INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 Using netbios name VBM-LINSAM. Using workgroup WORKGROUP. parsed path: fname='smb://fs.rookad.local/home/sam' server='fs.rookad.local' share='home' path='\sam' options='' SMBC_check_options(): server='fs.rookad.local' share='home' path='\sam' options='' SMBC_server: server_n=[fs.rookad.local] server=[fs.rookad.local] -> server_n=[fs.rookad.local] server=[fs.rookad.local] Opening cache file at /run/samba/gencache.tdb sitename_fetch: No stored sitename for realm '' internal_resolve_name: looking up fs.rookad.local#20 (sitename (null)) gencache_set_data_blob: Adding cache entry with key=[NBT/FS.ROOKAD.LOCAL#20] and timeout=[Thu Jan 1 00:00:00 1970 UTC] (-1672760283 seconds in the past) namecache_fetch: no entry for fs.rookad.local#20 found. resolve_hosts: Attempting host lookup for name fs.rookad.local<0x20> remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 3 addresses for fs.rookad.local#20: 10.17.207.27,10.17.207.28,10.17.207.29 gencache_set_data_blob: Adding cache entry with key=[NBT/FS.ROOKAD.LOCAL#20] and timeout=[Tue Jan 3 15:49:03 2023 UTC] (660 seconds ahead) internal_resolve_name: returning 3 addresses: 10.17.207.27 10.17.207.28 10.17.207.29 Connecting to 10.17.207.27 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 cli_session_setup_spnego_send: Connect to fs.rookad.local as administrator@ROOKAD using SPNEGO GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : * Workstation : '' Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) gensec_update_send: ntlmssp[0x559baa4e89e0]: subreq: 0x559baa4cdf20 gensec_update_send: spnego[0x559baa4e4bc0]: subreq: 0x559baa4e75d0 gensec_update_done: ntlmssp[0x559baa4e89e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x559baa4cdf20/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x559baa4ce0e0)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215] gensec_update_done: spnego[0x559baa4e4bc0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x559baa4e75d0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x559baa4e7790)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH short string '', sent with NULL termination despite NOTERM flag in IDL challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000c (12) TargetNameMaxLen : 0x000c (12) TargetName : * TargetName : 'ROOKAD' NegotiateFlags : 0x62898215 (1653178901) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : df2a7531711fe02a Reserved : 0000000000000000 TargetInfoLen : 0x0062 (98) TargetInfoMaxLen : 0x0062 (98) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000006 (6) pair: ARRAY(6) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'ROOKAD' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0002 (2) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'ntnx-10-17-207-31-a-fsvm' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Jan 3 15:38:03 2023 UTC pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x0000 (0) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) short string '', sent with NULL termination despite NOTERM flag in IDL authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE_with_len(case 24) v1: struct LM_RESPONSE Response : 000000000000000000000000000000000000000000000000 NtChallengeResponseLen : 0x0108 (264) NtChallengeResponseMaxLen: 0x0108 (264) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE_with_len(case 264) v2: struct NTLMv2_RESPONSE Response : cff1133fde46947de3a013ad4fea7050 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Tue Jan 3 15:38:03 2023 UTC ChallengeFromClient : 57f4b5667cc1590b Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x0000000a (10) pair: ARRAY(10) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'ROOKAD' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'ntnx-10-17-207-31-a-fsvm' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Jan 3 15:38:03 2023 UTC pair: struct AV_PAIR AvId : MsvAvFlags (0x6) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x6) AvFlags : 0x00000002 (2) 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE pair: struct AV_PAIR AvId : MsvAvSingleHost (0x8) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x8) AvSingleHost: struct ntlmssp_SingleHostData Size : 0x00000030 (48) Z4 : 0x00000000 (0) token_info: struct LSAP_TOKEN_INFO_INTEGRITY Flags : 0x00000000 (0) TokenIL : 0x00000000 (0) MachineId : ce3b3c55dbe844fb6f544f85d9809746cb22f0935b651a6e2783d73323884077 remaining : DATA_BLOB length=0 pair: struct AV_PAIR AvId : MsvChannelBindings (0xA) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0xA) ChannelBindings : 00000000000000000000000000000000 pair: struct AV_PAIR AvId : MsvAvTargetName (0x9) AvLen : 0x0028 (40) Value : union ntlmssp_AvValue(case 0x9) AvTargetName : 'cifs/fs.rookad.local' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x000c (12) DomainNameMaxLen : 0x000c (12) DomainName : * DomainName : 'ROOKAD' UserNameLen : 0x001a (26) UserNameMaxLen : 0x001a (26) UserName : * UserName : 'administrator' WorkstationLen : 0x0014 (20) WorkstationMaxLen : 0x0014 (20) Workstation : * Workstation : 'VBM-LINSAM' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] C5 65 A5 95 4A 0A B3 34 7A 34 F3 43 F0 AA 88 89 .e..J..4 z4.C.... NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH dump_arc4_state: NTLMSSP send seal arc4 state: dump_arc4_state: NTLMSSP recv seal arc4 state: gensec_update_send: ntlmssp[0x559baa4e89e0]: subreq: 0x559baa4e0c60 gensec_update_send: spnego[0x559baa4e4bc0]: subreq: 0x559baa4ebea0 gensec_update_done: ntlmssp[0x559baa4e89e0]: NT_STATUS_OK tevent_req[0x559baa4e0c60/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x559baa4e0e20)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:222] gensec_update_done: spnego[0x559baa4e4bc0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x559baa4ebea0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x559baa4ec060)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] ntlmssp_check_packet: NTLMSSP signature OK ! NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH dump_arc4_state: NTLMSSP send seal arc4 state: dump_arc4_state: NTLMSSP recv seal arc4 state: gensec_update_send: spnego[0x559baa4e4bc0]: subreq: 0x559baa4eb920 gensec_update_done: spnego[0x559baa4e4bc0]: NT_STATUS_OK tevent_req[0x559baa4eb920/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x559baa4ebae0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] session setup ok signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) tconx ok Case sensitive: True Server connect ok: //fs.rookad.local/home: 0x559baa4eaea0 sitename_fetch: No stored sitename for realm '' internal_resolve_name: looking up fs.rookad.local#20 (sitename (null)) namecache_fetch: name fs.rookad.local#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Connecting to 10.17.207.27 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 session request ok negotiated dialect[SMB3_11] against server[fs.rookad.local] cli_session_setup_spnego_send: Connect to fs.rookad.local as rookad/administrator@WORKGROUP using SPNEGO Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : * Workstation : '' Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) gensec_update_send: ntlmssp[0x559baa5020f0]: subreq: 0x559baa4cdf20 gensec_update_send: spnego[0x559baa4e4bc0]: subreq: 0x559baa503cc0 gensec_update_done: ntlmssp[0x559baa5020f0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x559baa4cdf20/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x559baa4ce0e0)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215] gensec_update_done: spnego[0x559baa4e4bc0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x559baa503cc0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x559baa503e80)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH short string '', sent with NULL termination despite NOTERM flag in IDL challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000c (12) TargetNameMaxLen : 0x000c (12) TargetName : * TargetName : 'ROOKAD' NegotiateFlags : 0x62898215 (1653178901) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : f693117fe807ab79 Reserved : 0000000000000000 TargetInfoLen : 0x0062 (98) TargetInfoMaxLen : 0x0062 (98) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000006 (6) pair: ARRAY(6) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'ROOKAD' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0002 (2) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'ntnx-10-17-207-31-a-fsvm' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Jan 3 15:38:03 2023 UTC pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x0000 (0) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) short string '', sent with NULL termination despite NOTERM flag in IDL authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE_with_len(case 24) v1: struct LM_RESPONSE Response : 000000000000000000000000000000000000000000000000 NtChallengeResponseLen : 0x0108 (264) NtChallengeResponseMaxLen: 0x0108 (264) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE_with_len(case 264) v2: struct NTLMv2_RESPONSE Response : f769d0184481f1766368791c8d41a7ef Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Tue Jan 3 15:38:03 2023 UTC ChallengeFromClient : d565cfa6dcedb032 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x0000000a (10) pair: ARRAY(10) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'ROOKAD' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FS' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'ntnx-10-17-207-31-a-fsvm' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Jan 3 15:38:03 2023 UTC pair: struct AV_PAIR AvId : MsvAvFlags (0x6) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x6) AvFlags : 0x00000002 (2) 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE pair: struct AV_PAIR AvId : MsvAvSingleHost (0x8) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x8) AvSingleHost: struct ntlmssp_SingleHostData Size : 0x00000030 (48) Z4 : 0x00000000 (0) token_info: struct LSAP_TOKEN_INFO_INTEGRITY Flags : 0x00000000 (0) TokenIL : 0x00000000 (0) MachineId : 7df567027014a423bbabd3001a1f80e9a5d151e3dd9f4d1b5f1261a5b8237874 remaining : DATA_BLOB length=0 pair: struct AV_PAIR AvId : MsvChannelBindings (0xA) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0xA) ChannelBindings : 00000000000000000000000000000000 pair: struct AV_PAIR AvId : MsvAvTargetName (0x9) AvLen : 0x0028 (40) Value : union ntlmssp_AvValue(case 0x9) AvTargetName : 'cifs/fs.rookad.local' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0012 (18) DomainNameMaxLen : 0x0012 (18) DomainName : * DomainName : 'WORKGROUP' UserNameLen : 0x0028 (40) UserNameMaxLen : 0x0028 (40) UserName : * UserName : 'rookad/administrator' WorkstationLen : 0x0014 (20) WorkstationMaxLen : 0x0014 (20) Workstation : * Workstation : 'VBM-LINSAM' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 32 3B DA 3B 86 49 8D 6B C1 B7 03 33 5A 7C CE 13 2;.;.I.k ...3Z|.. NegotiateFlags : 0x62088215 (1644724757) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0000 (0) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH dump_arc4_state: NTLMSSP send seal arc4 state: dump_arc4_state: NTLMSSP recv seal arc4 state: gensec_update_send: ntlmssp[0x559baa5020f0]: subreq: 0x559baa4e0c60 gensec_update_send: spnego[0x559baa4e4bc0]: subreq: 0x559baa503cc0 gensec_update_done: ntlmssp[0x559baa5020f0]: NT_STATUS_OK tevent_req[0x559baa4e0c60/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x559baa4e0e20)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:222] gensec_update_done: spnego[0x559baa4e4bc0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x559baa503cc0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x559baa503e80)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] SPNEGO login failed: The attempted logon is invalid. This is either due to a bad username or authentication information. session setup failed: NT_STATUS_LOGON_FAILURE Could not resolve \sam\* smbc_getFunctionOpendir: No such file or directory