >[000] 70 05 00 02 03 10 00 00 00 00 01 20 00 0A 00 00 p....... ... .... >[010] 00 B4 00 00 00 00 00 00 00 C8 C1 37 C6 1D CC F0 ........ ...7.... >[020] 2A 06 B2 7C 85 95 F0 02 CD 34 96 E7 00 5D BD 4D *..|.... .4...].M >[030] 6F FE CD BB A5 D3 79 3B 59 67 8F 5B F3 28 87 48 o.....y; Yg.[.(.H >[040] 9D 78 01 DD 59 75 4F 2B 50 B6 34 2E BC 23 61 B5 .x..YuO+ P.4..#a. >[050] DF F9 C7 B6 2F 09 19 B9 29 12 39 9F 5F E7 6E 27 ..../... ).9._.n' >[060] 13 10 5E 14 A4 D6 B6 57 28 4D 30 74 5A AB D2 05 ..^....W (M0tZ... >[070] BC 13 6C 07 ED 9F 16 FF 95 FD 32 41 94 A8 63 62 ..l..... ..2A..cb >[080] F9 19 6A 2A 51 D6 57 CD 63 E6 3D 5A 7B 13 7B 03 ..j*Q.W. c.=Z{.{. >[090] C6 6E FA 02 A2 51 22 49 16 4A 24 88 9F 00 79 3F .n...Q"I .J$...y? >[0A0] 66 C0 65 23 A9 F8 0D DD 0D A1 D4 71 E3 FB A1 00 f.e#.... ...q.... >[0B0] 3A 91 C4 69 A4 50 50 D6 03 EB FB 5B 93 12 2C 58 :..i.PP. ...[..,X >[0C0] C1 76 3E 1A 13 A8 03 CA 3A 8F EC 65 A1 B9 97 C1 .v>..... :..e.... >[0D0] 64 72 F6 BF 6F B1 C4 D8 EE 44 06 0C 00 01 00 00 dr..o... .D...... >[0E0] 00 77 00 7A 00 FF FF 00 00 77 9E 9B AF 4D EF 6E .w.z.... .w...M.n >[0F0] 75 85 37 21 CE 25 E2 B8 07 91 0C 2B 60 45 17 3E u.7!.%.. ...+`E.> >[100] F6 . >simple_packet_signature: sequence number 35 >client_check_incoming_message: seq 35: got good SMB signature of >[000] EB D9 74 87 E7 EE E8 B8 ..t..... >size=312 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=19 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 256 (0x100) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 256 (0x100) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=257 >[000] 70 05 00 02 03 10 00 00 00 00 01 20 00 0A 00 00 p....... ... .... >[010] 00 B4 00 00 00 00 00 00 00 C8 C1 37 C6 1D CC F0 ........ ...7.... >[020] 2A 06 B2 7C 85 95 F0 02 CD 34 96 E7 00 5D BD 4D *..|.... .4...].M >[030] 6F FE CD BB A5 D3 79 3B 59 67 8F 5B F3 28 87 48 o.....y; Yg.[.(.H >[040] 9D 78 01 DD 59 75 4F 2B 50 B6 34 2E BC 23 61 B5 .x..YuO+ P.4..#a. >[050] DF F9 C7 B6 2F 09 19 B9 29 12 39 9F 5F E7 6E 27 ..../... ).9._.n' >[060] 13 10 5E 14 A4 D6 B6 57 28 4D 30 74 5A AB D2 05 ..^....W (M0tZ... >[070] BC 13 6C 07 ED 9F 16 FF 95 FD 32 41 94 A8 63 62 ..l..... ..2A..cb >[080] F9 19 6A 2A 51 D6 57 CD 63 E6 3D 5A 7B 13 7B 03 ..j*Q.W. c.=Z{.{. >[090] C6 6E FA 02 A2 51 22 49 16 4A 24 88 9F 00 79 3F .n...Q"I .J$...y? >[0A0] 66 C0 65 23 A9 F8 0D DD 0D A1 D4 71 E3 FB A1 00 f.e#.... ...q.... >[0B0] 3A 91 C4 69 A4 50 50 D6 03 EB FB 5B 93 12 2C 58 :..i.PP. ...[..,X >[0C0] C1 76 3E 1A 13 A8 03 CA 3A 8F EC 65 A1 B9 97 C1 .v>..... :..e.... >[0D0] 64 72 F6 BF 6F B1 C4 D8 EE 44 06 0C 00 01 00 00 dr..o... .D...... >[0E0] 00 77 00 7A 00 FF FF 00 00 77 9E 9B AF 4D EF 6E .w.z.... .w...M.n >[0F0] 75 85 37 21 CE 25 E2 B8 07 91 0C 2B 60 45 17 3E u.7!.%.. ...+`E.> >[100] F6 . >cli_signing_trans_stop: freeing mid = 19, reply_seq_num = 35, send_seq_num = 34 data->send_seq_num = 36 >rpc_check_hdr: rdata->data_size = 256 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0100 > 000a auth_len : 0020 > 000c call_id : 0000000a >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 000000b4 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 256 >rpc_auth_pipe: pkt_type: 2 len: 256 auth_len: 32 NTLMSSP No schannel Yes sign Yes seal Yes >rpc_auth_pipe: packet: >000000 smb_io_rpc_hdr_auth auth_hdr > 0000 auth_type : 44 > 0001 auth_level : 06 > 0002 auth_pad_len : 0c > 0003 auth_reserved: 00 > 0004 auth_context_id: 00000001 >000008 smb_io_rpc_auth_netsec_chk schannel_auth_sign > 0008 sig : 77 00 7a 00 ff ff 00 00 > 0010 seq_num: 77 9e 9b af 4d ef 6e 75 > 0018 packet_digest: 85 37 21 ce 25 e2 b8 07 > 0020 confounder: 91 0c 2b 60 45 17 3e f6 >SCHANNEL: netsec_encode seq_num=1 data_len=192 >SCHANNEL: netsec_decode seq_num=1 data_len=192 >rpc_api_pipe: fragment first and last both set >000018 ds_io_r_enum_domain_trusts > 0018 num_domains: 00000001 > 00001c ds_io_dom_trusts_ctr domains > 001c ptr: 0d2cfab0 > 0020 max_count: 00000001 > 000024 ds_io_dom_trusts_ctr domain_trusts > 0024 netbios_ptr: 0d2cfaf4 > 0028 dns_ptr: 0d2cfb08 > 002c flags: 0000001d > 0030 parent_index: 00000000 > 0034 trust_type: 00000002 > 0038 trust_attributes: 00000000 > 003c sid_ptr: 0d2cfadc > 000040 smb_io_uuid guid > 0040 data : 7c714511 > 0044 data : ddf4 > 0046 data : 4562 > 0048 data : bf f8 > 004a data : 51 a0 2a db b0 eb > 000050 smb_io_unistr2 netbios_domain > 0050 uni_max_len: 0000000a > 0054 offset : 00000000 > 0058 uni_str_len: 0000000a > 005c buffer : B.I.O.W.I.S.D.O.M... > 000070 smb_io_unistr2 dns_domain > 0070 uni_max_len: 00000017 > 0074 offset : 00000000 > 0078 uni_str_len: 00000017 > 007c buffer : i.n.t.e.r.n.a.l...b.i.o.w.i.s.d.o.m...c.o.m... > 0000ac smb_io_dom_sid2 sid > 00ac num_auths: 00000004 > 0000b0 smb_io_dom_sid sid > 00b0 sid_rev_num: 01 > 00b1 num_auths : 04 > 00b2 id_auth[0] : 00 > 00b3 id_auth[1] : 00 > 00b4 id_auth[2] : 00 > 00b5 id_auth[3] : 00 > 00b6 id_auth[4] : 00 > 00b7 id_auth[5] : 05 > 00b8 sub_auths : 00000015 0462d66b 6214ad3f 28a68b82 > 00c8 status: NT_STATUS_OK >Storing response for pid 16878, len 1376 >Storing extra data: len=72 >Retrieving response for pid 16878 >Retrieving extra data length=72 >accepted socket 17 >process_request: request fn INTERFACE_VERSION >[ 0]: request interface version >process_request: request fn WINBINDD_PRIV_PIPE_DIR >[ 0]: request location of privileged pipe >accepted socket 18 >process_request: request fn GETGROUPS >[ 0]: getgroups guest >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 19 >process_request: request fn LOOKUPNAME >[16876]: lookupname BIOWISDOM\guest >fetch_cache_seqnum: invalid data size key [SEQNUM/BIOWISDOM] >ads: fetch sequence_number for BIOWISDOM >ads_find_dc: looking for realm 'internal.biowisdom.com' >get_sorted_dc_list: attempting lookup using [ads] >internal_resolve_name: looking up internal.biowisdom.com#1c >Returning expired cache entry: key = NBT/INTERNAL.BIOWISDOM.COM#1C, value = 192.168.1.22:389,192.168.1.21:389, timeout = Sat Sep 10 07:03:01 2005 > >no entry for internal.biowisdom.com#1C found. >Deleting cache entry (key = NBT/INTERNAL.BIOWISDOM.COM#1C) >resolve_hosts: Attempting to resolve DC's for internal.biowisdom.com using DNS >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 2 addresses for internal.biowisdom.com#1c: 192.168.1.22:389,192.168.1.21:389 >Adding cache entry with key = NBT/INTERNAL.BIOWISDOM.COM#1C; value = 192.168.1.22:389,192.168.1.21:389 and timeout = Sat Sep 10 11:13:30 2005 > (660 seconds ahead) >internal_resolve_name: returning 2 addresses: 192.168.1.22:389 192.168.1.21:389 >Adding 2 DC's from auto lookup >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 2 ip addresses in an unordered list >get_dc_list: 192.168.1.22:389 192.168.1.21:389 >ads_try_connect: trying ldap server '192.168.1.22' port 389 >Connected to LDAP server 192.168.1.22 >got ldap server name ws-ukdatastore@INTERNAL.BIOWISDOM.COM, using bind path: dc=INTERNAL,dc=BIOWISDOM,dc=COM >time offset is 0 seconds >Found SASL mechanism GSS-SPNEGO >ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >ads_sasl_spnego_bind: got server principal name =ws-ukdatastore$@INTERNAL.BIOWISDOM.COM >ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >Ticket in ccache[MEMORY:winbind_ccache] expiration Sat, 10 Sep 2005 21:02:30 GMT >ads_krb5_mk_req: Ticket (ws-ukdatastore$@INTERNAL.BIOWISDOM.COM) in ccache (MEMORY:winbind_ccache) is valid until: (Sat, 10 Sep 2005 21:02:30 GMT - 1126382550) >Got KRB5 session key of length 16 >Search for (objectclass=*) gave 1 replies >store_cache_seqnum: success [BIOWISDOM][4740154 @ 1126346550] >refresh_sequence_number: BIOWISDOM seq number is now 4740154 >name_to_sid: [Cached] - doing backend query for name for domain BIOWISDOM >rpc: name_to_sid name=BIOWISDOM\guest >name_to_sid [rpc] guest for domain BIOWISDOM >simple_packet_signature: sequence number 36 >client_sign_outgoing_message: sent SMB signature of >[000] A6 F7 05 94 BD 45 16 3B .....E.; >store_sequence_for_reply: stored seq = 37 mid = 20 >write_socket(12,104) >write_socket(12,104) wrote 104 >got smb length of 103 >size=103 >smb_com=0xa2 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=20 >smt_wct=34 >smb_vwv[ 0]= 255 (0xFF) >smb_vwv[ 1]= 103 (0x67) >smb_vwv[ 2]= 1536 (0x600) >smb_vwv[ 3]= 448 (0x1C0) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 0 (0x0) >smb_vwv[11]= 0 (0x0) >smb_vwv[12]= 0 (0x0) >smb_vwv[13]= 0 (0x0) >smb_vwv[14]= 0 (0x0) >smb_vwv[15]= 0 (0x0) >smb_vwv[16]= 0 (0x0) >smb_vwv[17]= 0 (0x0) >smb_vwv[18]= 0 (0x0) >smb_vwv[19]= 0 (0x0) >smb_vwv[20]= 0 (0x0) >smb_vwv[21]=32768 (0x8000) >smb_vwv[22]= 0 (0x0) >smb_vwv[23]= 0 (0x0) >smb_vwv[24]= 16 (0x10) >smb_vwv[25]= 0 (0x0) >smb_vwv[26]= 0 (0x0) >smb_vwv[27]= 0 (0x0) >smb_vwv[28]= 0 (0x0) >smb_vwv[29]= 0 (0x0) >smb_vwv[30]= 0 (0x0) >smb_vwv[31]= 512 (0x200) >smb_vwv[32]=65280 (0xFF00) >smb_vwv[33]= 5 (0x5) >smb_bcc=0 >get_sequence_for_reply: found seq = 37 mid = 20 >simple_packet_signature: sequence number 37 >client_check_incoming_message: seq 37: got good SMB signature of >[000] A0 40 FF 51 87 A4 E0 29 .@.Q...) >Bind RPC Pipe[c006]: \PIPE\lsarpc >Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. >[010] 00 00 00 00 .... >Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` >[010] 02 00 00 00 .... >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 0000000b >000010 smb_io_rpc_hdr_rb > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 00000000 > 0018 num_contexts: 01 > 001c context_id : 0000 > 001e num_transfer_syntaxes: 01 > 00001f smb_io_rpc_iface > 000020 smb_io_uuid uuid > 0020 data : 12345778 > 0024 data : 1234 > 0026 data : abcd > 0028 data : ef 00 > 002a data : 01 23 45 67 89 ab > 0030 version: 00000000 > 000034 smb_io_rpc_iface > 000034 smb_io_uuid uuid > 0034 data : 8a885d04 > 0038 data : 1ceb > 003a data : 11c9 > 003c data : 9f e8 > 003e data : 08 00 2b 10 48 60 > 0044 version: 00000002 >rpc_api_pipe: fnum:c006 >size=154 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=21 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 72 (0x48) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 1024 (0x400) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 72 (0x48) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49158 (0xC006) >smb_bcc=87 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 0B 03 10 00 00 00 48 00 00 00 0B 00 00 00 B8 .......H ........ >[020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x >[030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... >[040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ >[050] 10 48 60 02 00 00 00 .H`.... >simple_packet_signature: sequence number 38 >client_sign_outgoing_message: sent SMB signature of >[000] E0 03 1C 59 E5 82 6B 95 ...Y..k. >store_sequence_for_reply: stored seq = 39 mid = 21 >write_socket(12,158) >write_socket(12,158) wrote 158 >get_sequence_for_reply: found seq = 39 mid = 21 >cli_signing_trans_start: storing mid = 21, reply_seq_num = 39, send_seq_num = 38 data->send_seq_num = 40 >got smb length of 124 >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 H....... .D...... >[010] 00 B8 10 B8 10 5D 86 02 00 0C 00 5C 50 49 50 45 .....].. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >simple_packet_signature: sequence number 39 >client_check_incoming_message: seq 39: got good SMB signature of >[000] 8D 73 D5 0E 19 5F D5 F5 .s..._.. >size=124 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=21 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 68 (0x44) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=69 >[000] 48 05 00 0C 03 10 00 00 00 44 00 00 00 0B 00 00 H....... .D...... >[010] 00 B8 10 B8 10 5D 86 02 00 0C 00 5C 50 49 50 45 .....].. ...\PIPE >[020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ >[030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H >[040] 60 02 00 00 00 `.... >cli_signing_trans_stop: freeing mid = 21, reply_seq_num = 39, send_seq_num = 38 data->send_seq_num = 40 >rpc_check_hdr: rdata->data_size = 68 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 0000000b >rpc_api_pipe: len left: 0 smbtrans read: 68 >rpc_api_pipe: fragment first and last both set >rpc_pipe_bind: rpc_api_pipe returned OK. >000010 smb_io_rpc_hdr_ba > 000010 smb_io_rpc_hdr_bba > 0010 max_tsize: 10b8 > 0012 max_rsize: 10b8 > 0014 assoc_gid: 0002865d > 000018 smb_io_rpc_addr_str > 0018 len: 000c > 001a str: \PIPE\lsass. > 000026 smb_io_rpc_results > 0028 num_results: 01 > 002c result : 0000 > 002e reason : 0000 > 000030 smb_io_rpc_iface > 000030 smb_io_uuid uuid > 0030 data : 8a885d04 > 0034 data : 1ceb > 0036 data : 11c9 > 0038 data : 9f e8 > 003a data : 08 00 2b 10 48 60 > 0040 version: 00000002 >bind_rpc_pipe: accepted! >init_lsa_sec_qos >init_open_pol: attr:0 da:33554432 >init_lsa_obj_attr >000000 lsa_io_q_open_pol > 0000 ptr : 00000001 > 0004 system_name: 005c > 000008 lsa_io_obj_attr > 0008 len : 00000018 > 000c ptr_root_dir: 00000000 > 0010 ptr_obj_name: 00000000 > 0014 attributes : 00000000 > 0018 ptr_sec_desc: 00000000 > 001c ptr_sec_qos : 00000001 > 000020 lsa_io_obj_qos sec_qos > 0020 len : 0000000c > 0024 sec_imp_level : 0002 > 0026 sec_ctxt_mode : 01 > 0027 effective_only: 00 >lsa_io_sec_qos: length c does not match size 8 > 0028 des_access: 02000000 >create_rpc_request: opnum: 0x6 data_len: 0x44 >create_rpc_request: data_len: 44 auth_len: 0 alloc_hint: 34 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000034 > 0014 context_id: 0000 > 0016 opnum : 0006 >rpc_api_pipe: fnum:c006 >size=150 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=22 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 68 (0x44) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 68 (0x44) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49158 (0xC006) >smb_bcc=83 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 44 00 00 00 0C 00 00 00 34 .......D .......4 >[020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... >[030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ >[050] 00 00 02 ... >simple_packet_signature: sequence number 40 >client_sign_outgoing_message: sent SMB signature of >[000] 25 42 84 0C 10 64 05 AE %B...d.. >store_sequence_for_reply: stored seq = 41 mid = 22 >write_socket(12,154) >write_socket(12,154) wrote 154 >get_sequence_for_reply: found seq = 41 mid = 22 >cli_signing_trans_start: storing mid = 22, reply_seq_num = 41, send_seq_num = 40 data->send_seq_num = 42 >got smb length of 104 >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 44 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 D....... .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 D7 1B ........ ........ >[020] 37 3F A9 9A 49 A7 7D AF EA E9 27 A4 7F 00 00 00 7?..I.}. ..'..... >[030] 00 . >simple_packet_signature: sequence number 41 >client_check_incoming_message: seq 41: got good SMB signature of >[000] 34 32 E4 A6 F1 3B 6E 9A 42...;n. >size=104 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=22 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 48 (0x30) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 48 (0x30) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=49 >[000] 44 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 D....... .0...... >[010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 D7 1B ........ ........ >[020] 37 3F A9 9A 49 A7 7D AF EA E9 27 A4 7F 00 00 00 7?..I.}. ..'..... >[030] 00 . >cli_signing_trans_stop: freeing mid = 22, reply_seq_num = 41, send_seq_num = 40 data->send_seq_num = 42 >rpc_check_hdr: rdata->data_size = 48 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 0000000c >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 48 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_open_pol > 000018 smb_io_pol_hnd > 0018 data1: 00000000 > 001c data2: 371bd707 > 0020 data3: a93f > 0022 data4: 499a > 0024 data5: a7 7d af ea e9 27 a4 7f > 002c status: NT_STATUS_OK >init_q_lookup_names >000000 lsa_io_q_lookup_names > 000000 smb_io_pol_hnd > 0000 data1: 00000000 > 0004 data2: 371bd707 > 0008 data3: a93f > 000a data4: 499a > 000c data5: a7 7d af ea e9 27 a4 7f > 0014 num_entries : 00000001 > 0018 num_entries2 : 00000001 > 00001c smb_io_unihdr hdr_name > 001c uni_str_len: 001e > 001e uni_max_len: 001e > 0020 buffer : 00000001 > 000024 smb_io_unistr2 dom_name > 0024 uni_max_len: 0000000f > 0028 offset : 00000000 > 002c uni_str_len: 0000000f > 0030 buffer : B.I.O.W.I.S.D.O.M.\.g.u.e.s.t. > 0050 num_trans_entries : 00000000 > 0054 ptr_trans_sids : 00000000 > 0058 lookup_level : 00000001 > 005c mapped_count : 00000000 >create_rpc_request: opnum: 0xe data_len: 0x78 >create_rpc_request: data_len: 78 auth_len: 0 alloc_hint: 68 >000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0078 > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_req hdr_req > 0010 alloc_hint: 00000068 > 0014 context_id: 0000 > 0016 opnum : 000e >rpc_api_pipe: fnum:c006 >size=202 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=8 >smb_flg2=55297 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=23 >smt_wct=16 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 120 (0x78) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 4280 (0x10B8) >smb_vwv[ 4]= 0 (0x0) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 0 (0x0) >smb_vwv[ 7]= 0 (0x0) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_vwv[10]= 82 (0x52) >smb_vwv[11]= 120 (0x78) >smb_vwv[12]= 82 (0x52) >smb_vwv[13]= 2 (0x2) >smb_vwv[14]= 38 (0x26) >smb_vwv[15]=49158 (0xC006) >smb_bcc=135 >[000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... >[010] 00 00 03 10 00 00 00 78 00 00 00 0D 00 00 00 68 .......x .......h >[020] 00 00 00 00 00 0E 00 00 00 00 00 07 D7 1B 37 3F ........ ......7? >[030] A9 9A 49 A7 7D AF EA E9 27 A4 7F 01 00 00 00 01 ..I.}... '....... >[040] 00 00 00 1E 00 1E 00 01 00 00 00 0F 00 00 00 00 ........ ........ >[050] 00 00 00 0F 00 00 00 42 00 49 00 4F 00 57 00 49 .......B .I.O.W.I >[060] 00 53 00 44 00 4F 00 4D 00 5C 00 67 00 75 00 65 .S.D.O.M .\.g.u.e >[070] 00 73 00 74 00 00 00 00 00 00 00 00 00 00 00 01 .s.t.... ........ >[080] 00 00 00 00 00 00 00 ....... >simple_packet_signature: sequence number 42 >client_sign_outgoing_message: sent SMB signature of >[000] 25 9F 15 E6 5F 58 10 92 %..._X.. >store_sequence_for_reply: stored seq = 43 mid = 23 >write_socket(12,206) >write_socket(12,206) wrote 206 >get_sequence_for_reply: found seq = 43 mid = 23 >cli_signing_trans_start: storing mid = 23, reply_seq_num = 43, send_seq_num = 42 data->send_seq_num = 44 >got smb length of 204 >size=204 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=23 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 148 (0x94) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 148 (0x94) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=149 >[000] 78 05 00 02 03 10 00 00 00 94 00 00 00 0D 00 00 x....... ........ >[010] 00 7C 00 00 00 00 00 00 00 20 AA 28 0D 01 00 00 .|...... . .(.... >[020] 00 38 76 14 00 20 00 00 00 01 00 00 00 12 00 14 .8v.. .. ........ >[030] 00 68 92 29 0D 70 05 9D 01 0A 00 00 00 00 00 00 .h.).p.. ........ >[040] 00 09 00 00 00 42 00 49 00 4F 00 57 00 49 00 53 .....B.I .O.W.I.S >[050] 00 44 00 4F 00 4D 00 00 00 04 00 00 00 01 04 00 .D.O.M.. ........ >[060] 00 00 00 00 05 15 00 00 00 6B D6 62 04 3F AD 14 ........ .k.b.?.. >[070] 62 82 8B A6 28 01 00 00 00 D8 7E 26 0D 01 00 00 b...(... ..~&.... >[080] 00 01 00 6E 00 F5 01 00 00 00 00 00 00 01 00 00 ...n.... ........ >[090] 00 00 00 00 00 ..... >simple_packet_signature: sequence number 43 >client_check_incoming_message: seq 43: got good SMB signature of >[000] DF 90 73 42 99 7F 5B 55 ..sB..[U >size=204 >smb_com=0x25 >smb_rcls=0 >smb_reh=0 >smb_err=0 >smb_flg=136 >smb_flg2=55301 >smb_tid=59397 >smb_pid=16878 >smb_uid=45056 >smb_mid=23 >smt_wct=10 >smb_vwv[ 0]= 0 (0x0) >smb_vwv[ 1]= 148 (0x94) >smb_vwv[ 2]= 0 (0x0) >smb_vwv[ 3]= 0 (0x0) >smb_vwv[ 4]= 56 (0x38) >smb_vwv[ 5]= 0 (0x0) >smb_vwv[ 6]= 148 (0x94) >smb_vwv[ 7]= 56 (0x38) >smb_vwv[ 8]= 0 (0x0) >smb_vwv[ 9]= 0 (0x0) >smb_bcc=149 >[000] 78 05 00 02 03 10 00 00 00 94 00 00 00 0D 00 00 x....... ........ >[010] 00 7C 00 00 00 00 00 00 00 20 AA 28 0D 01 00 00 .|...... . .(.... >[020] 00 38 76 14 00 20 00 00 00 01 00 00 00 12 00 14 .8v.. .. ........ >[030] 00 68 92 29 0D 70 05 9D 01 0A 00 00 00 00 00 00 .h.).p.. ........ >[040] 00 09 00 00 00 42 00 49 00 4F 00 57 00 49 00 53 .....B.I .O.W.I.S >[050] 00 44 00 4F 00 4D 00 00 00 04 00 00 00 01 04 00 .D.O.M.. ........ >[060] 00 00 00 00 05 15 00 00 00 6B D6 62 04 3F AD 14 ........ .k.b.?.. >[070] 62 82 8B A6 28 01 00 00 00 D8 7E 26 0D 01 00 00 b...(... ..~&.... >[080] 00 01 00 6E 00 F5 01 00 00 00 00 00 00 01 00 00 ...n.... ........ >[090] 00 00 00 00 00 ..... >cli_signing_trans_stop: freeing mid = 23, reply_seq_num = 43, send_seq_num = 42 data->send_seq_num = 44 >rpc_check_hdr: rdata->data_size = 148 >000000 smb_io_rpc_hdr rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0094 > 000a auth_len : 0000 > 000c call_id : 0000000d >000010 smb_io_rpc_hdr_resp rpc_hdr_resp > 0010 alloc_hint: 0000007c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >rpc_api_pipe: len left: 0 smbtrans read: 148 >rpc_api_pipe: fragment first and last both set >000018 lsa_io_r_lookup_names > 0018 ptr_dom_ref: 0d28aa20 > 00001c lsa_io_dom_r_ref > 001c num_ref_doms_1: 00000001 > 0020 ptr_ref_dom : 00147638 > 0024 max_entries : 00000020 > 0028 num_ref_doms_2: 00000001 > 00002c smb_io_unihdr dom_ref[0] > 002c uni_str_len: 0012 > 002e uni_max_len: 0014 > 0030 buffer : 0d299268 > 0034 sid_ptr[0] : 019d0570 > 000038 smb_io_unistr2 dom_ref[0] > 0038 uni_max_len: 0000000a > 003c offset : 00000000 > 0040 uni_str_len: 00000009 > 0044 buffer : B.I.O.W.I.S.D.O.M. > 000058 smb_io_dom_sid2 sid_ptr[0] > 0058 num_auths: 00000004 > 00005c smb_io_dom_sid sid > 005c sid_rev_num: 01 > 005d num_auths : 04 > 005e id_auth[0] : 00 > 005f id_auth[1] : 00 > 0060 id_auth[2] : 00 > 0061 id_auth[3] : 00 > 0062 id_auth[4] : 00 > 0063 id_auth[5] : 05 > 0064 sub_auths : 00000015 0462d66b 6214ad3f 28a68b82 > 0074 num_entries: 00000001 > 0078 ptr_entries: 0d267ed8 > 007c num_entries2: 00000001 > 000080 smb_io_dom_rid2 > 0080 type : 01 > 0084 rid : 000001f5 > 0088 rid_idx: 00000000 > 008c mapped_count: 00000001 > 0090 status : NT_STATUS_OK >wcache_save_name_to_sid: GUEST -> S-1-5-21-73586283-1645522239-682003330-501 >Storing response for pid 16878, len 1304 >Retrieving response for pid 16878 >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 39 >process_request: request fn GETUSERDOMGROUPS >refresh_sequence_number: BIOWISDOM time ok >refresh_sequence_number: BIOWISDOM seq number is now 4740154 >lookup_usergroups: [Cached] - doing backend query for info for domain BIOWISDOM >ads: lookup_usergroups >Current tickets expire at 1126382550, time is now 1126346550 >Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\6B\D6\62\04\3F\AD\14\62\82\8B\A6\28\F5\01\00\00) gave 1 replies >ads sid_to_dn mapped CN=Guest,CN=Users,DC=internal,DC=biowisdom,DC=com >Search for (objectclass=*) gave 1 replies >pulling SID: S-1-5-32-545 >pulling SID: S-1-5-32-546 >pulling SID: S-1-5-21-73586283-1645522239-682003330-514 >pulling SID: S-1-5-21-73586283-1645522239-682003330-513 >ads lookup_usergroups for sid=S-1-5-21-73586283-1645522239-682003330-501 >refresh_sequence_number: BIOWISDOM time ok >refresh_sequence_number: BIOWISDOM seq number is now 4740154 >Storing response for pid 16878, len 1417 >Storing extra data: len=113 >=============================================================== >INTERNAL ERROR: Signal 6 in pid 16878 (3.0.20-3-devel-SUSE) >Please read the appendix Bugs of the Samba HOWTO collection >=============================================================== >smb_panic: clobber_region() last called from [sprintf_append(2206)] >PANIC: internal error >BACKTRACE: 15 stack frames: > #0 winbindd(smb_panic2+0x108) [0x495438] > #1 winbindd [0x4831b6] > #2 /lib64/tls/libc.so.6 [0x2aaaab95ff00] > #3 /lib64/tls/libc.so.6(gsignal+0x39) [0x2aaaab95fe79] > #4 /lib64/tls/libc.so.6(abort+0x13f) [0x2aaaab96148f] > #5 /lib64/tls/libc.so.6 [0x2aaaab9945d3] > #6 /lib64/tls/libc.so.6 [0x2aaaab999153] > #7 /lib64/tls/libc.so.6(__libc_free+0x77) [0x2aaaab99a8a7] > #8 winbindd [0x44db5d] > #9 winbindd(async_request+0x9a) [0x44e1fa] > #10 winbindd(init_child_connection+0x148) [0x43b9f8] > #11 winbindd(rescan_trusted_domains+0xee) [0x43c18e] > #12 winbindd(main+0x415) [0x434235] > #13 /lib64/tls/libc.so.6(__libc_start_main+0xea) [0x2aaaab94e54a] > #14 winbindd [0x432eaa] >Could not receive async reply >client_read: read 1828 bytes. Need 0 more for a full request. >child daemon request 39 >process_request: request fn GETUSERDOMGROUPS >fetch_cache_seqnum: success [BIOWISDOM][4740154 @ 1126346550] >refresh_sequence_number: BIOWISDOM seq number is now 4740154 >centry_expired: Key UG/S-1-5-21-73586283-1645522239-682003330-501 for domain BIOWISDOM is good. >wcache_fetch: returning entry UG/S-1-5-21-73586283-1645522239-682003330-501 for domain BIOWISDOM >lookup_usergroups: [Cached] - cached info for domain BIOWISDOM status Success >Storing response for pid 16881, len 1417 >Storing extra data: len=113 >=============================================================== >INTERNAL ERROR: Signal 6 in pid 16881 (3.0.20-3-devel-SUSE) >Please read the appendix Bugs of the Samba HOWTO collection >=============================================================== >smb_panic: clobber_region() last called from [sprintf_append(2206)] >PANIC: internal error >BACKTRACE: 12 stack frames: > #0 winbindd(smb_panic2+0x108) [0x495438] > #1 winbindd [0x4831b6] > #2 /lib64/tls/libc.so.6 [0x2aaaab95ff00] > #3 /lib64/tls/libc.so.6(gsignal+0x39) [0x2aaaab95fe79] > #4 /lib64/tls/libc.so.6(abort+0x13f) [0x2aaaab96148f] > #5 /lib64/tls/libc.so.6 [0x2aaaab9945d3] > #6 /lib64/tls/libc.so.6 [0x2aaaab999153] > #7 /lib64/tls/libc.so.6(__libc_free+0x77) [0x2aaaab99a8a7] > #8 winbindd [0x44db5d] > #9 winbindd(main+0x8dc) [0x4346fc] > #10 /lib64/tls/libc.so.6(__libc_start_main+0xea) [0x2aaaab94e54a] > #11 winbindd [0x432eaa] >Could not receive async reply
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1430">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3082
:
1429
| 1430 |
1431
|
1432
|
1433
|
1434