The Samba-Bugzilla – Attachment 18162 Details for
Bug 15495
Domain Join Fails With Samba to Domain Running in Server 2022 Insider Preview Build (25951)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Samba domain join logs (plain text)
samba_domain_join_logs.txt (text/plain), 133.01 KB, created by
Akshatha Baliga
on 2023-10-17 09:03:20 UTC
(
hide
)
Description:
Samba domain join logs (plain text)
Filename:
MIME Type:
Creator:
Akshatha Baliga
Created:
2023-10-17 09:03:20 UTC
Size:
133.01 KB
patch
obsolete
>root@oak-vcs1307:~# cat /etc/os-release >NAME="Ubuntu" >VERSION="20.04.4 LTS (Focal Fossa)" >ID=ubuntu >ID_LIKE=debian >PRETTY_NAME="Ubuntu 20.04.4 LTS" >VERSION_ID="20.04" >HOME_URL="https://www.ubuntu.com/" >SUPPORT_URL="https://help.ubuntu.com/" >BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" >PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" >VERSION_CODENAME=focal >UBUNTU_CODENAME=focal >root@oak-vcs1307:~# /usr/bin/net -V >Version 4.19.1 >root@oak-vcs1307:~# /usr/bin/net ads join -d 10 --no-dns-updates -U Administrator%******-k >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 >WARNING: The option -k|--kerberos is deprecated! >lp_load_ex: refreshing parameters >Initialising global parameters >rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 >doing parameter workgroup = DC2022 >doing parameter realm = DC2022.TEST >doing parameter security = ads >doing parameter idmap config * : backend = tdb >doing parameter idmap config * : range = 3000-7999 >doing parameter idmap config DC2022 : backend = rid >doing parameter idmap config DC2022 : range = 10000-999999 >doing parameter template homedir = /home/%U >doing parameter template shell = /bin/bash >doing parameter winbind use default domain = true >doing parameter winbind offline logon = false >pm_process() returned Yes >lp_servicenumber: couldn't find homes >added interface eth0 ip=2600:809:200:536:250:56ff:feae:2291 bcast= netmask=ffff:ffff:ffff:ffff:: >added interface eth0 ip=10.5.54.91 bcast=10.5.54.255 netmask=255.255.255.0 >added interface eth1 ip=10.5.140.58 bcast=10.5.255.255 netmask=255.255.128.0 >messaging_dgm_ref: messaging_dgm_init returned Success >messaging_dgm_ref: unique = 16345522056155018957 >Registering messaging pointer for type 2 - private_data=(nil) >register_msg_pool_usage: Registered MSG_REQ_POOL_USAGE >Registering messaging pointer for type 11 - private_data=(nil) >Registering messaging pointer for type 12 - private_data=(nil) >Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >Registering messaging pointer for type 1 - private_data=(nil) >Registering messaging pointer for type 5 - private_data=(nil) >Registering messaging pointer for type 51 - private_data=(nil) >messaging_init_internal: my id: 1557 >added interface eth0 ip=2600:809:200:536:250:56ff:feae:2291 bcast= netmask=ffff:ffff:ffff:ffff:: >added interface eth0 ip=10.5.54.91 bcast=10.5.54.255 netmask=255.255.255.0 >added interface eth1 ip=10.5.140.58 bcast=10.5.255.255 netmask=255.255.128.0 >libnet_Join: >   libnet_JoinCtx: struct libnet_JoinCtx >       in: struct libnet_JoinCtx >           dc_name                 : NULL >           machine_name            : 'OAK-VCS1307' >           domain_name             : * >               domain_name             : 'DC2022.TEST' >           domain_name_type        : JoinDomNameTypeDNS (1) >           account_ou              : NULL >           admin_account           : 'Administrator' >           admin_domain            : NULL >           machine_password        : NULL >           join_flags              : 0x00000023 (35) >                  0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS >                  0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >                  0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >                  0: WKSSVC_JOIN_FLAGS_DEFER_SPN >                  0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >                  0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >                  1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >                  0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >                  0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >                  1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >                  1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >           os_version              : NULL >           os_name                 : NULL >           os_servicepack          : NULL >           create_upn              : 0x00 (0) >           upn                     : NULL >           dnshostname             : NULL >           modify_config           : 0x00 (0) >           ads                     : NULL >           debug                   : 0x01 (1) >           use_kerberos            : 0x01 (1) >           secure_channel_type     : SEC_CHAN_WKSTA (2) >           desired_encryption_types : 0x0000001c (28) >           provision_computer_account_only: 0x00 (0) >           odj_provision_data      : NULL >           request_offline_join    : 0x00 (0) >Opening cache file at /usr/local/samba/var/lock/gencache.tdb >sitename_fetch: Returning sitename for realm 'DC2022.TEST': "Default-First-Site-Name" >dsgetdcname_internal: domain_name: DC2022.TEST, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011 >debug_dsdcinfo_flags: 0x40021011 >           DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME >dsgetdcname_rediscover >dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71 >dns_cli_request_send: Asking 10.5.139.71 for _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DC2022.TEST/1/33 via UDP >[0000] 58 E1 01 00 00 01 00 00  00 00 00 00 05 5F 6C 64  X....... ....._ld >[0010] 61 70 04 5F 74 63 70 17  44 65 66 61 75 6C 74 2D  ap._tcp. Default- >[0020] 46 69 72 73 74 2D 53 69  74 65 2D 4E 61 6D 65 06  First-Si te-Name. >[0030] 5F 73 69 74 65 73 02 64  63 06 5F 6D 73 64 63 73  _sites.d c._msdcs >[0040] 06 44 43 32 30 32 32 04  54 45 53 54 00 00 21 00  .DC2022. TEST..!. >[0050] 01                                                 . >[0000] 58 E1 85 80 00 01 00 01  00 00 00 01 05 5F 6C 64  X....... ....._ld >[0010] 61 70 04 5F 74 63 70 17  44 65 66 61 75 6C 74 2D  ap._tcp. Default- >[0020] 46 69 72 73 74 2D 53 69  74 65 2D 4E 61 6D 65 06  First-Si te-Name. >[0030] 5F 73 69 74 65 73 02 64  63 06 5F 6D 73 64 63 73  _sites.d c._msdcs >[0040] 06 44 43 32 30 32 32 04  54 45 53 54 00 00 21 00  .DC2022. TEST..!. >[0050] 01 C0 0C 00 21 00 01 00  00 02 58 00 23 00 00 00  ....!... ..X.#... >[0060] 64 01 85 0F 77 69 6E 2D  38 34 31 70 76 34 68 65  d...win- 841pv4he >[0070] 6B 30 6F 06 64 63 32 30  32 32 04 74 65 73 74 00  k0o.dc20 22.test. >[0080] C0 63 00 01 00 01 00 00  0E 10 00 04 0A 05 8B 47  .c...... .......G >LDAP ping to win-841pv4hek0o.dc2022.test (10.5.139.71) >    &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX >       command                 : LOGON_SAM_LOGON_RESPONSE_EX (23) >       sbz                     : 0x0000 (0) >       server_type             : 0x0007f3fd (521213) >              1: NBT_SERVER_PDC >              1: NBT_SERVER_GC >              1: NBT_SERVER_LDAP >              1: NBT_SERVER_DS >              1: NBT_SERVER_KDC >              1: NBT_SERVER_TIMESERV >              1: NBT_SERVER_CLOSEST >              1: NBT_SERVER_WRITABLE >              1: NBT_SERVER_GOOD_TIMESERV >              0: NBT_SERVER_NDNC >              0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 >              1: NBT_SERVER_FULL_SECRET_DOMAIN_6 >              1: NBT_SERVER_ADS_WEB_SERVICE >              1: NBT_SERVER_DS_8 >              1: NBT_SERVER_DS_9 >              1: NBT_SERVER_DS_10 >              0: NBT_SERVER_HAS_DNS_NAME >              0: NBT_SERVER_IS_DEFAULT_NC >              0: NBT_SERVER_FOREST_ROOT >       domain_uuid             : 15a99073-0553-41da-9071-ff8270e0cf35 >       forest                  : 'dc2022.test' >       dns_domain              : 'dc2022.test' >       pdc_dns_name            : 'WIN-841PV4HEK0O.dc2022.test' >       domain_name             : 'DC2022' >       pdc_name                : 'WIN-841PV4HEK0O' >       user_name               : '' >       server_site             : 'Default-First-Site-Name' >       client_site             : 'Default-First-Site-Name' >       sockaddr_size           : 0x00 (0) >       sockaddr: struct nbt_sockaddr >           sockaddr_family         : 0x00000000 (0) >           pdc_ip                  : (null) >           remaining               : DATA_BLOB length=0 >       next_closest_site       : NULL >       nt_version              : 0x00000005 (5) >              1: NETLOGON_NT_VERSION_1 >              0: NETLOGON_NT_VERSION_5 >              1: NETLOGON_NT_VERSION_5EX >              0: NETLOGON_NT_VERSION_5EX_WITH_IP >              0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE >              0: NETLOGON_NT_VERSION_AVOID_NT4EMUL >              0: NETLOGON_NT_VERSION_PDC >              0: NETLOGON_NT_VERSION_IP >              0: NETLOGON_NT_VERSION_LOCAL >              0: NETLOGON_NT_VERSION_GC >       lmnt_token              : 0xffff (65535) >       lm20_token              : 0xffff (65535) >gencache_set_data_blob: Adding cache entry with key=[DSGETDCNAME/DOMAIN/DC2022] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead) >sitename_store: realm = [DC2022], sitename = [Default-First-Site-Name], expire = [2085923199] >gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead) >gencache_set_data_blob: Adding cache entry with key=[DSGETDCNAME/DOMAIN/DC2022.TEST] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead) >sitename_store: realm = [dc2022.test], sitename = [Default-First-Site-Name], expire = [2085923199] >gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022.TEST] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead) >create_local_private_krb5_conf_for_domain: fname = /usr/local/samba/var/lock/smb_krb5/krb5.conf._JOIN_, realm = DC2022.TEST, domain = _JOIN_ >gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/DC2022.TEST] and timeout=[Thu Jan 1 12:00:00 AM 1970 UTC] (-1697178594 seconds in the past) >saf_fetch: failed to find server for "DC2022.TEST" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up DC2022.TEST#dcdc (sitename Default-First-Site-Name) >resolve_ads: Attempting to resolve KDCs for DC2022.TEST using DNS >resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.DC2022.TEST >dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71 >dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.DC2022.TEST/1/33 via UDP >[0000] 7E 35 01 00 00 01 00 00  00 00 00 00 09 5F 6B 65  ~5...... ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 17 44 65 66 61  rberos._ tcp.Defa >[0020] 75 6C 74 2D 46 69 72 73  74 2D 53 69 74 65 2D 4E  ult-Firs t-Site-N >[0030] 61 6D 65 06 5F 73 69 74  65 73 02 64 63 06 5F 6D  ame._sit es.dc._m >[0040] 73 64 63 73 06 44 43 32  30 32 32 04 54 45 53 54  sdcs.DC2 022.TEST >[0050] 00 00 21 00 01                                     ..!.. >[0000] 7E 35 85 80 00 01 00 01  00 00 00 01 09 5F 6B 65  ~5...... ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 17 44 65 66 61  rberos._ tcp.Defa >[0020] 75 6C 74 2D 46 69 72 73  74 2D 53 69 74 65 2D 4E  ult-Firs t-Site-N >[0030] 61 6D 65 06 5F 73 69 74  65 73 02 64 63 06 5F 6D  ame._sit es.dc._m >[0040] 73 64 63 73 06 44 43 32  30 32 32 04 54 45 53 54  sdcs.DC2 022.TEST >[0050] 00 00 21 00 01 C0 0C 00  21 00 01 00 00 02 58 00  ..!..... !.....X. >[0060] 23 00 00 00 64 00 58 0F  77 69 6E 2D 38 34 31 70  #...d.X. win-841p >[0070] 76 34 68 65 6B 30 6F 06  64 63 32 30 32 32 04 74  v4hek0o. dc2022.t >[0080] 65 73 74 00 C0 67 00 01  00 01 00 00 0E 10 00 04  est..g.. ........ >[0090] 0A 05 8B 47                                        ...G >resolve_ads: SRV lookup DC2022.TEST got IP[0] 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.5.139.71 >get_dc_list: Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain DC2022.TEST server 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.5.139.71 >get_kdc_ip_string: got 1 addresses from site Default-First-Site-Name search >saf_fetch: failed to find server for "DC2022.TEST" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up DC2022.TEST#dcdc (sitename (null)) >resolve_ads: Attempting to resolve KDCs for DC2022.TEST using DNS >resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.DC2022.TEST >dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71 >dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.dc._msdcs.DC2022.TEST/1/33 via UDP >[0000] 11 14 01 00 00 01 00 00  00 00 00 00 09 5F 6B 65  ........ ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 02 64 63 06 5F  rberos._ tcp.dc._ >[0020] 6D 73 64 63 73 06 44 43  32 30 32 32 04 54 45 53  msdcs.DC 2022.TES >[0030] 54 00 00 21 00 01                                  T..!.. >[0000] 11 14 85 80 00 01 00 01  00 00 00 01 09 5F 6B 65  ........ ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 02 64 63 06 5F  rberos._ tcp.dc._ >[0020] 6D 73 64 63 73 06 44 43  32 30 32 32 04 54 45 53  msdcs.DC 2022.TES >[0030] 54 00 00 21 00 01 C0 0C  00 21 00 01 00 00 02 58  T..!.... .!.....X >[0040] 00 23 00 00 00 64 00 58  0F 77 69 6E 2D 38 34 31  .#...d.X .win-841 >[0050] 70 76 34 68 65 6B 30 6F  06 64 63 32 30 32 32 04  pv4hek0o .dc2022. >[0060] 74 65 73 74 00 C0 48 00  01 00 01 00 00 0E 10 00  test..H. ........ >[0070] 04 0A 05 8B 47                                     ....G >resolve_ads: SRV lookup DC2022.TEST got IP[0] 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.5.139.71 >get_dc_list: Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain DC2022.TEST server 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.5.139.71 >get_kdc_ip_string: got 1 addresses from site-less search >get_kdc_ip_string: 0 additional KDCs to test >get_kdc_ip_string: Returning >                       kdc = 10.5.139.71 > >create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf._JOIN_ with realm DC2022.TEST KDC list: >                       kdc = 10.5.139.71 > >sitename_fetch: Returning sitename for realm 'DC2022.TEST': "Default-First-Site-Name" >internal_resolve_name: looking up WIN-841PV4HEK0O.dc2022.test#20 (sitename Default-First-Site-Name) >gencache_set_data_blob: Adding cache entry with key=[NBT/WIN-841PV4HEK0O.DC2022.TEST#20] and timeout=[Thu Jan 1 12:00:00 AM 1970 UTC] (-1697178594 seconds in the past) >namecache_fetch: no entry for WIN-841PV4HEK0O.dc2022.test#20 found. >resolve_hosts: Attempting host lookup for name WIN-841PV4HEK0O.dc2022.test<0x20> >remove_duplicate_addrs2: looking for duplicate address/port pairs >namecache_store: storing 1 address for WIN-841PV4HEK0O.dc2022.test#20: 10.5.139.71 >gencache_set_data_blob: Adding cache entry with key=[NBT/WIN-841PV4HEK0O.DC2022.TEST#20] and timeout=[Fri Oct 13 06:40:54 AM 2023 UTC] (660 seconds ahead) >internal_resolve_name: returning 1 addresses: 10.5.139.71 >Connecting to 10.5.139.71 at port 445 >socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 >cli_session_creds_prepare_krb5: Doing kinit for Administrator@DC2022.TEST to access WIN-841PV4HEK0O.dc2022.test >kerberos_kinit_password_ext: as Administrator@DC2022.TEST using [MEMORY:cliconnect] as ccache and config [/usr/local/samba/var/lock/smb_krb5/krb5.conf._JOIN_] >kerberos_kinit_password_ext: Administrator@DC2022.TEST mapped to Administrator@DC2022.TEST >cli_session_creds_prepare_krb5: Successfully authenticated as Administrator@DC2022.TEST (Administrator@DC2022.TEST) to access WIN-841PV4HEK0O.dc2022.test using Kerberos >cli_session_setup_spnego_send: Connect to WIN-841PV4HEK0O.dc2022.test as Administrator@DC2022.TEST using SPNEGO >GENSEC backend 'gssapi_spnego' registered >GENSEC backend 'gssapi_krb5' registered >GENSEC backend 'gssapi_krb5_sasl' registered >GENSEC backend 'spnego' registered >GENSEC backend 'schannel' registered >GENSEC backend 'ncalrpc_as_system' registered >GENSEC backend 'sasl-EXTERNAL' registered >GENSEC backend 'ntlmssp' registered >GENSEC backend 'ntlmssp_resume_ccache' registered >GENSEC backend 'http_basic' registered >GENSEC backend 'http_ntlm' registered >GENSEC backend 'http_negotiate' registered >GENSEC backend 'krb5' registered >GENSEC backend 'fake_gssapi_krb5' registered >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >gensec_update_send: gse_krb5[0x5561ecc7bef0]: subreq: 0x5561ecc5b0a0 >gensec_update_send: spnego[0x5561ecc76a60]: subreq: 0x5561ecc83c90 >gensec_update_done: gse_krb5[0x5561ecc7bef0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc5b0a0/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x5561ecc5b280)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:906] >gensec_update_done: spnego[0x5561ecc76a60]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc83c90/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5561ecc83e70)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] >gensec_update_send: gse_krb5[0x5561ecc7bef0]: subreq: 0x5561ecc7b910 >gensec_update_send: spnego[0x5561ecc76a60]: subreq: 0x5561ecc83c90 >gensec_update_done: gse_krb5[0x5561ecc7bef0]: NT_STATUS_OK tevent_req[0x5561ecc7b910/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x5561ecc7baf0)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:913] >gensec_update_done: spnego[0x5561ecc76a60]: NT_STATUS_OK tevent_req[0x5561ecc83c90/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5561ecc83e70)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] >signed SMB2 message (sign_algo_id=2) >signed SMB2 message (sign_algo_id=2) >Bind RPC Pipe: host WIN-841PV4HEK0O.dc2022.test auth_type 0, auth_level 1 >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_BIND (11) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0048 (72) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000001 (1) >       u                       : union dcerpc_payload(case 11) >       bind: struct dcerpc_bind >           max_xmit_frag           : 0x10b8 (4280) >           max_recv_frag           : 0x10b8 (4280) >           assoc_group_id          : 0x00000000 (0) >           num_contexts            : 0x01 (1) >           ctx_list: ARRAY(1) >               ctx_list: struct dcerpc_ctx_list >                   context_id              : 0x0000 (0) >                   num_transfer_syntaxes   : 0x01 (1) >                   abstract_syntax: struct ndr_syntax_id >                       uuid                    : 12345778-1234-abcd-ef00-0123456789ab >                       if_version              : 0x00000000 (0) >                   transfer_syntaxes: ARRAY(1) >                       transfer_syntaxes: struct ndr_syntax_id >                           uuid                    : 8a885d04-1ceb-11c9-9fe8-08002b104860 >                           if_version              : 0x00000002 (2) >           auth_info               : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 52 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_BIND_ACK (12) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0044 (68) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000001 (1) >       u                       : union dcerpc_payload(case 12) >       bind_ack: struct dcerpc_bind_ack >           max_xmit_frag           : 0x10b8 (4280) >           max_recv_frag           : 0x10b8 (4280) >           assoc_group_id          : 0x0000310c (12556) >           secondary_address_size  : 0x000c (12) >           secondary_address       : '\pipe\lsass' >           _pad1                   : DATA_BLOB length=2 >[0000] 00 00                                              .. >           num_results             : 0x01 (1) >           ctx_list: ARRAY(1) >               ctx_list: struct dcerpc_ack_ctx >                   result                  : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) >                   reason                  : union dcerpc_bind_ack_reason(case 0) >                   value                   : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) >                   syntax: struct ndr_syntax_id >                       uuid                    : 8a885d04-1ceb-11c9-9fe8-08002b104860 >                       if_version              : 0x00000002 (2) >           auth_info               : DATA_BLOB length=0 >rpc_api_pipe_got_pdu: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine WIN-841PV4HEK0O.dc2022.test and bound anonymously. >    lsa_OpenPolicy: struct lsa_OpenPolicy >       in: struct lsa_OpenPolicy >           system_name             : * >               system_name             : 0x005c (92) >           attr                    : * >               attr: struct lsa_ObjectAttribute >                   len                     : 0x00000018 (24) >                   root_dir                : NULL >                   object_name             : NULL >                   attributes              : 0x00000000 (0) >                   sec_desc                : NULL >                   sec_qos                 : * >                       sec_qos: struct lsa_QosInfo >                           len                     : 0x0000000c (12) >                           impersonation_level     : 0x0002 (2) >                           context_mode            : 0x01 (1) >                           effective_only          : 0x00 (0) >           access_mask             : 0x02000000 (33554432) >                  0: LSA_POLICY_VIEW_LOCAL_INFORMATION >                  0: LSA_POLICY_VIEW_AUDIT_INFORMATION >                  0: LSA_POLICY_GET_PRIVATE_INFORMATION >                  0: LSA_POLICY_TRUST_ADMIN >                  0: LSA_POLICY_CREATE_ACCOUNT >                  0: LSA_POLICY_CREATE_SECRET >                  0: LSA_POLICY_CREATE_PRIVILEGE >                  0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS >                  0: LSA_POLICY_SET_AUDIT_REQUIREMENTS >                  0: LSA_POLICY_AUDIT_LOG_ADMIN >                  0: LSA_POLICY_SERVER_ADMIN >                  0: LSA_POLICY_LOOKUP_NAMES >                  0: LSA_POLICY_NOTIFICATION >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000002 (2) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x0000002c (44) >           context_id              : 0x0000 (0) >           opnum                   : 0x0006 (6) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000002 (2) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 6C CE 31 9A  1A 30 0A 4F 94 54 2B 38  ....l.1. .0.O.T+8 >[0010] AB 1B 7F 35 00 00 00 00                            ...5.... >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    lsa_OpenPolicy: struct lsa_OpenPolicy >       out: struct lsa_OpenPolicy >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 9a31ce6c-301a-4f0a-9454-2b38ab1b7f35 >           result                  : NT_STATUS_OK >    lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 >       in: struct lsa_QueryInfoPolicy2 >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 9a31ce6c-301a-4f0a-9454-2b38ab1b7f35 >           level                   : LSA_POLICY_INFO_DNS (12) >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000003 (3) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000016 (22) >           context_id              : 0x0000 (0) >           opnum                   : 0x002e (46) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 188 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x00cc (204) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000003 (3) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x000000b4 (180) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=180 >[0000] 00 00 02 00 0C 00 00 00  0C 00 0E 00 04 00 02 00  ........ ........ >[0010] 16 00 18 00 08 00 02 00  16 00 18 00 0C 00 02 00  ........ ........ >[0020] 73 90 A9 15 53 05 DA 41  90 71 FF 82 70 E0 CF 35  s...S..A .q..p..5 >[0030] 10 00 02 00 07 00 00 00  00 00 00 00 06 00 00 00  ........ ........ >[0040] 44 00 43 00 32 00 30 00  32 00 32 00 0C 00 00 00  D.C.2.0. 2.2..... >[0050] 00 00 00 00 0B 00 00 00  64 00 63 00 32 00 30 00  ........ d.c.2.0. >[0060] 32 00 32 00 2E 00 74 00  65 00 73 00 74 00 00 00  2.2...t. e.s.t... >[0070] 0C 00 00 00 00 00 00 00  0B 00 00 00 64 00 63 00  ........ ....d.c. >[0080] 32 00 30 00 32 00 32 00  2E 00 74 00 65 00 73 00  2.0.2.2. ..t.e.s. >[0090] 74 00 00 00 04 00 00 00  01 04 00 00 00 00 00 05  t....... ........ >[00A0] 15 00 00 00 00 2B C4 AC  2C 49 C2 ED A3 C0 51 A1  .....+.. ,I....Q. >[00B0] 00 00 00 00                                        .... >Got pdu len 204, data_len 180 >rpc_api_pipe_got_pdu: got frag len of 204 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 180 bytes. >    lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 >       out: struct lsa_QueryInfoPolicy2 >           info                    : * >               info                    : * >                   info                    : union lsa_PolicyInformation(case 12) >                   dns: struct lsa_DnsDomainInfo >                       name: struct lsa_StringLarge >                           length                  : 0x000c (12) >                           size                    : 0x000e (14) >                           string                  : * >                               string                  : 'DC2022' >                       dns_domain: struct lsa_StringLarge >                           length                  : 0x0016 (22) >                           size                    : 0x0018 (24) >                           string                  : * >                               string                  : 'dc2022.test' >                       dns_forest: struct lsa_StringLarge >                           length                  : 0x0016 (22) >                           size                    : 0x0018 (24) >                           string                  : * >                               string                  : 'dc2022.test' >                       domain_guid             : 15a99073-0553-41da-9071-ff8270e0cf35 >                       sid                     : * >                           sid                     : S-1-5-21-2898537216-3988932908-2706489507 >           result                  : NT_STATUS_OK >    lsa_Close: struct lsa_Close >       in: struct lsa_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 9a31ce6c-301a-4f0a-9454-2b38ab1b7f35 >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000004 (4) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000014 (20) >           context_id              : 0x0000 (0) >           opnum                   : 0x0000 (0) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000004 (4) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........ >[0010] 00 00 00 00 00 00 00 00                            ........ >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    lsa_Close: struct lsa_Close >       out: struct lsa_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 00000000-0000-0000-0000-000000000000 >           result                  : NT_STATUS_OK >signed SMB2 message (sign_algo_id=2) >create_local_private_krb5_conf_for_domain: fname = /usr/local/samba/var/lock/smb_krb5/krb5.conf.DC2022, realm = dc2022.test, domain = DC2022 >saf_fetch: failed to find server for "dc2022.test" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up dc2022.test#dcdc (sitename Default-First-Site-Name) >resolve_ads: Attempting to resolve KDCs for dc2022.test using DNS >resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.dc2022.test >dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71 >dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dc2022.test/1/33 via UDP >[0000] C2 ED 01 00 00 01 00 00  00 00 00 00 09 5F 6B 65  ........ ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 17 44 65 66 61  rberos._ tcp.Defa >[0020] 75 6C 74 2D 46 69 72 73  74 2D 53 69 74 65 2D 4E  ult-Firs t-Site-N >[0030] 61 6D 65 06 5F 73 69 74  65 73 02 64 63 06 5F 6D  ame._sit es.dc._m >[0040] 73 64 63 73 06 64 63 32  30 32 32 04 74 65 73 74  sdcs.dc2 022.test >[0050] 00 00 21 00 01                                     ..!.. >[0000] C2 ED 85 80 00 01 00 01  00 00 00 01 09 5F 6B 65  ........ ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 17 44 65 66 61  rberos._ tcp.Defa >[0020] 75 6C 74 2D 46 69 72 73  74 2D 53 69 74 65 2D 4E  ult-Firs t-Site-N >[0030] 61 6D 65 06 5F 73 69 74  65 73 02 64 63 06 5F 6D  ame._sit es.dc._m >[0040] 73 64 63 73 06 64 63 32  30 32 32 04 74 65 73 74  sdcs.dc2 022.test >[0050] 00 00 21 00 01 C0 0C 00  21 00 01 00 00 02 58 00  ..!..... !.....X. >[0060] 23 00 00 00 64 00 58 0F  77 69 6E 2D 38 34 31 70  #...d.X. win-841p >[0070] 76 34 68 65 6B 30 6F 06  64 63 32 30 32 32 04 74  v4hek0o. dc2022.t >[0080] 65 73 74 00 C0 67 00 01  00 01 00 00 0E 10 00 04  est..g.. ........ >[0090] 0A 05 8B 47                                        ...G >resolve_ads: SRV lookup dc2022.test got IP[0] 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.5.139.71 >get_dc_list: Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain dc2022.test server 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.5.139.71 >get_kdc_ip_string: got 1 addresses from site Default-First-Site-Name search >saf_fetch: failed to find server for "dc2022.test" domain >get_dc_list: preferred server list: ", *" >internal_resolve_name: looking up dc2022.test#dcdc (sitename (null)) >resolve_ads: Attempting to resolve KDCs for dc2022.test using DNS >resolve_ads: SRV query for _kerberos._tcp.dc._msdcs.dc2022.test >dns_lookup_send_next: Sending DNS request #0 to 10.5.139.71 >dns_cli_request_send: Asking 10.5.139.71 for _kerberos._tcp.dc._msdcs.dc2022.test/1/33 via UDP >[0000] A8 C9 01 00 00 01 00 00  00 00 00 00 09 5F 6B 65  ........ ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 02 64 63 06 5F  rberos._ tcp.dc._ >[0020] 6D 73 64 63 73 06 64 63  32 30 32 32 04 74 65 73  msdcs.dc 2022.tes >[0030] 74 00 00 21 00 01                                  t..!.. >[0000] A8 C9 85 80 00 01 00 01  00 00 00 01 09 5F 6B 65  ........ ....._ke >[0010] 72 62 65 72 6F 73 04 5F  74 63 70 02 64 63 06 5F  rberos._ tcp.dc._ >[0020] 6D 73 64 63 73 06 64 63  32 30 32 32 04 74 65 73  msdcs.dc 2022.tes >[0030] 74 00 00 21 00 01 C0 0C  00 21 00 01 00 00 02 58  t..!.... .!.....X >[0040] 00 23 00 00 00 64 00 58  0F 77 69 6E 2D 38 34 31  .#...d.X .win-841 >[0050] 70 76 34 68 65 6B 30 6F  06 64 63 32 30 32 32 04  pv4hek0o .dc2022. >[0060] 74 65 73 74 00 C0 48 00  01 00 01 00 00 0E 10 00  test..H. ........ >[0070] 04 0A 05 8B 47                                     ....G >resolve_ads: SRV lookup dc2022.test got IP[0] 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >internal_resolve_name: returning 1 addresses: 10.5.139.71 >get_dc_list: Adding 1 DC's from auto lookup >check_negative_conn_cache returning result 0 for domain dc2022.test server 10.5.139.71 >remove_duplicate_addrs2: looking for duplicate address/port pairs >get_dc_list: returning 1 ip addresses in an ordered list >get_dc_list: 10.5.139.71 >get_kdc_ip_string: got 1 addresses from site-less search >get_kdc_ip_string: 0 additional KDCs to test >get_kdc_ip_string: Returning >                       kdc = 10.5.139.71 > >create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.DC2022 with realm DC2022.TEST KDC list: >                       kdc = 10.5.139.71 > >sitename_fetch: Returning sitename for realm 'DC2022.TEST': "Default-First-Site-Name" >internal_resolve_name: looking up WIN-841PV4HEK0O.dc2022.test#20 (sitename Default-First-Site-Name) >namecache_fetch: name WIN-841PV4HEK0O.dc2022.test#20 found. >remove_duplicate_addrs2: looking for duplicate address/port pairs >ads_try_connect: ads_try_connect: sending CLDAP request to 10.5.139.71 (realm: dc2022.test) >    &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX >       command                 : LOGON_SAM_LOGON_RESPONSE_EX (23) >       sbz                     : 0x0000 (0) >       server_type             : 0x0007f3fd (521213) >              1: NBT_SERVER_PDC >              1: NBT_SERVER_GC >              1: NBT_SERVER_LDAP >              1: NBT_SERVER_DS >              1: NBT_SERVER_KDC >              1: NBT_SERVER_TIMESERV >              1: NBT_SERVER_CLOSEST >              1: NBT_SERVER_WRITABLE >              1: NBT_SERVER_GOOD_TIMESERV >              0: NBT_SERVER_NDNC >              0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 >              1: NBT_SERVER_FULL_SECRET_DOMAIN_6 >              1: NBT_SERVER_ADS_WEB_SERVICE >              1: NBT_SERVER_DS_8 >              1: NBT_SERVER_DS_9 >              1: NBT_SERVER_DS_10 >              0: NBT_SERVER_HAS_DNS_NAME >              0: NBT_SERVER_IS_DEFAULT_NC >              0: NBT_SERVER_FOREST_ROOT >       domain_uuid             : 15a99073-0553-41da-9071-ff8270e0cf35 >       forest                  : 'dc2022.test' >       dns_domain              : 'dc2022.test' >       pdc_dns_name            : 'WIN-841PV4HEK0O.dc2022.test' >       domain_name             : 'DC2022' >       pdc_name                : 'WIN-841PV4HEK0O' >       user_name               : '' >       server_site             : 'Default-First-Site-Name' >       client_site             : 'Default-First-Site-Name' >       sockaddr_size           : 0x00 (0) >       sockaddr: struct nbt_sockaddr >           sockaddr_family         : 0x00000000 (0) >           pdc_ip                  : (null) >           remaining               : DATA_BLOB length=0 >       next_closest_site       : NULL >       nt_version              : 0x00000005 (5) >              1: NETLOGON_NT_VERSION_1 >              0: NETLOGON_NT_VERSION_5 >              1: NETLOGON_NT_VERSION_5EX >              0: NETLOGON_NT_VERSION_5EX_WITH_IP >              0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE >              0: NETLOGON_NT_VERSION_AVOID_NT4EMUL >              0: NETLOGON_NT_VERSION_PDC >              0: NETLOGON_NT_VERSION_IP >              0: NETLOGON_NT_VERSION_LOCAL >              0: NETLOGON_NT_VERSION_GC >       lmnt_token              : 0xffff (65535) >       lm20_token              : 0xffff (65535) >sitename_store: realm = [DC2022], sitename = [Default-First-Site-Name], expire = [2085923199] >gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead) >sitename_store: realm = [dc2022.test], sitename = [Default-First-Site-Name], expire = [2085923199] >gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/DC2022.TEST] and timeout=[Wed Dec 31 11:59:59 PM -2147481749 UTC] (67768034494498205 seconds ahead) >Successfully contacted LDAP server 10.5.139.71 >Opening connection to LDAP server 'WIN-841PV4HEK0O.dc2022.test:389', timeout 15 seconds >Connecting to 10.5.139.71 at port 389 >Initialized connection for LDAP server 'ldap://WIN-841PV4HEK0O.dc2022.test:389' >Connected to LDAP server WIN-841PV4HEK0O.dc2022.test >ads_closest_dc: NBT_SERVER_CLOSEST flag set >saf_store: domain = [DC2022], server = [WIN-841PV4HEK0O.dc2022.test], expire = [1697179494] >gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/DC2022] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead) >saf_store: domain = [dc2022.test], server = [WIN-841PV4HEK0O.dc2022.test], expire = [1697179494] >gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/DC2022.TEST] and timeout=[Fri Oct 13 06:44:54 AM 2023 UTC] (900 seconds ahead) >KDC time offset is 6 seconds >Found SASL mechanism GSS-SPNEGO >ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 >ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >kerberos_kinit_password_ext: as Administrator@DC2022.TEST using [MEMORY:cliconnect] as ccache and config [/usr/local/samba/var/lock/smb_krb5/krb5.conf.DC2022] >kerberos_kinit_password_ext: Administrator@DC2022.TEST mapped to Administrator@DC2022.TEST >Starting GENSEC mechanism spnego >Starting GENSEC submechanism gse_krb5 >gensec_update_send: gse_krb5[0x5561ecc76a60]: subreq: 0x5561ecc5b0a0 >gensec_update_send: spnego[0x5561ecc7bef0]: subreq: 0x5561ecc89c50 >gensec_update_done: gse_krb5[0x5561ecc76a60]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc5b0a0/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x5561ecc5b280)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:906] >gensec_update_done: spnego[0x5561ecc7bef0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5561ecc89c50/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5561ecc89e30)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] >gensec_update_send: gse_krb5[0x5561ecc76a60]: subreq: 0x5561ecc5b0a0 >gensec_update_send: spnego[0x5561ecc7bef0]: subreq: 0x5561ecc89c50 >gensec_update_done: gse_krb5[0x5561ecc76a60]: NT_STATUS_OK tevent_req[0x5561ecc5b0a0/../../source3/librpc/crypto/gse.c:895]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x5561ecc5b280)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:913] >gensec_update_done: spnego[0x5561ecc7bef0]: NT_STATUS_OK tevent_req[0x5561ecc89c50/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5561ecc89e30)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] >gensec_gse_unwrap: GSS UnWrap failed: A token was invalid: unknown mech-code 0 for mech 1 2 840 113554 1 2 2 >Failed while searching for: <WKGUID=AA312825768811D1ADED00C04FD8D5CD,dc=DC2022,dc=TEST> >libnet_DomainJoin: Failed to pre-create account in OU cn=Computers,dc=DC2022,dc=TEST: Time limit exceeded >signed SMB2 message (sign_algo_id=2) >Bind RPC Pipe: host WIN-841PV4HEK0O.dc2022.test auth_type 0, auth_level 1 >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_BIND (11) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0048 (72) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000005 (5) >       u                       : union dcerpc_payload(case 11) >       bind: struct dcerpc_bind >           max_xmit_frag           : 0x10b8 (4280) >           max_recv_frag           : 0x10b8 (4280) >           assoc_group_id          : 0x00000000 (0) >           num_contexts            : 0x01 (1) >           ctx_list: ARRAY(1) >               ctx_list: struct dcerpc_ctx_list >                   context_id              : 0x0000 (0) >                   num_transfer_syntaxes   : 0x01 (1) >                   abstract_syntax: struct ndr_syntax_id >                       uuid                    : 12345778-1234-abcd-ef00-0123456789ac >                       if_version              : 0x00000001 (1) >                   transfer_syntaxes: ARRAY(1) >                       transfer_syntaxes: struct ndr_syntax_id >                           uuid                    : 8a885d04-1ceb-11c9-9fe8-08002b104860 >                           if_version              : 0x00000002 (2) >           auth_info               : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 52 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_BIND_ACK (12) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0044 (68) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000005 (5) >       u                       : union dcerpc_payload(case 12) >       bind_ack: struct dcerpc_bind_ack >           max_xmit_frag           : 0x10b8 (4280) >           max_recv_frag           : 0x10b8 (4280) >           assoc_group_id          : 0x0000310d (12557) >           secondary_address_size  : 0x000c (12) >           secondary_address       : '\pipe\lsass' >           _pad1                   : DATA_BLOB length=2 >[0000] 00 00                                              .. >           num_results             : 0x01 (1) >           ctx_list: ARRAY(1) >               ctx_list: struct dcerpc_ack_ctx >                   result                  : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0) >                   reason                  : union dcerpc_bind_ack_reason(case 0) >                   value                   : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0) >                   syntax: struct ndr_syntax_id >                       uuid                    : 8a885d04-1ceb-11c9-9fe8-08002b104860 >                       if_version              : 0x00000002 (2) >           auth_info               : DATA_BLOB length=0 >rpc_api_pipe_got_pdu: got frag len of 68 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 68 bytes. >check_bind_response: accepted! >cli_rpc_pipe_open_noauth: opened pipe samr to machine WIN-841PV4HEK0O.dc2022.test and bound anonymously. >    samr_Connect2: struct samr_Connect2 >       in: struct samr_Connect2 >           system_name             : * >               system_name             : 'WIN-841PV4HEK0O.dc2022.test' >           access_mask             : 0x00000030 (48) >                  0: SAMR_ACCESS_CONNECT_TO_SERVER >                  0: SAMR_ACCESS_SHUTDOWN_SERVER >                  0: SAMR_ACCESS_INITIALIZE_SERVER >                  0: SAMR_ACCESS_CREATE_DOMAIN >                  1: SAMR_ACCESS_ENUM_DOMAINS >                  1: SAMR_ACCESS_LOOKUP_DOMAIN >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000006 (6) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x0000004c (76) >           context_id              : 0x0000 (0) >           opnum                   : 0x0039 (57) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000006 (6) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 D7 6C F5 A3  4D E5 2E 40 81 6E F4 F7  .....l.. M..@.n.. >[0010] 9F 53 65 95 00 00 00 00                            .Se..... >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    samr_Connect2: struct samr_Connect2 >       out: struct samr_Connect2 >           connect_handle          : * >               connect_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : a3f56cd7-e54d-402e-816e-f4f79f536595 >           result                  : NT_STATUS_OK >    samr_OpenDomain: struct samr_OpenDomain >       in: struct samr_OpenDomain >           connect_handle          : * >               connect_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : a3f56cd7-e54d-402e-816e-f4f79f536595 >           access_mask             : 0x00000211 (529) >                  1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 >                  0: SAMR_DOMAIN_ACCESS_SET_INFO_1 >                  0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 >                  0: SAMR_DOMAIN_ACCESS_SET_INFO_2 >                  1: SAMR_DOMAIN_ACCESS_CREATE_USER >                  0: SAMR_DOMAIN_ACCESS_CREATE_GROUP >                  0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS >                  0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS >                  0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS >                  1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT >                  0: SAMR_DOMAIN_ACCESS_SET_INFO_3 >           sid                     : * >               sid                     : S-1-5-21-2898537216-3988932908-2706489507 >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000007 (7) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000034 (52) >           context_id              : 0x0000 (0) >           opnum                   : 0x0007 (7) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000007 (7) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 E8 AF 02 34  6E 67 4F 44 A4 14 F0 5A  .......4 ngOD...Z >[0010] C9 9F D4 F6 00 00 00 00                            ........ >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    samr_OpenDomain: struct samr_OpenDomain >       out: struct samr_OpenDomain >           domain_handle           : * >               domain_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 3402afe8-676e-444f-a414-f05ac99fd4f6 >           result                  : NT_STATUS_OK >Creating account with desired access mask: -536543056 >    samr_CreateUser2: struct samr_CreateUser2 >       in: struct samr_CreateUser2 >           domain_handle           : * >               domain_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 3402afe8-676e-444f-a414-f05ac99fd4f6 >           account_name            : * >               account_name: struct lsa_String >                   length                  : 0x0018 (24) >                   size                    : 0x0018 (24) >                   string                  : * >                       string                  : 'oak-vcs1307$' >           acct_flags              : 0x00000080 (128) >                  0: ACB_DISABLED >                  0: ACB_HOMDIRREQ >                  0: ACB_PWNOTREQ >                  0: ACB_TEMPDUP >                  0: ACB_NORMAL >                  0: ACB_MNS >                  0: ACB_DOMTRUST >                  1: ACB_WSTRUST >                  0: ACB_SVRTRUST >                  0: ACB_PWNOEXP >                  0: ACB_AUTOLOCK >                  0: ACB_ENC_TXT_PWD_ALLOWED >                  0: ACB_SMARTCARD_REQUIRED >                  0: ACB_TRUSTED_FOR_DELEGATION >                  0: ACB_NOT_DELEGATED >                  0: ACB_USE_DES_KEY_ONLY >                  0: ACB_DONT_REQUIRE_PREAUTH >                  0: ACB_PW_EXPIRED >                  0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION >                  0: ACB_NO_AUTH_DATA_REQD >                  0: ACB_PARTIAL_SECRETS_ACCOUNT >                  0: ACB_USE_AES_KEYS >           access_mask             : 0xe00500b0 (3758424240) >                  0: SAMR_USER_ACCESS_GET_NAME_ETC >                  0: SAMR_USER_ACCESS_GET_LOCALE >                  0: SAMR_USER_ACCESS_SET_LOC_COM >                  0: SAMR_USER_ACCESS_GET_LOGONINFO >                  1: SAMR_USER_ACCESS_GET_ATTRIBUTES >                  1: SAMR_USER_ACCESS_SET_ATTRIBUTES >                  0: SAMR_USER_ACCESS_CHANGE_PASSWORD >                  1: SAMR_USER_ACCESS_SET_PASSWORD >                  0: SAMR_USER_ACCESS_GET_GROUPS >                  0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP >                  0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000008 (8) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000048 (72) >           context_id              : 0x0000 (0) >           opnum                   : 0x0032 (50) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 40 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0038 (56) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000008 (8) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000020 (32) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=32 >[0000] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........ >[0010] 00 00 00 00 00 00 00 00  00 00 00 00 63 00 00 C0  ........ ....c... >Got pdu len 56, data_len 32 >rpc_api_pipe_got_pdu: got frag len of 56 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 32 bytes. >    samr_CreateUser2: struct samr_CreateUser2 >       out: struct samr_CreateUser2 >           user_handle             : * >               user_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 00000000-0000-0000-0000-000000000000 >           access_granted          : * >               access_granted          : 0x00000000 (0) >           rid                     : * >               rid                     : 0x00000000 (0) >           result                  : NT_STATUS_USER_EXISTS >    samr_LookupNames: struct samr_LookupNames >       in: struct samr_LookupNames >           domain_handle           : * >               domain_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 3402afe8-676e-444f-a414-f05ac99fd4f6 >           num_names               : 0x00000001 (1) >           names: ARRAY(1) >               names: struct lsa_String >                   length                  : 0x0018 (24) >                   size                    : 0x0018 (24) >                   string                  : * >                       string                  : 'oak-vcs1307$' >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000009 (9) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000050 (80) >           context_id              : 0x0000 (0) >           opnum                   : 0x0011 (17) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 44 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x003c (60) >       auth_length             : 0x0000 (0) >       call_id                 : 0x00000009 (9) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000024 (36) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=36 >[0000] 01 00 00 00 00 00 02 00  01 00 00 00 59 04 00 00  ........ ....Y... >[0010] 01 00 00 00 04 00 02 00  01 00 00 00 01 00 00 00  ........ ........ >[0020] 00 00 00 00                                        .... >Got pdu len 60, data_len 36 >rpc_api_pipe_got_pdu: got frag len of 60 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 36 bytes. >    samr_LookupNames: struct samr_LookupNames >       out: struct samr_LookupNames >           rids                    : * >               rids: struct samr_Ids >                   count                   : 0x00000001 (1) >                   ids                     : * >                       ids: ARRAY(1) >                           ids                     : 0x00000459 (1113) >           types                   : * >               types: struct samr_Ids >                   count                   : 0x00000001 (1) >                   ids                     : * >                       ids: ARRAY(1) >                           ids                     : 0x00000001 (1) >           result                  : NT_STATUS_OK >    samr_OpenUser: struct samr_OpenUser >       in: struct samr_OpenUser >           domain_handle           : * >               domain_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 3402afe8-676e-444f-a414-f05ac99fd4f6 >           access_mask             : 0x02000000 (33554432) >                  0: SAMR_USER_ACCESS_GET_NAME_ETC >                  0: SAMR_USER_ACCESS_GET_LOCALE >                  0: SAMR_USER_ACCESS_SET_LOC_COM >                  0: SAMR_USER_ACCESS_GET_LOGONINFO >                  0: SAMR_USER_ACCESS_GET_ATTRIBUTES >                  0: SAMR_USER_ACCESS_SET_ATTRIBUTES >                  0: SAMR_USER_ACCESS_CHANGE_PASSWORD >                  0: SAMR_USER_ACCESS_SET_PASSWORD >                  0: SAMR_USER_ACCESS_GET_GROUPS >                  0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP >                  0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP >           rid                     : 0x00000459 (1113) >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000a (10) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x0000001c (28) >           context_id              : 0x0000 (0) >           opnum                   : 0x0022 (34) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000a (10) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 53 71 BA C4  B1 EB D5 4D BA D5 73 8B  ....Sq.. ...M..s. >[0010] DB 6E 62 7A 00 00 00 00                            .nbz.... >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    samr_OpenUser: struct samr_OpenUser >       out: struct samr_OpenUser >           user_handle             : * >               user_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a >           result                  : NT_STATUS_OK >    samr_SetUserInfo2: struct samr_SetUserInfo2 >       in: struct samr_SetUserInfo2 >           user_handle             : * >               user_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a >           level                   : UserControlInformation (16) >           info                    : * >               info                    : union samr_UserInfo(case 16) >               info16: struct samr_UserInfo16 >                   acct_flags              : 0x00000280 (640) >                          0: ACB_DISABLED >                          0: ACB_HOMDIRREQ >                          0: ACB_PWNOTREQ >                          0: ACB_TEMPDUP >                          0: ACB_NORMAL >                          0: ACB_MNS >                          0: ACB_DOMTRUST >                          1: ACB_WSTRUST >                          0: ACB_SVRTRUST >                          1: ACB_PWNOEXP >                          0: ACB_AUTOLOCK >                          0: ACB_ENC_TXT_PWD_ALLOWED >                          0: ACB_SMARTCARD_REQUIRED >                          0: ACB_TRUSTED_FOR_DELEGATION >                          0: ACB_NOT_DELEGATED >                          0: ACB_USE_DES_KEY_ONLY >                          0: ACB_DONT_REQUIRE_PREAUTH >                          0: ACB_PW_EXPIRED >                          0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION >                          0: ACB_NO_AUTH_DATA_REQD >                          0: ACB_PARTIAL_SECRETS_ACCOUNT >                          0: ACB_USE_AES_KEYS >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000b (11) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x0000001c (28) >           context_id              : 0x0000 (0) >           opnum                   : 0x003a (58) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 12 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x001c (28) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000b (11) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000004 (4) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=4 >[0000] 00 00 00 00                                        .... >Got pdu len 28, data_len 4 >rpc_api_pipe_got_pdu: got frag len of 28 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 4 bytes. >    samr_SetUserInfo2: struct samr_SetUserInfo2 >       out: struct samr_SetUserInfo2 >           result                  : NT_STATUS_OK >    samr_SetUserInfo2: struct samr_SetUserInfo2 >       in: struct samr_SetUserInfo2 >           user_handle             : * >               user_handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a >           level                   : UserInternal5InformationNew (26) >           info                    : * >               info                    : union samr_UserInfo(case 26) >               info26: struct samr_UserInfo26 >                   password: struct samr_CryptPasswordEx >                       data: ARRAY(532) >[0000] 76 F6 AC CC DA 4B 9E 57  24 3A C3 14 AB 80 24 C7  v....K.W $:....$. >[0010] 5C BA 96 98 00 5F D6 B8  F3 DF 53 2E 2F 53 50 0B  \...._.. ..S./SP. >[0020] A8 F3 02 73 BA 11 15 0D  11 23 6D EC 55 4B DD 08  ...s.... .#m.UK.. >[0030] B2 4E 97 03 2D 2E 21 A5  58 60 0C 29 79 05 80 CB  .N..-.!. X`.)y... >[0040] 1C DA 35 7E 7F 5E 86 14  2F E8 94 24 35 01 A8 13  ..5~.^.. /..$5... >[0050] C6 18 9E ED D6 46 10 B3  ED F6 D9 00 12 DE F5 0E  .....F.. ........ >[0060] 1D 44 86 AB E8 87 7D 99  26 31 FF 08 F6 9E 38 F9  .D....}. &1....8. >[0070] 72 24 8F 30 4F 97 A3 B7  F2 7B 0F 96 84 60 37 80  r$.0O... .{...`7. >[0080] 90 C8 E6 D3 C2 AF B1 E1  A6 44 B0 55 A3 D8 28 18  ........ .D.U..(. >[0090] 85 7D 49 5E 7E BB FC C5  B7 75 FB FE 38 24 60 E4  .}I^~... .u..8$`. >[00A0] 6E B1 12 9D C1 29 38 E4  15 3C 68 79 1C 6B 05 03  n....)8. .<hy.k.. >[00B0] 07 EA 9C E3 4E EF 49 2D  53 2F 98 CA 89 1E 51 8A  ....N.I- S/....Q. >[00C0] 4C 33 FE EC A7 B7 A6 6D  7A 29 28 04 F4 B4 14 43  L3.....m z)(....C >[00D0] E3 31 AD 9A 5C A7 0B 62  28 53 45 CC 49 DC 02 25  .1..\..b (SE.I..% >[00E0] 73 5E 8C 22 8D D7 3A 1B  9D A1 86 CE 64 62 E7 37  s^."..:. ....db.7 >[00F0] 8F 89 74 5C EF C9 98 75  A5 14 D1 4E A7 D7 FA 3B  ..t\...u ...N...; >[0100] 66 51 6F 35 B8 5A 66 36  17 56 88 6A AE E6 EA 92  fQo5.Zf6 .V.j.... >[0110] CF 38 FE 53 24 45 E7 70  9D 84 61 AA 4E EF 47 88  .8.S$E.p ..a.N.G. >[0120] 3C DC 80 6B 8E 36 28 36  04 92 AE BF A9 40 63 DC  <..k.6(6 .....@c. >[0130] 8F 21 5F DB 43 13 69 0D  B9 75 59 09 92 DD DC 22  .!_.C.i. .uY...." >[0140] 4A 13 F3 BF 32 CD B6 70  D7 F1 2E A7 16 ED 1B 62  J...2..p .......b >[0150] B1 FE E0 B2 E6 5A 6F 7A  10 B0 E7 51 A4 9A D8 C2  .....Zoz ...Q.... >[0160] 6E 4C C0 A5 44 1B AF 4C  39 D8 B6 11 AB 3F 86 DB  nL..D..L 9....?.. >[0170] 08 16 5D DA 38 97 A1 0F  62 63 3E D1 E6 B5 A8 AB  ..].8... bc>..... >[0180] 0C CC 75 1B AA 65 69 FF  E2 84 37 A6 69 24 71 96  ..u..ei. ..7.i$q. >[0190] 4C 15 76 45 3B 3A A5 65  72 CB B9 88 A9 B2 CF D6  L.vE;:.e r....... >[01A0] 62 2B 44 E2 4F E4 4A 92  2E 02 5D CC D0 B0 F7 C5  b+D.O.J. ..]..... >[01B0] 9D 06 AE 29 6D 2C 22 BC  D8 D9 0F BB FC 34 F3 43  ...)m,". .....4.C >[01C0] 8C E9 3B 9B 2D 95 D6 F3  77 8B 0D FC DE F1 44 C8  ..;.-... w.....D. >[01D0] 71 FF 1D 08 EE 67 E8 50  3E 2B A9 EA 61 9A D0 F9  q....g.P >+..a... >[01E0] 10 3F 54 1D 7C 95 53 71  31 06 B8 FF C5 2B 70 FB  .?T.|.Sq 1....+p. >[01F0] C4 E2 45 9F 41 9F 00 6F  02 75 C0 F1 89 05 AD C2  ..E.A..o .u...... >[0200] 26 0D AC A5 A8 72 8A BE  83 A4 D8 76 04 11 72 94  &....r.. ...v..r. >[0210] 6C 88 C7 90                                        l... >                   password_expired        : 0x00 (0) >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000c (12) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x0000022d (557) >           context_id              : 0x0000 (0) >           opnum                   : 0x003a (58) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 12 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x001c (28) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000c (12) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000004 (4) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=4 >[0000] 00 00 00 00                                        .... >Got pdu len 28, data_len 4 >rpc_api_pipe_got_pdu: got frag len of 28 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 4 bytes. >    samr_SetUserInfo2: struct samr_SetUserInfo2 >       out: struct samr_SetUserInfo2 >           result                  : NT_STATUS_OK >    samr_Close: struct samr_Close >       in: struct samr_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : a3f56cd7-e54d-402e-816e-f4f79f536595 >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000d (13) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000014 (20) >           context_id              : 0x0000 (0) >           opnum                   : 0x0001 (1) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000d (13) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........ >[0010] 00 00 00 00 00 00 00 00                            ........ >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    samr_Close: struct samr_Close >       out: struct samr_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 00000000-0000-0000-0000-000000000000 >           result                  : NT_STATUS_OK >    samr_Close: struct samr_Close >       in: struct samr_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 3402afe8-676e-444f-a414-f05ac99fd4f6 >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000e (14) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000014 (20) >           context_id              : 0x0000 (0) >           opnum                   : 0x0001 (1) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000e (14) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........ >[0010] 00 00 00 00 00 00 00 00                            ........ >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    samr_Close: struct samr_Close >       out: struct samr_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 00000000-0000-0000-0000-000000000000 >           result                  : NT_STATUS_OK >    samr_Close: struct samr_Close >       in: struct samr_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : c4ba7153-ebb1-4dd5-bad5-738bdb6e627a >    &r: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_REQUEST (0) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0018 (24) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000f (15) >       u                       : union dcerpc_payload(case 0) >       request: struct dcerpc_request >           alloc_hint              : 0x00000014 (20) >           context_id              : 0x0000 (0) >           opnum                   : 0x0001 (1) >           object                  : union dcerpc_object(case 0) >           empty: struct dcerpc_empty >           stub_and_verifier       : DATA_BLOB length=0 >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test >signed SMB2 message (sign_algo_id=2) >rpc_read_send: data_to_read: 32 >    state->pkt: struct ncacn_packet >       rpc_vers                : 0x05 (5) >       rpc_vers_minor          : 0x00 (0) >       ptype                   : DCERPC_PKT_RESPONSE (2) >       pfc_flags               : 0x03 (3) >              1: DCERPC_PFC_FLAG_FIRST >              1: DCERPC_PFC_FLAG_LAST >              0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING >              0: DCERPC_PFC_FLAG_CONC_MPX >              0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE >              0: DCERPC_PFC_FLAG_MAYBE >              0: DCERPC_PFC_FLAG_OBJECT_UUID >       drep: ARRAY(4) >           [0]                     : 0x10 (16) >           [1]                     : 0x00 (0) >           [2]                     : 0x00 (0) >           [3]                     : 0x00 (0) >       frag_length             : 0x0030 (48) >       auth_length             : 0x0000 (0) >       call_id                 : 0x0000000f (15) >       u                       : union dcerpc_payload(case 2) >       response: struct dcerpc_response >           alloc_hint              : 0x00000018 (24) >           context_id              : 0x0000 (0) >           cancel_count            : 0x00 (0) >           reserved                : 0x00 (0) >           stub_and_verifier       : DATA_BLOB length=24 >[0000] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........ >[0010] 00 00 00 00 00 00 00 00                            ........ >Got pdu len 48, data_len 24 >rpc_api_pipe_got_pdu: got frag len of 48 at offset 0: NT_STATUS_OK >rpc_api_pipe: host WIN-841PV4HEK0O.dc2022.test returned 24 bytes. >    samr_Close: struct samr_Close >       out: struct samr_Close >           handle                  : * >               handle: struct policy_handle >                   handle_type             : 0x00000000 (0) >                   uuid                    : 00000000-0000-0000-0000-000000000000 >           result                  : NT_STATUS_OK >signed SMB2 message (sign_algo_id=2) >signed SMB2 message (sign_algo_id=2) >libnet_Join: >   libnet_JoinCtx: struct libnet_JoinCtx >       out: struct libnet_JoinCtx >           odj_provision_data      : NULL >           account_name            : 'OAK-VCS1307$' >           netbios_domain_name     : 'DC2022' >           dns_domain_name         : 'dc2022.test' >           forest_name             : 'dc2022.test' >           dn                      : NULL >           domain_guid             : 15a99073-0553-41da-9071-ff8270e0cf35 >           domain_sid              : * >               domain_sid              : S-1-5-21-2898537216-3988932908-2706489507 >           modified_config         : 0x00 (0) >           error_string            : 'Failed to set machine spn: Time limit exceeded >Do you have sufficient permissions to create machine accounts?' >           domain_is_ad            : 0x01 (1) >           set_encryption_types    : 0x00000000 (0) >           krb5_salt               : NULL >           dcinfo                  : * >               dcinfo: struct netr_DsRGetDCNameInfo >                   dc_unc                  : * >                       dc_unc                  : '\\WIN-841PV4HEK0O.dc2022.test' >                   dc_address              : * >                       dc_address              : '\\10.5.139.71' >                   dc_address_type         : DS_ADDRESS_TYPE_INET (1) >                   domain_guid             : 15a99073-0553-41da-9071-ff8270e0cf35 >                   domain_name             : * >                       domain_name             : 'dc2022.test' >                   forest_name             : * >                       forest_name             : 'dc2022.test' >                   dc_flags                : 0xe007f3fd (3758617597) >                          1: NBT_SERVER_PDC >                          1: NBT_SERVER_GC >                          1: NBT_SERVER_LDAP >                          1: NBT_SERVER_DS >                          1: NBT_SERVER_KDC >                          1: NBT_SERVER_TIMESERV >                          1: NBT_SERVER_CLOSEST >                          1: NBT_SERVER_WRITABLE >                          1: NBT_SERVER_GOOD_TIMESERV >                          0: NBT_SERVER_NDNC >                          0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 >                          1: NBT_SERVER_FULL_SECRET_DOMAIN_6 >                          1: NBT_SERVER_ADS_WEB_SERVICE >                          1: NBT_SERVER_DS_8 >                          1: NBT_SERVER_DS_9 >                          1: NBT_SERVER_DS_10 >                          1: NBT_SERVER_HAS_DNS_NAME >                          1: NBT_SERVER_IS_DEFAULT_NC >                          1: NBT_SERVER_FOREST_ROOT >                   dc_site_name            : * >                       dc_site_name            : 'Default-First-Site-Name' >                   client_site_name        : * >                       client_site_name        : 'Default-First-Site-Name' >           account_rid             : 0x00000459 (1113) >           result                  : WERR_GEN_FAILURE >Failed to join domain: Failed to set machine spn: Time limit exceeded >Do you have sufficient permissions to create machine accounts? >return code = -1 >msg_dgm_ref_destructor: refs=(nil) >root@oak-vcs1307:~# cat /etc/samba/smb.conf >  workgroup = DC2022 >  realm = DC2022.TEST >  security = ads >  idmap config * : backend = tdb >  idmap config * : range = 3000-7999 >  idmap config DC2022 : backend = rid >  idmap config DC2022 : range = 10000-999999 >  template homedir = /home/%U >  template shell = /bin/bash >  winbind use default domain = true >  winbind offline logon = false >root@oak-vcs1307:~# >root@oak-vcs1307:~# net ads info >LDAP server: 10.5.139.71 >LDAP server name: WIN-841PV4HEK0O.dc2022.test >Realm: DC2022.TEST >Bind Path: dc=DC2022,dc=TEST >LDAP port: 389 >Server time: Fri, 13 Oct 2023 06:30:32 UTC >KDC server: 10.5.139.71 >Server time offset: 6 >Last machine account password change: Thu, 01 Jan 1970 00:00:00 UTC >root@oak-vcs1307:~# >root@oak-vcs1307:~# net ads lookup >Information for Domain Controller: 10.5.139.71 > >Response Type: LOGON_SAM_LOGON_RESPONSE_EX >GUID: 15a99073-0553-41da-9071-ff8270e0cf35 >Flags: >           Is a PDC:                                  yes >           Is a GC of the forest:                     yes >           Is an LDAP server:                         yes >           Supports DS:                               yes >           Is running a KDC:                          yes >           Is running time services:                  yes >           Is the closest DC:                         yes >           Is writable:                               yes >           Has a hardware clock:                      yes >           Is a non-domain NC serviced by LDAP server: no >           Is NT6 DC that has some secrets:           no >           Is NT6 DC that has all secrets:            yes >           Runs Active Directory Web Services:        yes >           Runs on Windows 2012 or later:             yes >           Runs on Windows 2012R2 or later:           yes >           Runs on Windows 2016 or later:             yes >           Has a DNS name:                            no >           Is a default NC:                           no >           Is the forest root:                        no >Forest: dc2022.test >Domain: dc2022.test >Domain Controller: WIN-841PV4HEK0O.dc2022.test >Pre-Win2k Domain: DC2022 >Pre-Win2k Hostname: WIN-841PV4HEK0O >Server Site Name: Default-First-Site-Name >Client Site Name: Default-First-Site-Name >NT Version: 5 >LMNT Token: ffff >LM20 Token: ffff >root@oak-vcs1307:~# >Â
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18162">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15495
:
18157
| 18162 |
18163
|
18164